Re: geolocation privacy statement strawman

On Thu, Apr 30, 2009 at 5:00 PM, Angel Machín <angel.machin@gmail.com> wrote:
> Hi,
>
>> All permissions should be revocable, and User Agents must respect revoked permissions.
>
> I understand Andrei's point related to RFC 2119, but I still think it
> should be MUST.
> Perhaps, the last sentence of the first paragraph could be rewritten
> in this way:
>
> "User Agents must acquire permission through a user interface, unless
> they have prearranged trust relationships as described below. [...]
> All permissions acquired through the user interface MUST be revocable,
> and User Agents must respect revoked permissions."
>

Perhaps we should clarify even further:

"Those permissions permissions that are acquired through the user
interface and that are preserved beyond the current browsing context
(i.e. beyond the time when the browsing context is navigated to
another URL) must be revocable and UAs must respect revoked
permissions".

What do you think?
Andrei

Received on Thursday, 30 April 2009 16:31:25 UTC