[vibration] Rate limits to prevent excessive use (#48)

anssiko has just created a new issue for https://github.com/w3c/vibration:

== Rate limits to prevent excessive use ==
From https://github.com/w3c/security-request/issues/71:
> Limit API Usage
> Global: A global rate limit should be implemented to restrict the number of vibration requests made within a certain period (e.g., per minute or hour), preventing excessive use.
> 
> Session-Based: To prevent prolonged abuse, set session-based limits on the total vibration duration or number of vibrations that can occur during a single-user session.
> 
> Site-based: per site and subdomains
> 
> Threats and Attacks:
> 
> Draining Battery/User’s Resources DoS.

This proposal was [discussed](https://www.w3.org/2024/09/24-dap-minutes.html#t30) at TPAC 2024, conclusion:

> We're proposing to collect data from real-world users to understand what specific values to use for global rate limit that'd restrict the number of vibration requests made within a certain period. We will propose this in a future update to the specification when we have a large number of samples available to make an informed decision.

This issue is to gather data that's help make an informed decision on the limits, including feedback from web developers and users to understand use cases that may be affected by the limits.

Please view or discuss this issue at https://github.com/w3c/vibration/issues/48 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 24 October 2024 08:51:12 UTC