Re: static permission functions on Notification (was Feedback from Safari on Web Notifications)

On Mar 14, 2012, at 11:46 AM, Jon Lee wrote:

> 
> On Mar 13, 2012, at 1:49 PM, John Gregg <johnnyg@google.com> wrote:
> 
>> Well I agree that explicit permission models are not as good as implicit ones where that's possible. But some features do require explicit permission models, and I don't get the idea that simply having a single good way of doing that encourages bad behavior among feature designers.  I would hope that new features for the web platform (a relatively rare thing) are proceeding carefully as in this process here.
> 
> 
> Unfortunately, future spec authors might not proceed so thoughtfully. Spec authors already cite precedent as a reason for adopting existing patterns. After all, we should try to keep the Web platform coherent.
> 
> There are currently three different permissioning models used by Web APIs: implicit (drag-and-drop), on-demand (geolocation), and explicitly requested (notifications). Explicit permissioning is the least desirable of these three models, and we should discourage it whenever possible.
> 
> By only providing a generic API for explicit permissioning, we implicitly elevate that model to be the preferred approach for the whole Web platform. Thus far, the lack of a common API for *any* of the Web's permissioning models has forced spec authors to think hard about how permissioning should work in each case.
> 
> In another part of this thread, you said—and I agree—that providing the pattern to follow for explicit permissions is vitally important. We should consider writing a Note discussing the different permissioning models of Web APIs and the trade-offs among them. Spec authors could then refer to this Note when designing features requiring permissioning.
> 
> Jon


That sounds right.  We can add a non-normative advisory to implementors about using this explicit pattern.

Doug

Received on Thursday, 15 March 2012 02:00:54 UTC