[w3c/permissions] Model temporary permissions better (#86)

Right now, we have a single [permission store](https://w3c.github.io/permissions/#permission-store) that has basically one entry per permission per origin. This isn't rich enough to model UAs that can grant permission during the lifetime of a single tab.

I believe the basic cross-browser idea is that each [environment settings object](https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object) (tab visiting a particular page) has some grants and denials for various permissions ("local storage"). Each origin (roughly) also has some grants and denials stored in the browser as a whole ("global storage"). It may also be possible in some cases to continue using an object-capability (a `MediaStream` or series of `watchPosition` callbacks) even though no permission is stored even locally.

* When an environment settings object is created, it gets its initial local storage from the global storage for its origin.
* When permissions are requested inside a tab and the user makes a decision, that decision is stored in the settings object's storage and maybe also in the global storage, depending on the UA and the user's precise behavior. (e.g. Chrome generally records decisions in both the local and global storage, while Firefox defaults to recording grants in only the local storage unless the user opts into global storage.)
* When permissions are revoked through UI, Chrome only touches the global storage (this is arguably a bug), while Firefox sometimes revokes both the global and all local storages (location), but sometimes revokes only the global and current local storage (camera).

So the question is how to specify all of this flexibility.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/issues/86