- From: Martin Thomson <notifications@github.com>
- Date: Tue, 23 Mar 2021 17:53:10 -0700
- To: w3c/permissions <permissions@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/permissions/issues/231/805388266@github.com>
As this has a new home, I got new messages, so it might be a good opportunity to discuss the principles here. Recommendations on time-limiting grants are probably wise, but - at least in the past - there has been an explicit agreement between browser vendors that decisions about how permissions are granted to sites is at the sole discretion of the browser. That is, that aspect of browser implementation is not subject to standardization. That was a few years ago and we're all now much more sensitive to the privacy risks involved, so it is reasonable to suggest we discuss the question again. It is critical that we understand where the dividing line is between things that browsers are able to innovate and compete on without constraint and things that need to be agreed in a standards body. For me, I would be open to this specification being more opinionated about the limits on permission grants. Differences between browser behaviour is a real source of compatibility problems for us. I would only do that on the understanding that other browsers were similarly willing to engage. The first matter to discuss would be where that line is. I wouldn't want to discuss this specific issue, except to the extent that the example helps inform debate. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/permissions/issues/231#issuecomment-805388266
Received on Wednesday, 24 March 2021 00:53:22 UTC