Re: User agent context for rendering the presentation

On Mon, Aug 25, 2014 at 10:09 AM, Mark Watson <watsonm@netflix.com> wrote:
> Let's forget about apps and TVs and just consider regular UAs (one or two of
> them): All I am saying is that if the presenting page stores something in
> IndexedDB, then next time that same presenting page is loaded on the same UA
> it should be able to retrieve the stuff it stored in IndexedDB, unless the
> user has cleared it, of course. It had been proposed that IndexedDB is
> *always* cleared before a presenting page loads, and that's what I'm
> reacting to.
>
> As far as the controlling and presenting pages are concerned, they should
> not be able to distinguish the 1-UA and the 2-UA cases.
>
> I believe a consequence of this on UAs that support rendering both the
> presenting and controlling pages (i.e. a UA that supports the 1-UA case or a
> UA that supports both presenting and controlling sides of the 2-UA case) is
> that IndexedDB needs to be scoped not just by origin but by the pair (
> origin, presenting | controlling ).

I'm fine with allowing the presentation page to persist data across
restarts. I don't think that we can mandate it because UAs need to be
free to toss out data at will due to security/privacy/storage
policies.

Another issue is that UAs need to take care not to expose wrong user
data. If for example I used the presentation API to look at my
facebook feed on a TV, and then my room mate the next day uses his
laptop to do the same thing, I think both him and I would be
disappointed if the TV showed a jumble of his and my facebook data.

We could certainly say that it's the website's responsibility to make
sure to clear or separate any stored data if a different user
connects. And that if it doesn't do so it's a bug in the website. But
I think that would result in a lot of buggy websites.

It seems like a reasonable UA policy to make sure that if a new
session is established with a different identifier (as pass to
requestSession) that data previously created is not used. If this
means that the data is deleted, or if the UA keys its storage on not
just origin but also on session identifier, seems like a UA decision.

/ Jonas

Received on Tuesday, 26 August 2014 00:01:41 UTC