W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2018

fyi: W3C Workshop on Permissions and User Consent

From: =JeffH <Jeff.Hodges@Kingsmountain.com>
Date: Thu, 12 Jul 2018 11:02:40 -0700
To: W3C WebAuthn WG <public-webauthn@w3.org>
Message-ID: <093e77db-e07f-8a10-3eef-8945ca4586a3@Kingsmountain.com>
of possible interest:


Sensors, devices, and rich Web APIs bring novel and complex threats to 
user privacy along with their heightened capabilities. Users may have 
trouble understanding the nature of the information they disclose and 
the threats presented by those disclosures. Deciding when and how to 
seek a user’s consent (“permission”) or when that consent can be 
inferred or bypassed has been challenging, with different APIs, 
operating systems, and browsers handling things in different ways.

This workshop brings together security and privacy experts, UI/UX 
researchers, browser vendors, mobile OS developers, API authors, Web 
publishers and users to address the privacy, security and usability 
challenges presented by the complex and overlapping variety of 
permissions and consent systems that are currently presented for 
hardware sensors, device capabilities and applications on the Web.

The scope includes:

* user consent;

* bundling of permissions;

* lifetime/duration of permissions;

* permission inheritance to iframes and other embedded elements;

* relation to same origin policy;

* UIs and controls;

* interaction with private browsing modes;

* implicit permission grants;

* progressive permission grants;

* cross-stack permissions: how OS, browser, and web app permissions 

* permission transparency;

* relation to regulatory requirements;

* special considerations for systems that use the browser as a 
pass-through (e.g. EME and Web Authentication); and

* permissions/transparency/UI as it relates to display-less devices that 
connect to the Internet.

We aim to share experiences and user studies, leading to common 
understanding of when and how to seek user consent for use of various 
Web platform capabilities. We expect this workshop to lead to concrete 
and consistent guidance for API authors and implementers and to identify 
areas for further standardization or research. An important take-away 
from this workshop should be guidance on how Permissions APIs should be 
designed, both now and in the future, considering the rapid evolution of 
the web platform.

This workshop will build on the meeting on trust and permissions for Web 
applications held in 2014.

see the annoucement page for participation details:


Received on Thursday, 12 July 2018 18:03:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:52 UTC