- From: Charles Pritchard <chuck@jumis.com>
- Date: Wed, 23 Nov 2011 18:16:42 -0800
- To: Paul Kinlan <paulkinlan@google.com>
- CC: Tom Sepez <tsepez@chromium.org>, public-web-intents@w3.org
On 11/23/11 2:04 AM, Paul Kinlan wrote: > On Tue, Nov 22, 2011 at 8:28 PM, Tom Sepez<tsepez@chromium.org> wrote: >> Hi folks, >> Saw the email from James go by and thought I would send out a few comments >> following a cursory read >> of www.chromium.org/developers/design-documents/webintentsapi >> - Intent Provider Discovery: >> The User Agent discovers Intent Providers as a side-effect of visiting a web >> page. Presumably, before these are added to the User Agent's catalog of >> providers, there is user interaction required, in the form of a pop-up >> dialog or an infobar explaining that the Intent Provider site wants to > We should document that it should only happen for newly discovered > intents. I newly discovered intent is one that it is not in the UA's > dictionary, based off a action/type tuple. > > The assumption here is that it is ok to change the href as it is in > the same origin without prompting the user for action. > > The UA should remember denial of permission, if permanently selected > by the user, however that is not the case for a basic dismissal will > temporarily revoke the UA from installing the intent. > >> How does the user know that the title="" of the service actually matches the >> provider? Can I trick users into revealing their data by claiming to be >> title="picassa service" on my own evli website? Is the URL also displayed >> at registration time? This would be a strong suggestion. > Our demos show the domain of the service at invocation time and when > we register an intent it says something like "www.xyz.com would like > to add ... " This reminds me of the obtrusive behavior that was in Firefox for client side storage / applicationCache. It was most frustrating because applicationCache, like <intent> was static and in the markup. When I showed people my application, they were prompted with a permissions request, and that was always an unwelcome distraction. I got to the point of thinking that I really needed an "app.html" in addition to "index.html", but app.html would have the manifest/installed app semantics. I didn't follow-through with that, I just dropped app cache altogether during that period, so that users wouldn't be pestered when I was demonstrating an app to them on their machine. Now If I'd had access to API methods, I could have had a nice little "Install" or "Save" button, and that -would- request elevated permissions (to install app cache, etc). That seems to be the direction things are going with Chromium and it's chrome.app.install() style. -Charles
Received on Thursday, 24 November 2011 02:24:03 UTC