Re: [permissions] Let each permission refine its algorithms and store data. (#66)

Thanks for the comments!

> It initially hard to see which parts were external/exposed APIs vs internal constructs. e.g. PermissionDescriptor and PermissionStatus are external JS APIs - they must be complied with precisely whereas PermissionStorage is merely meant to help define storage behavior. Would it be helpful to draw a more clear line between those two groups?

Yeah. The traditional way to distinguish these would be to avoid describing `PermissionStorage` in IDL. However, that loses IDL's precision about what's stored, which I think is helping Bluetooth (I should be able to show you that tomorrow). I left a note saying `PermissionStorage` isn't exposed, but if you have other suggestions, I'm happy to take them.

>I also found it a bit hard to draw the distinction between required and recommended behaviors. It seems as though there should be room for UAs to handle permissions in ways that are outside of those currently specified behavior (for example, we have policy settings in Chrome that can override permissions). I don't think this is directly related to your edits.

Right, I think that's pre-existing. In most cases, I think we can say "the UA may customize the permission prompt, including auto-granting and auto-denying it" and "the UA may revoke at any time", and that's enough? I'd like to fix that in a separate PR, to keep this one from growing much more.

> In relation to the above two points, perhaps a top-down restructuring of the spec could be helpful? External APIs and high level, required behaviors specified first and per-API behaviors, more subtle recommended behaviors, implementation details, etc. specified after? I'm no spec writer though :)

Probably. Again, I want to keep rearrangements separate from the API extension.

> I didn't think we were going to draw a distinction between an origin-based and embedding-based permission storage identifier instead leaving it up to the UA. I just pinged Mounir asking about this because we had chatted about it earlier. If it turns out to be the case does the permission storage identifier need to vary per-permission?

Yeah, if it's always `PermissionName` + origin + UA-specific data, I think we can drop the identifier hook. I'll let Mounir confirm and then do that in my next update.

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/pull/66#issuecomment-196169250

Received on Monday, 14 March 2016 06:48:44 UTC