RE: Additional security and privacy considerations?

:)

If you want precedent, I ask Google to remember my gmail login - and it does.  However, after a little while (I'm not sure exactly how long) it asks me to re-authenticate.  It's not so much of a chore as long it's not too frequent.  Finding out just how frequent is the trick.

As for the notification, you still use the status bar for a discreet notification.  I don't think that what is being proposed needs to be highly visible, just accessible.

--Martin

> -----Original Message-----
> From: Doug Turner [mailto:doug.turner@gmail.com]
> Sent: Tuesday, 12 May 2009 2:15 PM
> To: Thomson, Martin
> Cc: Thomas Roessler; public-geolocation@w3.org; Rigo Wenning
> Subject: Re: Additional security and privacy considerations?
> 
> > A discreet notification that a page as requested (and maybe
> > received) location information might go a long way.  By keeping the
> > information visible, users no longer have the maze to negotiate.
> > This might be similar to the notification that a popup has been
> > blocked, or that the site has been authenticated.  Not to malign
> > Doug's fine work in any way or to pick on Firefox in particular, but
> > using the latest Firefox beta there isn't any feedback once the
> > initial permission is granted.
> 
> Thanks! ;-)
> 
> As I mentioned to the group, these sort of notifications are either
> too small or unnoticeable to be of value, or are too large and flash
> to be pleasing.
> 
> >
> > As for permission expiration, it might make sense to provide
> > configuration to limit the time.  I doubt that it would be an
> > imposition to acquire permission on a regular basis.  To me, daily
> > would be a chore, I am lazy enough to appreciate the use of cookies
> > and authentication that persists for several days.  Of course, we
> > should be careful to ensure that this form of laziness does not turn
> > into users granting an open licence.  The scenario you cite is one
> > I'd be very keen to prevent.  With this in mind I'd be OK with a
> > default of a day, but I might be inclined to bump the value up to
> > about a week if I could.
> 
> 
> It might be a great idea for some UA to experiment with a "Remember
> for 7 days" UI and offer us feedback, but my initial impression is
> that when told to remember, we shouldn't forget.
> 
> Regards,
> Doug Turner

------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]

Received on Tuesday, 12 May 2009 04:30:04 UTC