- From: Brian LeRoux <brian.leroux@westcoastlogic.com>
- Date: Wed, 7 Oct 2009 07:30:32 -0700
- To: Paddy Byers <paddy.byers@gmail.com>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, ext Marcin Hanclik <Marcin.Hanclik@access-company.com>, Device APIs and Policy Working Group WG <public-device-apis@w3.org>
Rather than runtime dialogues, which do create a *terrible* user experience, can we consider a one time startup dialogue (similar to what is seen in android applications) that warns the user about what apis the application wants access to. On Wed, Oct 7, 2009 at 5:45 AM, Paddy Byers <paddy.byers@gmail.com> wrote: > Hi, > >> I was suggesting the extreme approach for *security* dialogs, since it >> seems to be a security not-best-practice, and taking an extreme point might >> help with making a decision by eliciting responses... >> >> Given the arguments in the position papers, I'm wondering why we shouldn't >> say something in DAP about this. > > I think it is absolutely right that this is considered and something is said > about it. > > However, there will probably continue to be situations where dialogs at > runtime (rather than solely at installation time) are unavoidable, depending > on the kind of security decision a user is being asked to make. > > I would definitely welcome a design approach that eliminated the need for > modal prompts, along the lines of the Mozilla position paper, for example by > ensuring that all APIs that potentially cause prompts are asynchronous. > > Beyond that, I think we should probably avoid prescription wherever possible > in respect of user experience for prompts or other permissions-related user > configuration. > > I was thinking more along the lines of a requirement for now on our spec, > rather than a requirement on a User Agent - stating that the spec > [SHOULD|MUST] be capable of implementation without modal security prompts > during the execution of a web application. > > Thanks - Paddy > >
Received on Wednesday, 7 October 2009 14:31:05 UTC