[whatwg] Proposal for a web application descriptor from Ian Hickson on 2011-07-26 (public-whatwg-archive@w3.org from July 2011)

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 26 Jul 2011 21:44:44 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1107261949340.2079@ps20323.dreamhostps.com>
On Fri, 29 Apr 2011, Simon Heckmann wrote:
> 
> I have read a lot in the last month about the future of html and web 
> applications and I am very impressed by the progress this makes. 
> However, I have come across some thing that annoys me: Permissions. I 
> know they are important and I know they are needed but currently I find 
> this quite inconvenient. And with more and more permissions coming up 
> this might get worse so I spent some time thinking about it.
> 
> I have written a short document covering my proposal: 
> www.simonheckmann.de/download/Proposal.pdf (3 pages, ~200KB)
> 
> It should just take only a few minutes to read and includes examples and 
> screenshots. I am really looking forward to hearing your thoughts on 
> this. Please feel free to share this idea with whomever you want to. If 
> you think I should post this proposal somewhere else please say so.

Robert O'Callahan posted a good response:

http://weblogs.mozillazine.org/roc/archives/2011/06/permissions_for.html

In short, the better solution isn't to ask for permissions up-front, but 
to ask for fewer permissions. The ideal solution is to not ask for any 
permission but to base the permission on a natural user gesture. For 
example, drag-and-drop of files to a site doesn't require permissions, but 
it is an implicit permission grant. Same with <input type=file>. With 
getUserMedia() we are doing something similar: instead of asking for 
permission, the user is asked for a specific input to be selected.

Permission grants are a bug.


On Sat, 30 Apr 2011, Glenn Maynard wrote:
> 
> I'd wonder what their response is to Android; the problems on that 
> platform are obvious.  The result is exactly as you say: people end up 
> giving up and just accepting everything.
> 
> (The permissions request for Skype includes: "read contact data, write 
> contact data, coarse (network-based) location, full Internet access, act 
> as an account authenticator, manage the accounts list, user the 
> authentication credentials of an account, modify/delete USB storage 
> contents, change your audio settings, record audio, read phone state and 
> identity, disable keylock, modify global system settings, prevent phone 
> from sleeping, retrieve running applications, write sync settings, view 
> network state, view Wi-Fi state, control vibrator, read sync settings, 
> read sync statistics, discover known accounts".  It's hopeless; if "take 
> out a mortgage on your house" was in there, nobody would notice.)
> 
> Of course, asking each of these while using the application would also 
> be painfully annoying, and it's not obvious how to make permissions 
> meaningful to the user (eg. when you use its feature) while also scaling 
> to lots of permissions.

Indeed. The system shouldn't ask for any permissions. For example instead 
of reading contact data, it could cause the OS to pop up a contacts list 
from which you can pick a contact to give access to it to the app.


On Sun, 1 May 2011, Robert O'Callahan wrote:
> 
> Notifications are a particularly hard case for the principle of 
> requesting permissions in response to user action, because the whole 
> point of notifications is that they happen when the user isn't giving 
> the application attention :-).

My proposal for notifications was to have them default to being just 
inside the page (nothing that a <div> couldn't do), but that they would 
include explicit UI to promote them to full-system notifications; and 
vice-versa, so a system notification could be demoted back to just in-page 
notification with a similar gesture.


On Tue, 3 May 2011, Cameron Heavon-Jones wrote:
> 
> The quantity of permission requests can be managed in an effective 
> manner by the agent allowing the user to store their preferences for the 
> next command or as a universal setting.

That doesn't work. It might be appropriate for Bing Maps to have access to 
my Geolocation information, but I certainly don't want some random blog to 
have access to it. Defaults don't work here.


> For web applications to specify their required permissions would seem to 
> introduce a duplication of specification. If a web application includes 
> an image file upload which the user chooses to capture from webcam, 
> first how is the application to know that the user would use a web cam?

There's no need for the app to know. It can just allow the user to upload 
a photo, and the browser can offer to use the webcam.



I haven't added anythign to the spec in relation to this proposal.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 26 July 2011 14:44:44 UTC