W3C home > Mailing lists > Public > public-device-apis@w3.org > October 2009

(wrong string) €” General]

From: Brian LeRoux <brian.leroux@westcoastlogic.com>
Date: Wed, 7 Oct 2009 07:30:32 -0700
Message-ID: <a4bcf6320910070730t38c8de05u343ae05b7daa8599@mail.gmail.com>
To: Paddy Byers <paddy.byers@gmail.com>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, ext Marcin Hanclik <Marcin.Hanclik@access-company.com>, Device APIs and Policy Working Group WG <public-device-apis@w3.org>
Rather than runtime dialogues, which do create a *terrible* user
experience, can we consider a one time startup dialogue (similar to
what is seen in android applications) that warns the user about what
apis the application wants access to.

On Wed, Oct 7, 2009 at 5:45 AM, Paddy Byers <paddy.byers@gmail.com> wrote:
> Hi,
>
>> I was suggesting the extreme approach for *security* dialogs, since it
>> seems to be a security not-best-practice, and taking an extreme point might
>> help with making a decision by eliciting responses...
>>
>> Given the arguments in the position papers, I'm wondering why we shouldn't
>> say something in DAP about this.
>
> I think it is absolutely right that this is considered and something is said
> about it.
>
> However, there will probably continue to be situations where dialogs at
> runtime (rather than solely at installation time) are unavoidable, depending
> on the kind of security decision a user is being asked to make.
>
> I would definitely welcome a design approach that eliminated the need for
> modal prompts, along the lines of the Mozilla position paper, for example by
> ensuring that all APIs that potentially cause prompts are asynchronous.
>
> Beyond that, I think we should probably avoid prescription wherever possible
> in respect of user experience for prompts or other permissions-related user
> configuration.
>
> I was thinking more along the lines of a requirement for now on our spec,
> rather than a requirement on a User Agent - stating that the spec
> [SHOULD|MUST] be capable of implementation without modal security prompts
> during the execution of a web application.
>
> Thanks - Paddy
>
>
Received on Wednesday, 7 October 2009 14:31:05 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:39 UTC