[w3c/push-api] Permission Revocation - English language clarification (Issue #361) from Karl Dubost on 2023-09-26 (public-webapps-github@w3.org from September 2023)

From: Karl Dubost <notifications@github.com>
Date: Mon, 25 Sep 2023 22:38:11 -0700
To: w3c/push-api <push-api@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/push-api/issues/361@github.com>

In the [security and privacy considerations](https://w3c.github.io/push-api/#security-and-privacy-considerations), there is this section about revocation. To note that this is the only section of the specification where revocation is explained.


> When a permission is revoked, the [user agent](https://w3c.github.io/push-api/#dfn-user-agent) MAY [fire the "pushsubscriptionchange" event](https://w3c.github.io/push-api/#dfn-fire-the-pushsubscriptionchange-event) for subscriptions created with that permission, with the [service worker registration](https://www.w3.org/TR/service-workers/#dfn-service-worker-registration) associated with the [push subscription](https://w3c.github.io/push-api/#dfn-push-subscription) as registration, a [PushSubscription](https://w3c.github.io/push-api/#dom-pushsubscription) instance representing the [push subscription](https://w3c.github.io/push-api/#dfn-push-subscription) as oldSubscription, and null as newSubscription. The [user agent](https://w3c.github.io/push-api/#dfn-user-agent) MUST [deactivate](https://w3c.github.io/push-api/#dfn-deactivate) the affected subscriptions in parallel.

It has too many with in a row to make it clear (at least for ESL like me). 
Would there be a way to rephrase this to make it clear? I put the red dots where it starts to be confusing in the level of English nesting. 

**When a permission is revoked**, 

* the [user agent](https://w3c.github.io/push-api/#dfn-user-agent) MAY [fire the "pushsubscriptionchange" event](https://w3c.github.io/push-api/#dfn-fire-the-pushsubscriptionchange-event) 
    * for subscriptions created with that permission
    *  🔴 with the [service worker registration](https://www.w3.org/TR/service-workers/#dfn-service-worker-registration) associated with the [push subscription](https://w3c.github.io/push-api/#dfn-push-subscription) as registration, 
    * 🔴 a [PushSubscription](https://w3c.github.io/push-api/#dom-pushsubscription) instance representing  
        * the [push subscription](https://w3c.github.io/push-api/#dfn-push-subscription) as `oldSubscription`, 
        * and `null` as `newSubscription`. 
 * The [user agent](https://w3c.github.io/push-api/#dfn-user-agent) MUST [deactivate](https://w3c.github.io/push-api/#dfn-deactivate) the affected subscriptions in parallel.


## Other mentions of revocation.

Then in [10.5 The pushsubscriptionchange Event](https://w3c.github.io/push-api/#the-pushsubscriptionchange-event)

> The [pushsubscriptionchange](https://w3c.github.io/push-api/#dfn-pushsubscriptionchange) event indicates a change in a [push subscription](https://w3c.github.io/push-api/#dfn-push-subscription) that was triggered outside of the application's control, for example because it has been refreshed, revoked or lost.


And in the security and privacy section with 

> Permissions that are preserved beyond the current browsing session MUST be revocable.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/issues/361
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/push-api/issues/361@github.com>

Received on Tuesday, 26 September 2023 05:38:16 UTC