- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 12 May 2009 18:32:47 +0200
- To: Doug Turner <doug.turner@gmail.com>
- Cc: public-geolocation@w3.org, Rigo Wenning <rigo@w3.org>
On 12 May 2009, at 17:15, Doug Turner wrote: > tlr, i appreciate your thought on this matter. You are right about > legislators designing UI -- it isn't a good idea. > > Fwiw, (and again I believe out of scope for the w3c!) we are > considering exposing permissions granting decisions via "Larry". *snip* > Again all of this, i believe is _out_ of scope. Nothing you said there implies that the requirements I was proposing are unimplementable, so let's try to get back to the part that's _in_ scope. These requirements are: 1. Have an signal of sorts when location information is passed to a Web application. 2. Use that indicator as a hook for some UI that enables revocation of authorization. Again, I don't know what that indicator ought to look or sound or feel like, and I'm not suggesting to describe the details of that kind of UI in the spec. > Which part of the specification should say consent must not be > consider to last for longer than two days -- the UA part or the > location recipient part? The UA part. The point is to contain the effect of users granting authorization accidentally. The scope limitation in time would be for the user's decision to authorize the web site to use the geolocation API. So, after a day, the UI used to authorize use of geolocation would reappear, even if the user had said "remember my decision." As I said earlier, I don't know what the right balance is in time. Perhaps there ought to be some exponential back-off for the user interactions (taking up your earlier suggestion of the 5 interactions), perhaps it's a threshold -- I don't think that needs to go into the spec. The main point will be to impose some upper limit on the amount of time that a consent is good for.
Received on Tuesday, 12 May 2009 16:33:00 UTC