W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: Proposal for a Permissions API

From: Vincent Scheib <scheib@google.com>
Date: Thu, 4 Sep 2014 17:00:15 -0700
Message-ID: <CAK-EfXneO_e_krn5jPjYspuQnGXqHDYF58MMjSmsPdVyGp=MUg@mail.gmail.com>
To: Florian Bösch <pyalot@gmail.com>
Cc: noloader@gmail.com, Webapps WG <public-webapps@w3.org>
On Thu, Sep 4, 2014 at 1:50 PM, Florian Bösch <pyalot@gmail.com> wrote:

>
> Well, the motivation to ask for permission up front is so that you later
> don't have to pester the user. Everytime you poll a user, there's a
> possibility he'll not see the prompt (happens to me pretty frequently in
> chrome and firefox) and stuff won't work and the site makes a sad face.
> Putting it up front is one way to avoid a bad user experience. It's likely
> APIs that require permissions will proliferate, which makes it more likely
> to run into the bad cases.
>
> There are other motivations to put permissions up-front though. For
> instance if you enter pointerlock, then in order to click on the
> permissions, the browser needs to throw the user out of pointerlock, but
> you're not getting back into pointerlock by itself, so you need to reaquire
> it, which necessitates a user interaction.
>
> Sometimes a set of functionality (like say geolocation and user media) is
> often requested together, so it makes it again more likely to run into the
> bad cases. Pointerlock & fullscreen solved this issue by coalescing the
> permission for both into a single dialog if both are requested.
>
>
Merging pointer lock and fullscreen requests has worked well in Chrome,
particularly allowing that merging to happen independently of request order
or timing allowing for them to be joined after a delay. Additional UI
presentations of this merging have been considered over time and the
browser has great flexibility in how to guide the user through an informed
choice. Continuing to support the browser merging requests is valuable.

Merging doesn't require an API specifically built to bundle, also as
demonstrated by pointer lock and fullscreen which Chrome merges without a
unified or explicit API. However, code legibility, maintainability, and
developer intent would all benefit.

Ability to merge also doesn't imply that a webpage can not offer
interstitial explanation of requests to increase user engagement.

I'd also argue that users who click through unwarranted large permissions
groups in order to access simple apps such as flashlights are just as
likely to click multiple times to sequential requests.
Received on Friday, 5 September 2014 00:01:12 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:16 UTC