Re: [w3c/permissions] Semantic Permission Bundles (#191) from Marcos Cáceres on 2021-08-27 (public-webapps-github@w3.org from August 2021)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 26 Aug 2021 17:33:02 -0700
To: w3c/permissions <permissions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/permissions/issues/191/906833874@github.com>

@anssiko wrote
> As for sensors, I recall the consensus of the group was that bundling to a single permission would regress in terms of privacy protections, albeit it'd improve developer ergonomics. So the high-level use case would be privacy. This was quite a complex issue and it was extensively discussed. I put this to the TPAC agenda w3c/devicesensors-wg#47 so we can have another discussion.

Discussing at TPAC sounds great... and yeah, it's a hard problem for the reasons you outline. 

Basically, @tomayac summed it up nicely with:

> could potentially just be "motion-sensors" rather than all of "accelerometer", "gyroscope", and "magnetometer"

I'm wondering, in Chrome, what permission UI does "motion sensors" control?: 
![motion sensor selector](https://user-images.githubusercontent.com/870154/131051130-0d8e6a62-1099-456d-ad9c-3fb62b34097d.png)

@tomayac wrote:
> Not sure to what extent this needed to be spec'ed, or to what extent this could just be something apps can ask for and the UA would then display in a combined prompt with maybe opt-out options so by default users could accept the whole bundle, but also have individual control. 

Yeah, this is the core of my question... as a developer, do I want to `.query()` for each of the device sensors, or just for "motion-sensors"? I'm kinda torn here, as I see advantages/disadvantages to both. But basically, if "motion-sensors" enables and disables all the APIs, then one could `query({name: "motion-sensors"})`, and then call `.requestPermission()` on the appropriate API. 

However, `AccelerometerPermissionDescriptor` seems to have specific requirements like `highAccuracy` and `highFrequency`... are those surfaced in a Permissions UI? (I'm sorry, I'm not able to check these things myself - I'm lacking an Android mobile device).  

@reillyeon wrote:
> The only open question I see that is raised by trying to specify the behavior of those methods is whether DeviceOrientationEvent.requestPermission() requests "magnetometer" or not. One option is that it does, but if "magnetometer" is denied then the overall request can still succeed but the deviceorientationabsolute event is not available.

Agree. This is also what I'm trying to understand. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/issues/191#issuecomment-906833874

Received on Friday, 27 August 2021 00:33:16 UTC