- From: Tom Ritter <tom@ritter.vg>
- Date: Fri, 18 May 2018 13:41:07 -0500
- To: tink@tink.uk
- Cc: public-webapps@w3.org
Hi all, I've been working to review the draft and have questions. I think some of these might be able to be turned into issues on github but I wanted to start a discussion first. 1) I have read in the past that the id field sometimes contains things like a serial number. Obviously this presents a very persistent tracking identifier. Mozilla says: in Firefox it will contain three pieces of information separated by dashes (-): Two 4-digit hexadecimal strings containing the USB vendor and product id of the controller The name of the controller as provided by the driver. https://developer.mozilla.org/en-US/docs/Web/API/Gamepad/id How is this exposed in other browsers? It seems like it would be advantageous to require this string to _not_ contain uniquely identifying information and to Non-normatively suggest an algorithm to do so. 2) I'm confused by getGamepads: a) why, in the example, is there a leading 'null'? Is it indicating there are two gamepads but not giving you information about the first one? Why? b) "Gamepads MUST only appear in the list if they are currently connected to the user agent, and at least one device has been interacted with by the user." - that's great. But what does "interacted with by the user" mean? Ever since process start? For this origin? 3) Gamepads are in the long tail of things that make the web a great experience but are used very infrequently. Can this API be designed to support a permission by making things like getGamepads async? UAs don't _need_ to implement a permission, but with synchronous APIs it becomes _impossible_ to gate releasing user information via a permission. 4) There doesn't seem to be any information about gamepadconnected and disconnected as it relates to 'device has been interacted with by the user'. If I plug in a device, will my origins receive the connected event? And then will every origin subsequently visit be able to query my game pad because I interacted with it? -tom On 17 May 2018 at 03:28, Léonie Watson <tink@tink.uk> wrote: > Hello Web Security, > > We would welcome your review of the Gamepad API specification [1], as part > of our wide review before transitioning to Candidate recommendation (CR). > > If there are any issues arising from your review, please file them on the > Gamepad Github repo [2], and apply the "wide review" and "security" labels > to each issue. This will help us track your comments and respond > accordingly. > > If there are no issues arising from your review, please let us know by reply > to this thread. > > We would appreciate your comments no later than Friday 27th June 2018. Thank > you. > > Léonie on behalf of the WebPlat Chairs and Gamepad Editors > [1] https://www.w3.org/TR/2018/WD-gamepad-20180508/ > [2] https://github.com/w3c/gamepad/issues/new/ > > -- > @LeonieWatson @tink@toot.cafe Carpe diem >
Received on Friday, 18 May 2018 18:41:54 UTC