[w3c/permissions] Gauging interest in a Permission Handler API? (#224) from Julien Cayzac on 2020-10-15 (public-webapps-github@w3.org from October 2020)

From: Julien Cayzac <notifications@github.com>
Date: Thu, 15 Oct 2020 00:34:07 -0700
To: w3c/permissions <permissions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/permissions/issues/224@github.com>

Hello,

The Permission API currently [freezes](https://www.w3.org/TR/permissions/#enumdef-permissionname) the list of supported permission names. Has there already been any discussion about opening this to 3rd-party permission handlers, similarly to how the [Payment Handler API](https://www.w3.org/TR/payment-handler/) allows 3rd parties to install new payment instruments for use with the Payment Request API, using [service worker registration](https://www.w3.org/TR/service-workers-1/#service-worker-registration-concept)?

This would allow web developers to use a single API to query permissions not only for the APIs and features provided by browser vendors but also APIs and features provided by non-browser applications rendering 3rd-party web content using webviews.

One practical example is webview-based "mini-apps" running in a native application. I am currently building such a platform, and allowing 3rd-party web developers to check for end-user permissions using the standard Permissions API they're familiar with make for a better design overall. Similarly to how the Payment Handler API operates, I can imagine a near future where web developers creating progressive web apps compatible with our mini-apps platform would simply make calls like:

```js
const canAccessOrderHistory = await navigator.permissions.query({
  handler: 'https://account.rakuten.com/me',
  name: 'order-history',
})

const canAccessUserInfo = await navigator.permission.query({
  handler: 'https://account.rakuten.com/me',
  name: 'profile',
  info: ['name', 'phone', 'email'],
})
```

…and where the returned promise would produce an indeterminate `null` value if there is no registered handler by the specified name.

Do you see any major problem with the idea? Do you think this could be part of a Permission API L2 draft, or that it should be a separate document (like Payment Handler is separate from Payment Request) ?

Thank you.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/issues/224

Received on Thursday, 15 October 2020 07:34:20 UTC