- From: Michael Wasserman <notifications@github.com>
- Date: Fri, 29 May 2020 16:45:33 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/413/636238460@github.com>
Thank you for your feedback and patience! I hope you find my responses and changes helpful, and I look forward to iterating further with additional input. @hober thanks for your feedback and patience, I hope you find these responses helpful: > We also have concerns about how this intersects with ongoing work for foldable screens #472. This work is complimentary to Foldable Screens [#472](https://github.com/w3ctag/design-reviews/issues/472). That proposal offers simple tools to support content spanning the single fold of a dual-screen device. [Screen Enumeration](https://github.com/webscreens/screen-enumeration) and [Window Placement](https://github.com/webscreens/window-placement) (TAG review request imminent) aims to support a broader range of multi-screen and multi-window scenarios with lower-level information (eg. 3+ screens, 2 heterogeneous or misaligned screens, separate windows on separate screens, etc.). > An additional observation is that there's an explicit non-goal of exposing all the OS screen APIs yet this proposal seems to do so. The goal is to expose a reasonable set of info for web applications to make informed use of the available screen space; that will require exposing some limited new information, but care has been taken to select the most valuable subset of available information. The spirit of the rephrased [non-goal](https://github.com/webscreens/screen-enumeration/blob/master/EXPLAINER.md#non-goals) is to avoid exposing extraneous or especially identifying information (eg. EDID), and avoid exposing APIs to control the configuration of display devices. > we’ve also raised webscreens/screen-enumeration#23. I posted a couple comments there, and want to explore ways to support requests for limited screen information. Please let me know if you have any thoughts regarding my comments there. @lknik Thank you for your [Security and Privacy](https://github.com/webscreens/screen-enumeration/blob/master/security_and_privacy.md) review and comments, I hope you find the latest changes there and these responses helpful: > > Each of the new display properties chosen for this API makes a non-replaceable contribution. Removal or constraining of any property may degrade the user experience. Some properties offer more value than others, and some are more relevant to the proposed use cases than others. Care should be taken to choose those properties offering the most value to the most important use cases. > > > It has been suggested that user agents themselves could provide a UI for selecting where content is presented, but this is cumbersome for users and prohibitively limiting for web applications. This also offers no meaningful value over the existing cumbersome manual placement of windows by users. > > Can't we simplify to "for each display we need same information as is currently offered by existing screen object"? We do not discuss the contents of the screen object, but the inflation of (many) screen objects. I modified [the section](https://github.com/webscreens/screen-enumeration/blob/master/security_and_privacy.md#22-is-this-specification-exposing-the-minimum-amount-of-information-necessary-to-power-the-feature) to separate the goals of exposing multiple screens and new screen properties , both of which are valuable. > > 2.3 This API does not expose such information. Any exposed information may identify the machine, but not its user. > > Information allowing to identify the user's machine is more or less identifying the user, so you're saying the opposite. Maybe at least remove the 2nd sentence? You're right, I revised [the section](https://github.com/webscreens/screen-enumeration/blob/master/security_and_privacy.md#23-how-does-this-specification-deal-with-personal-information-or-personally-identifiable-information-or-information-derived-thereof) to accurately convey that new information is exposed that could be used to help identify a device, and mention the possibility to gate access upon user permission. > > 2.6 This API proposes exposing some additional properties for each of the displays connected to the device; see Section 2.1 for a complete list. > > The complete list seems to be X*12-15 static objects (some of them dynamic; with X the number of screens). I added a comparable summary in [this section](https://github.com/webscreens/screen-enumeration/blob/master/security_and_privacy.md#26-what-information-from-the-underlying-platform-eg-configuration-data-is-exposed-by-this-specification-to-an-origin) and added screen.[avail]top/left in section 2.1. > > 2.7 Does this specification allow an origin access to sensors on a user’s device? No. > > It does on the other hand inform if the display has an accelerometer, which would make it simpler to direct a malicious script to an appropriate window. I added a note to this effect in [the section](https://github.com/webscreens/screen-enumeration/blob/master/security_and_privacy.md#27-does-this-specification-allow-an-origin-access-to-sensors-on-a-users-device). > > 2.8 "The following display properties are currently exposed ..." > > So we can today access all the device screens already? Wouldn't it be more useful to enumerate the new identifiers to be exposed, which is the above 12-15 numbers per each screen, which is not currently easily available? I rewrote [this section](https://github.com/webscreens/screen-enumeration/blob/master/security_and_privacy.md#28-what-data-does-this-specification-expose-to-an-origin-please-also-document-what-data-is-identical-to-data-exposed-by-other-features-in-the-same-or-different-contexts) to give a more pointed answer to its question, including the difference of the single screen available to each window and the full set of screens, and a summary of what's currently available for each considered/proposed property. > > To mitigate this issue, user permission is required to access the display > > Do I see it correctly that this API will be gated behind permissions? Yes, user permission should be a critical consideration of any browser that might adopt something like this proposal, and the asynchronous getScreens() should enable user-facing permission prompts. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/413#issuecomment-636238460
Received on Friday, 29 May 2020 23:45:48 UTC