Re: [w3c/permissions] Define permission lifetimes (#287) from Marcos Cáceres on 2021-11-12 (public-webapps-github@w3.org from November 2021)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 11 Nov 2021 17:22:50 -0800
To: w3c/permissions <permissions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/permissions/pull/287/review/804340533@github.com>

@marcoscaceres commented on this pull request.



> +                a particular permission remains [=permission/granted=] before it reverts back to
+                its default [=permission state=]. The lifetime is negotiated between the end-user
+                and the [=user agent=] when the user gives [=express permission=] to use a
+                [=feature=] - usually via some permission UI or policy.
+              </p>
+              <p>
+                Specifications that identify themselves as a [=powerful feature=] SHOULD suggest a
+                [=permission=] [=permission/lifetime=] that is best suited for the particular
+                feature. Some guidance on determining the lifetime of a permission is noted below,
+                with a strong emphasis on user privacy. If no [=permission/lifetime=] is specified,
+                the user agent provides one.
+              </p>
+              <p>
+                When the permission [=permission/lifetime=] expires for an origin, and if there are
+                [=browsing contexts=] present pertaining to the [=permission=]'s associated origin,
+                the user agent MUST run the [=powerful feature/permission revocation algorithm=].

Yeah, something like that could work... will add it. 

BTW: I think we need to relook at the "permission revocation algorithm"... it seems to call it self recursively. 

> +                and the [=user agent=] when the user gives [=express permission=] to use a
+                [=feature=] - usually via some permission UI or policy.
+              </p>
+              <p>
+                Specifications that identify themselves as a [=powerful feature=] SHOULD suggest a
+                [=permission=] [=permission/lifetime=] that is best suited for the particular
+                feature. Some guidance on determining the lifetime of a permission is noted below,
+                with a strong emphasis on user privacy. If no [=permission/lifetime=] is specified,
+                the user agent provides one.
+              </p>
+              <p>
+                When the permission [=permission/lifetime=] expires for an origin, and if there are
+                [=browsing contexts=] present pertaining to the [=permission=]'s associated origin,
+                the user agent MUST run the [=powerful feature/permission revocation algorithm=].
+                Alternatively, if there is no [=browsing contexts=] present, the user agent MUST
+                revoke a permission for the origin by setting it back to its default [=permission

Good suggestion. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/pull/287#discussion_r747917285

Received on Friday, 12 November 2021 01:23:02 UTC