W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2020

Re: [geolocation-api] Explicitly limit permission lifetimes (#47)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Tue, 30 Jun 2020 15:30:04 +0000
To: public-geolocation@w3.org
Message-ID: <issue_comment.created-651869059-1593531003-sysbot+gh@w3.org>
>If so then this seems like something with a greater scope than just the Geolocation API and should be brought up in the WebAppSec WG as an extension to the Permissions API.

I second this proposal. Rather than trying to retrofit the new API surface in an ad-hoc manner into every spec separately I see the benefit of this feature being an extension to the Permissions API to ensure all the specs that take a dependency on that API get the benefit. We need platform-level consistency for this.

For the Geolocation API spec, the right place to explain the UX for permission lifetime would be either the normative [Privacy considerations for implementers of the Geolocation API](https://w3c.github.io/geolocation-api/#privacy_for_uas) or non-normative [Additional implementation considerations](https://w3c.github.io/geolocation-api/#implementation_considerations) depending on whether we find consensus on normative language that works for implementers who want to innovate in terms of UX.

This group is chartered to coordinate closely with Web Application Security Working Group exactly because the Permissions API matter to several specifications in this group, so please go ahead @pes10k and open an issue in the Permissions API repo for consideration.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/geolocation-api/issues/47#issuecomment-651869059 using your GitHub account
Received on Tuesday, 30 June 2020 15:30:06 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 30 June 2020 15:30:07 UTC