[w3ctag/design-reviews] HIDDevice forget() (Issue #703) from François Beaufort on 2021-12-27 (public-webapps-github@w3.org from December 2021)

From: François Beaufort <notifications@github.com>
Date: Mon, 27 Dec 2021 01:18:33 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/703@github.com>

Braw mornin' TAG!

I'm requesting a TAG review of the `forget()` method for `HIDDevice`.

The `forget()` method allows web developers to voluntarily revoke a permission to a `HIDDevice` that was granted by a user.

Some sites may not be interested in retaining long-term permissions to access a HID device. For example, for an educational web application used on a shared computer with many devices, a large number of accumulated user-generated permissions creates a poor user experience. In addition to user agent mitigations to avoid this problem, such as defaulting to a session scoped permission on the first request or expiring infrequently used permissions, it should be possible for the site itself to clean up user-generated permissions it is no longer interested in retaining.

```js
// Request any HID device.
const [device] = await navigator.hid.requestDevice({ filters: [] });

// Then later... revoke permission to the HID device.
await device.forget();
```

⚠️ We expect similar functionality in Web Bluetooth, WebUSB, and the Serial API to be added.

  - Explainer¹ (minimally containing user needs and example code): https://github.com/WICG/webhid/pull/84

  - User research: None
  - Security and Privacy self-review²: None yet for this specific feature - https://github.com/WICG/webhid/blob/gh-pages/security-and-privacy-questionnaire.md is the one for WebHID
  - GitHub repo (if you prefer feedback filed there): [url]
  - Primary contacts (and their relationship to the specification):
      - François Beaufort (@beaufortfrancois, Google)
      - Matt Reynolds (@nondebug, Google)
  - Organization/project driving the design: WICG
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): https://chromestatus.com/feature/5723581527883776


Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): WICG
  - The group where standardization of this work is intended to be done ("unknown" if not known):
  - Existing major pieces of multi-stakeholder review or discussion of this design:
  - Major unresolved issues with or opposition to this design:
  - This work is being funded by: Google

You should also know that we're eager to hear the TAG's opinion on a method like this given that `navigator.permissions.revoke()` is non-standard.

We'd prefer the TAG provide feedback as:

  💬 leave review feedback as a **comment in this issue** and @-notify @beaufortfrancois

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/703

You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/703@github.com>

Received on Monday, 27 December 2021 09:18:46 UTC