- From: John Lyle <john.lyle@cs.ox.ac.uk>
- Date: Fri, 27 Jul 2012 11:58:00 +0100
- To: public-web-intents@w3.org
On 25/07/12 18:22, Greg Billock wrote: > > My argument is that what this means is that if that service is trying > to pass this data (explicitly) to another service, they'll just use > some other way to do it. I think this is an unnecessary and possibly > deleterious complication we should not introduce. > This is probably a stupid question, but what should my expectations be as an intent service provider? If I am an intent service, should I assume that the fact I'm receiving data originally from an intent invocation implies that there has been some form of user consent through the user agent for this action? Because for normal intent invocation that seems reasonable. But for explicit intents, that isn't the case. For example: an intent service which 'shares' an image by posting it to my social network profile. If all intents require user consent then the social network intent service doesn't necessarily need to implement a consent stage itself. After all, it may know that the request is coming from an authenticated user session, and the expected use pattern of clicking on a 'share' button is a pretty good indicator of consent. Should all intent services should provide an authorisation step (or perhas an 'undo' step) when they receive a request made via intents? Thanks, John -- John Lyle Research Assistant Department of Computer Science, University of Oxford
Received on Friday, 27 July 2012 10:58:09 UTC