Re: Proposal for a web application descriptor from Glenn Maynard on 2011-05-02 (public-webapps@w3.org from April to June 2011)

From: Glenn Maynard <glenn@zewt.org>
Date: Mon, 2 May 2011 11:36:00 -0400
To: Simon Heckmann <simon@simonheckmann.de>
Cc: public-webapps@w3.org
Message-ID: <BANLkTinD+SjaXuRGEU+6z9NOmVYvkV-ARw@mail.gmail.com>

On Mon, May 2, 2011 at 4:04 AM, Simon Heckmann <simon@simonheckmann.de> wrote:
> There is a new version of the proposal out:
> http://www.simonheckmann.de/proposal/draft2

> This gets problematic when a browser has to ask for several permissions at the same time. Figure 1 illustrates this behaviour as seen in Google Chrome.

Note that this can be improved without introducing new API.  There
aren't many permissions *yet*, so browsers havn't had much reason to
put time into designing their permissions prompts to handling asking
for multiple permissions simultaneously.  In Chrome's cast, just
aligning the "allow/deny" buttons would be a usability improvement, so
when "allow" at the top is clicked, the next "allow" button is always
directly under the mouse.  See the attached image for another possible
UI.  (Implementing this securely would be a little tricky: the user
might click "allow all" right as a third permission comes in.  It
would probably need to group permissions by when they're displayed, so
if two or three permissions come in at once they'll have an allow-all
button for the group, but if a fourth one comes along a second later
it *won't* be merged into the existing allow-all button.)

There are still possible arguments for allowing (but not requiring!)
sites to batch their permissions all at once, but the current state of
browsers doesn't seem like one of them--there are plenty of ways that
might be improved first.

Also, although I see how you're attempting to address the "Android
problem", the current mechanism is still much better.  It's instantly
obvious why a browser is asking "allow this site to access your
microphone?" if I just clicked "record a memo".  Having a security
question be so obvious is a huge win.  Letting me make a security
decision at the time it matters, when I'm naturally thinking about
what it's asking about--instead of having to make them all in
advance--is also a huge win.  Adding a textual explanation for each
permission only helps a little.

-- 
Glenn Maynard

Attachments

image/png attachment: allow.png

Received on Monday, 2 May 2011 15:36:28 UTC