- From: Jeffrey Yasskin <notifications@github.com>
- Date: Thu, 14 Sep 2023 02:56:24 -0700
- To: w3c/permissions <permissions@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/permissions/pull/420/review/1626490969@github.com>
@jyasskin commented on this pull request.
> + permission data constraints=] for |name|. If [=administrator=] configuration affected the
+ result, the [=user agent=] must inform the user.
</li>
I think this is how to integrate Chrome's [WebUsbAllowDevicesForUrls](https://chromeenterprise.google/policies/#WebUsbAllowDevicesForUrls) policy, which I believe adds to the set of devices that https://wicg.github.io/webusb/#dom-usb-getdevices returns by default. @reillyeon might correct me.
This text says to inform the user if configuration affects the result either by adding or removing things. Is that right, or should we only inform the user if admin configuration adds to the page's abilities?
> @@ -817,18 +821,31 @@ <h3 id="requesting-more-permission">
<li>If <var>current state</var> is not {{PermissionState/"prompt"}}, return <var>current
state</var> and abort these steps.
</li>
- <li>Ask the user for <a>express permission</a> for the calling algorithm to use the
- <a>powerful feature</a> described by |descriptor|.
+ <li>If the [=user agent=] has an [=administrator=] who has configured the [=user agent=]
+ to grant or deny permission for the calling algorithm to use the <a>powerful feature</a>
+ described by |descriptor|:
+ <ol>
+ <li>Set |current state| to {{PermissionState/"granted"}} if the [=administrator=]
+ granted permission; otherwise to {{PermissionState/"denied"}}.</li>
+ <li>Inform the user of the [=administrator=]'s configuration.</li>
Similarly here, should we only inform the user if the admin configuration forced a 'grant' result?
> @@ -1308,6 +1325,12 @@ <h2 id="privacy-considerations">
A user agent SHOULD provide a means for the user to review, update, and reset the
[=permission=] [=permission/state=] of [=powerful features=] associated with an [=origin=].
</p>
+ <p>
+ Some [=user agents=] support <dfn data-lt="administrator">administrators</dfn> who can
I expect the `<dfn>` to move somewhere else, perhaps Infra, in the future, but I think the discussion about putting it there will be easier if it's already used in a spec or two first.
> @@ -817,18 +821,31 @@ <h3 id="requesting-more-permission">
<li>If <var>current state</var> is not {{PermissionState/"prompt"}}, return <var>current
state</var> and abort these steps.
</li>
- <li>Ask the user for <a>express permission</a> for the calling algorithm to use the
- <a>powerful feature</a> described by |descriptor|.
+ <li>If the [=user agent=] has an [=administrator=] who has configured the [=user agent=]
This implies that administrators are always using enterprise policy, while https://w3ctag.github.io/privacy-principles/#dfn-administrator implies that a user who owns their own device is that device's administrator. We could make either meaning work, but this meaning seems to produce simpler spec text. If we go with this, we should eventually rewrite the Privacy Principles to match.
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/pull/420#pullrequestreview-1626490969
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/permissions/pull/420/review/1626490969@github.com>
Received on Thursday, 14 September 2023 09:56:30 UTC