making permissions viewable from Alissa Cooper on 2010-07-15 (public-device-apis@w3.org from July 2010)

From: Alissa Cooper <acooper@cdt.org>
Date: Thu, 15 Jul 2010 14:04:01 +0100
To: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Message-Id: <E0CDDAEE-E4B6-47C0-97B6-AAE5EA3D70CC@cdt.org>

In the new privacy considerations in Sys Info (and in Contacts and  
Geolocation and perhaps other APIs), it says:

"Those permissions that are acquired through the user interface and  
that are preserved beyond the current browsing session (i.e. beyond  
the time when the browsing context, as defined in HTML5, is navigated  
to another URL) must be revocable and a user agent must respect  
revoked permissions."

I would suggest the following edit:

"Those permissions that are acquired through the user interface and  
that are preserved beyond the current browsing session (i.e. beyond  
the time when the browsing context, as defined in HTML5, is navigated  
to another URL) must be viewable and revocable. User agents  must  
respect revoked permissions."

This may seem unnecessary, but I think it's important for users to be  
able to see which sites they gave permissions to and for which device  
info, whether they feel like revoking those permissions or just want  
to review them. Plus, I think we should avoid the situation where the  
only revocation mechanism is some global reset that revokes all  
previously granted permissions without showing users what those  
permissions are.

Alissa

Received on Thursday, 15 July 2010 13:04:37 UTC