W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2011

[whatwg] Proposal for a web application descriptor

From: Glenn Maynard <glenn@zewt.org>
Date: Fri, 29 Apr 2011 19:41:18 -0400
Message-ID: <BANLkTi=z=8_oE-GhfFCVSiaoQ4H782jzFQ@mail.gmail.com>
On Fri, Apr 29, 2011 at 6:40 PM, Simon Heckmann <simon at simonheckmann.de>wrote:

> > Some challenges include:
> >
> >  *  how to justify the request to the user being asked to grant the
> privileges
> >     starting with a text string and a link to more information
>
> Well, this is what I thought of: The users visit a website they have never
> visited before. A notifications pops up allowing them to set all permissions
> required for this page. The users might not trust the site yet so they do
> not grant all permissions immediately.


There's a more common issue: when you ask me for a bunch of permissions at
once, I don't know why you want them.  This happens constantly with Android
apps: you install a simple notepad or clock app, and it'll ask for Internet
access and the ability to make phone calls, and you don't know why.

This is why--in general--I like the model so far: the user is asked for
permission in response to actually doing something that uses a feature.  In
the notepad app, you're asked for permission to access the internet when you
select "sync notes to your desktop PC"; it's immediately obvious why it's
asking for it.  (That's an Android example, of course, not a web app
example.)

Hopefully the ultimate solution will deal with both, allowing UAs the option
of asking all at once or on-demand, depending on the situation.  (Some
permissions inherently have to be asked in advance, like Web Notifications,
which doesn't happen in response to a user action.)

-- 
Glenn Maynard
Received on Friday, 29 April 2011 16:41:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:03 GMT