Re: Agenda - Distributed Meeting 2010-06-02

On Wed, Jun 9, 2010 at 2:34 AM,  <Frederick.Hirsch@nokia.com> wrote:
> For agenda item #4, policy, please add
>
> Agree to update Policy Requirements as in proposal?
>
> Please see http://lists.w3.org/Archives/Public/public-device-apis/2010Jun/0065.html

Frederik, at http://lists.w3.org/Archives/Public/public-device-apis/2010Jun/att-0065/Proposal.html#prompts
it says, "Prompts should be eliminated whenever possible."

What is the alternative to prompts?  A set of defaults and a control
panel for changing them? In any case, that should probably be spelled
out.  I can not agree to suggesting that user shouldn't be prompted
each time a remote service uses a microphone, camera, file, contact
database, or other local resource, if they haven't already given
permanent permission for that access.  I am not opposed to the idea of
a security policy containing defaults with that permanent permission
in the case, for example, of corporate access to a contacts database
on corporate-issued devices.

I would much prefer to have an opt-in system, where the user is
presented with the choice to either allow or deny access to resources
when those accesses are attempted, with the user able to decide
whether to remember their choice for accesses from the same service in
the future as well, along with the ability to review and change that
choice at any time.

What was the motivation to eliminating prompts?  I assure you, opt-out
security systems go much worse in practice than opt-in; this has
proven to be the case in at least a dozen high-profile security breach
situations over the past couple decades.

Regards,
James Salsman

Received on Wednesday, 9 June 2010 12:57:37 UTC