Re: [geolocation-api] Section 3: Why only "SHOULD" for protection of privacy? (#54)

> As mentioned above, neither Chrome or Firefox are in compliance with a MUST requirement because of their support for granting permissions through group policy which means the user does not grant express permission.

Group policy is still something that needs to be opted into (by some "super"-user setting the policy for the group). I don't think that invalidates the requirement, in that "the group" has made an express decision to enable this permission by policy. The requirement is still that the user agent doesn't just allow access to geolocation.

> I would like to see this section of the specification rewritten to reference the permission check/request steps from the Permissions API rather than having its own bespoke requirements. The current structure is very weird because permissions are essentially a note which says "never mind all the steps above, do this first." We should make permission checking part of the algorithms for getCurrentPosition() and watchPosition().

Agree - and that's a great suggestion. Will look into updating that. 

-- 
GitHub Notification of comment by marcoscaceres
Please view or discuss this issue at https://github.com/w3c/geolocation-api/issues/54#issuecomment-804547442 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 23 March 2021 03:05:01 UTC