Re: Notifications from John Gregg on 2010-02-03 (public-webapps@w3.org from January to March 2010)

From: John Gregg <johnnyg@google.com>
Date: Wed, 3 Feb 2010 15:36:26 -0800
To: Drew Wilson <atwilson@google.com>
Cc: Anne van Kesteren <annevk@opera.com>, Olli@pettay.fi, public-webapps <public-webapps@w3.org>
Message-ID: <5ce7a0db1002031536n45626fdcw1ebebf9d09d25@mail.gmail.com>

On Wed, Feb 3, 2010 at 3:09 PM, Drew Wilson <atwilson@google.com> wrote:
>
> On Wed, Feb 3, 2010 at 2:50 PM, Anne van Kesteren <annevk@opera.com>wrote:
>
>> On Wed, 03 Feb 2010 23:40:23 +0100, John Gregg <johnnyg@google.com>
>> wrote:
>>
>>> Yes, this makes sense; I am changing the draft spec to have a
>>> permissionLevel attribute.  I think having access to the permission level
>>> is important for the same reasons as Drew gave: the site should know whether
>>> to display permissions UI in advance of having a notification to show.
>>>
>>
>> The design Hixie once made for notifications was much nicer I thought.
>> Initially you would get tab-scoped in-browser notifications but the user
>> could opt-in (maybe when the first of such notifications was shown) into
>> system-wide notifications. The application would not have to know either way
>> and the user is not forced to click through permission dialog in order to
>> see something.
>>
>> It's still available in one of the older copies of HTML5:
>> http://www.w3.org/TR/2008/WD-html5-20080610/web-browsers.html#notifications
>>
>>
> That's an interesting option (fallback to in-tab display if the parent
> context does not have permission). BTW, I'd note that supporting this would
> not preclude continuing to provide a way for an app to explicitly request a
> permission grant, as a way for guiding users to setup the app as a trusted
> notification source. The alternative would be for applications to have
> UA-specific directions directing the user to click on specific items in the
> UA chrome ("If you want new mail notifications to appear on your desktop,
> click on the smiley face in the notification titlebar") which is a more
> clunky user flow.
>
>
I'm familiar with that version of the proposal (in fact my WHATWG proposal
from March '09 had the same language: untrusted notifications displayed
in-browser), but considering it more I think it is too limiting. Considering
widgets, mobile browsers, browser extensions, workers (already in the spec),
etc., which all might want to use this API, it's potentially many different
forms of UI for untrusted notifications---where do they go, how is it clear
where they came from?  Compare that to a single place outside the browser,
with a clear source displayed, once trust is established.  I prefer the
latter.

In the case the first notification from an application is an important one,
that app should be able to request permission for out-of-tab notifications
beforehand; for that reason I'm convinced requestPermission() is desirable.
 However beyond that, perhaps the spec should be flexible; if a UA wants to
treat PERMISSION_UNKNOWN as "show in-tab" rather than "throw exception", the
spec could allow it -- but I don't think it should require it.  Would that
be acceptable?

 -John

Received on Wednesday, 3 February 2010 23:37:00 UTC