- From: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
- Date: Wed, 18 Sep 2013 17:43:38 +1000
- To: cowwoc <cowwoc@bbs.darktech.org>
- Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
I like either of these proposals. As long as my customers are not asked to press "Allow" 4 times when I try to activate 3 cameras (and make a call to find out what cameras are attached), I'm happy. Silvia. On Wed, Sep 18, 2013 at 4:18 AM, cowwoc <cowwoc@bbs.darktech.org> wrote: > On 17/09/2013 2:14 PM, cowwoc wrote: >> >> On 15/09/2013 8:07 PM, Silvia Pfeiffer wrote: >>> >>> On Mon, Sep 16, 2013 at 8:54 AM, Harald Alvestrand <harald@alvestrand.no> >>> wrote: >>>> >>>> On 09/09/2013 04:02 PM, Stefan Håkansson LK wrote: >>>>> >>>>> Putting my chair hat on, >>>>> >>>>> the discussion regarding adding an explicit "get access to media" call >>>>> seems to be leaning towards that this is something we should not do. >>>>> >>>>> Unless more people speak up saying they want this I will close the bug, >>>>> with a comment saying there was not support to add this, later this >>>>> week. >>>>> >>>>> Stefan >>>>> >>>> Just to say a final word here: >>>> >>>> I feel that the arguments put forward by Anne, Robert and Martin are >>>> wrong. >>>> In trying to prevent a particular class of bad application behaviours, >>>> they are taking away the ability to write good applications that can do >>>> what's right for the user. >>>> >>>> I believe that having the asking for permissions be an action that is >>>> triggered explicitly by Javascript can give better user interfaces to >>>> better applications than having the triggering of the same asking for >>>> permission be implicit in a Javascript action whose purpose is something >>>> else can. >>>> >>>> We're sacrificing the ability to write great applications in order to >>>> make it harder to write bad ones. >>>> >>>> But I accept that my viewpoint, so far, has not found consensus in the >>>> group, and will accept my chair's decision to close the bug as WONTFIX / >>>> Working as intended, if that remains the position of the rest of the >>>> group. >>> >>> I have a gut feeling that Harald is correct, but I don't have any data >>> to make a case yet. >>> >>> I hope the group will be open to reconsider introducing an explicit JS >>> permission call in future once we have more experience with the >>> current interface and whether or not it is sufficient. >> >> >> I'd like to suggest a possible compromise (borrowing the idea from >> Java): >> >> We continue prompting the user for individual permissions, but we add >> "Always trust this provider". By the time users get a second prompt, or >> visit the site a second time, they are likely to select this option which >> basically says "provide this provider with any permission they ask for". >> >> Users who want fine-grained control get it. Users who couldn't care >> less (your typical grandmother) will suppress all further checks. I don't >> think there is a value in asking "your grandmother" for permissions multiple >> times because (in my experience) they don't really read the prompt before >> confirming (due to user fatigue and lack of technical background) so >> providing this option isn't really a security hazard. > > > Or (probably even better) we prompt users for one permission at a time, > but give them the option to review all permissions and accept them at once. > It's a hybrid between Harald's proposal and Java's "Always trust this > provider". > > It would look something like this: "foobar.com would like to use your > Webcam. [Accept] [Reject] [Review all permissions]" > > Clicking on "Review all permissions" would bring up a panel similar to > Android, listing all permissions and allowing the user to grant them all at > once. > > Gili >
Received on Wednesday, 18 September 2013 07:44:25 UTC