[permissions] Analysis of permissions handling and TAG presentation

Hi,

In our previous discussions, permission management was one of the the
topics that were raised as potential blockers for the proper development
of the Web as a platform on mobile device.

During our Shenzhen F2F, I took an action item  (ACTION-93) to re-raise
this topic to the W3C Technical Architecture Group (TAG).

I was kindly invited to their F2F meeting yesterday to discuss this
topic; in the process, I updated the presentation I had prepared on the
topic two years ago (and which presented in Shenzhen):
http://www.w3.org/2014/Talks/dhm-tag-permissions/

The major new piece in the presentation is some research I quickly
conducted in preparation for the meeting: I looked at all the features I
knew of that require user consent and that I could run on my laptop,
created example codes that triggered these user consent requests, ran
them on Firefox and Chrome, captured screenshots of the resulting UI,
and documented the various themes that emerged.

The result of that work is visible in:
https://github.com/dontcallmedom/web-permissions-req/

In particular:
* I built a table that summarizes the various approaches taken across
APIs/features:
http://dontcallmedom.github.io/web-permissions-req/matrix.html

* the screenshots are at
https://github.com/dontcallmedom/web-permissions-req/screenshots/

* the code snippets are at:
https://github.com/dontcallmedom/web-permissions-req/tests/
and can be run from
http://dontcallmedom.github.io/dontcallmedom/web-permissions-req/tests/...
A particular fun one is
http://dontcallmedom.github.io/web-permissions-req/tests/all.html which
run all the permission requests at once, with the following result in
Chrome:
http://dontcallmedom.github.io/web-permissions-req/screenshots/all-chromium.png

I presented the result of that work to the TAG and they were quite
receptive to the need of stronger coordination in this space. 

In particular, Alex Russell took an action item to see which best
practices could be extracted from the various approaches, and to try and
identify targets for more convergence across APIs:
https://www.w3.org/2001/tag/group/track/users/43338

Dan Appelquist took an action item to ask WG Chairs about which of their
APIs require user consent:
https://www.w3.org/2001/tag/group/track/actions/850

I indicated that our group was willing to help in progressing this topic
further.

I already have some ideas as to what could be usefully done:
* as highlighted in the repo
https://github.com/dontcallmedom/web-permissions-req/#todo collecting
more screenshots of more permissions from more browsers on more devices

* start collecting relevant research papers on permission management;
this was already started in
http://www.w3.org/wiki/Mobile/articles#API_Permissions but I feel there
must be a lot more available out there — if anyone has contacts in the
HCI academic world, this would be a great thing to ask e.g. a student to
build

Dom

Received on Thursday, 9 January 2014 09:53:16 UTC