Re: Reminder - trust & permissions meeting 3-4 September, Paris from Marcos Caceres on 2014-07-16 (public-sysapps@w3.org from July 2014)

From: Marcos Caceres <w3c@marcosc.com>
Date: Wed, 16 Jul 2014 16:10:26 -0400
To: Dave Raggett <dsr@w3.org>
Cc: public-sysapps@w3.org
Message-ID: <3FABE76101F34376837820061EB6C1A7@marcosc.com>
Hi Dave,

On Wednesday, July 16, 2014 at 5:18 AM, Dave Raggett wrote:

> p.s. I've added a link to the draft white paper I am writing surveying
> native, hybrid and web based platforms and invite your comments and
> corrections, see:
> 
> http://www.w3.org/2014/05/wp-trust-permissions/Overview.html 

The paper is great in bringing together this info in one place. It's quite helpful.

However, I think the paper is conflating the availability of APIs with permissions. Personally, I don't think it's very useful to list the APIs for which permissions are granted (at least, in each section... maybe nice as an appendix - but it really doesn't add much value). The only exception would be if there is some special permissions dialog for a particular API. What is of more value is to understand why each platform takes the approach that they do - and actual evidence about the success and failures of each approach.

The same about how permissions are expressed (i.e., in JSON file or XML or through the API). It's somewhat interesting, but not very important IMO. At least, not as important as the dialogs that are presented to the user and how users respond to those permissions when they have them in front of them at particular times.  Or what happens when multiple permissions are needed at once. Or how they disable them (which you show nicely for iOS, but not for other platforms or for browsers). 

Also, there are some sections that can be dropped: like Xamarin/Mono, Telerik, Appcelerator Titanium, Qt, etc. and so on don't add anything useful to the discussion. Please remove them. Same with Web frameworks - they don't have anything to do with permissions (AFAICT). Same goes with jQuery, Dojo, etc. etc. They all just rely on the Web's security/permission model. Same with Sencha Touch. You can safely drop them. 

What is currently in the document about PhoneGap's relationship to Cordova is incorrect. PhoneGap is a commercial product of Cordova (i.e., phonegap is not dead ... far from it! :) ).
 
WAC 2.0 can be removed. There were no deployments of that thing, so there is no value in even talking about it (because we can't assess its success in any meaningful way). It's all theoretical/vapor-ware and hence of no value to the discussion. Same applies with webinos, I believe (unless webinos did some actual user research). 

In the Firefox OS section, both of the quoted statements are demonstrably false (and have nothing to do with permissions). Please remove them from the document. The firefox os section should discuss how we prompt (or don't prompt) for things - rather then the permission level. When FxOS doesn't prompt, the truth of the matter is that API permission is really granted by the review performed by a human being (the app store reviewer, in saying "yes, this is ok to put in our store - here is a digital signature for your troubles") or a business relationship - in the case of certified APIs. That model clearly doesn't scale to the Web.... an no! you can't quote me on that in the document ;)  

Overall - In my mind, what is really missing is the actual research that academia or others has been doing into permissions. I would be interested to see what actual users understand or don't from the various models employed by various platforms.  

The conclusions reached in the "future directions" are not grounded in evidence, AFACT. It would be great if they were because then we could have more meaningful/data-driven discussion about each permission model. The same goes for the observations (which read a bit like recommendations/requirements) made in that section.  

I also think the paper is sorely lacking a meaningful discussion of what has been done right/wrong on the Web. For example, the way the Fullscreen api's permission works. And how geolocation API works the same across the Web and iOS.  The same with WebRTC and other permissions dialogs we encounter in browsers and how users manage those (e.g., pointer lock). In fact, the browsers seem to be completely neglected from the document. 

Please see Boris Smus write up on the topic of browser-based permissions: http://smus.com/installable-webapps/

HTH! 

-- 
Marcos Caceres
Received on Wednesday, 16 July 2014 20:11:00 UTC