Re: [w3c/permissions] Editorial: Relationship to the Permissions Policy specification (#264) from =JeffH on 2021-12-02 (public-webapps-github@w3.org from December 2021)

From: =JeffH <notifications@github.com>
Date: Wed, 01 Dec 2021 16:23:09 -0800
To: w3c/permissions <permissions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/permissions/pull/264/c984178181@github.com>

Apologies for missing this, I was on leave across Aug 2021.

WRT:
> Would it make sense to have parallel text in the Permissions Policy specification as well?

I think it would make sense  have parallel text in the Permissions Policy specification.  Note that there is [issue #166](https://github.com/w3c/webappsec-permissions-policy/issues/166) "Delineate relationship between Feature Policy and Permissions" wrt the Permissions Policy specification ;-)

WRT [the text this PR added](https://www.w3.org/TR/permissions/#relationship-to-permissions-policy) to the Permissions spec, it seems to be _only implied_ that where a given feature is _both_ a powerful feature, and is _also_ subject to permissions policy, that the feature's "policy-controlled feature token" (as defined in the feature's specification), and in the Permissions spec's [`PermissionName`](https://www.w3.org/TR/permissions/#dom-permissionname) enum (aka "Powerful features registry"), _can_ be the same, but (I am guessing) do not _have_ to be the same.  Though, I am guessing that the intent is for them to be the same (I cannot quickly find an example where they are not the same). In any case, whatever the requirement is, it ought to be stated explicitly.

E.g., the strings "[camera](https://www.w3.org/TR/permissions/#dom-permissionname-camera)" and "[microphone](https://www.w3.org/TR/permissions/#dom-permissionname-microphone)" are both defined as [powerful feature names](https://www.w3.org/TR/permissions/#dfn-name) and are _also_ declared as [policy-controlled feature tokens (aka "strings")](https://www.w3.org/TR/mediacapture-streams/#permissions-policy-integration).  

Additionally, I find this statement in ([the text this PR added](https://www.w3.org/TR/permissions/#relationship-to-permissions-policy)) confusing:
> The APIs and features in scope for the Permissions Policy specification go beyond those identified in this specification's PermissionName enum (e.g., "sync-xhr" and "gamepad").

...because:  neither "sync-xhr" nor "gamepad" are permission names (i.e., enum values within [`PermissionName`](https://www.w3.org/TR/permissions/#dom-permissionname)) -- so it is not obviously clear what using those policy-controlled feature tokens (aka "strings") as examples is intended to mean.  Clarification would be good.








-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/pull/264#issuecomment-984178181

Received on Thursday, 2 December 2021 00:23:22 UTC