- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 26 Jul 2011 21:44:44 +0000 (UTC)
On Fri, 29 Apr 2011, Simon Heckmann wrote: > > I have read a lot in the last month about the future of html and web > applications and I am very impressed by the progress this makes. > However, I have come across some thing that annoys me: Permissions. I > know they are important and I know they are needed but currently I find > this quite inconvenient. And with more and more permissions coming up > this might get worse so I spent some time thinking about it. > > I have written a short document covering my proposal: > www.simonheckmann.de/download/Proposal.pdf (3 pages, ~200KB) > > It should just take only a few minutes to read and includes examples and > screenshots. I am really looking forward to hearing your thoughts on > this. Please feel free to share this idea with whomever you want to. If > you think I should post this proposal somewhere else please say so. Robert O'Callahan posted a good response: http://weblogs.mozillazine.org/roc/archives/2011/06/permissions_for.html In short, the better solution isn't to ask for permissions up-front, but to ask for fewer permissions. The ideal solution is to not ask for any permission but to base the permission on a natural user gesture. For example, drag-and-drop of files to a site doesn't require permissions, but it is an implicit permission grant. Same with <input type=file>. With getUserMedia() we are doing something similar: instead of asking for permission, the user is asked for a specific input to be selected. Permission grants are a bug. On Sat, 30 Apr 2011, Glenn Maynard wrote: > > I'd wonder what their response is to Android; the problems on that > platform are obvious. The result is exactly as you say: people end up > giving up and just accepting everything. > > (The permissions request for Skype includes: "read contact data, write > contact data, coarse (network-based) location, full Internet access, act > as an account authenticator, manage the accounts list, user the > authentication credentials of an account, modify/delete USB storage > contents, change your audio settings, record audio, read phone state and > identity, disable keylock, modify global system settings, prevent phone > from sleeping, retrieve running applications, write sync settings, view > network state, view Wi-Fi state, control vibrator, read sync settings, > read sync statistics, discover known accounts". It's hopeless; if "take > out a mortgage on your house" was in there, nobody would notice.) > > Of course, asking each of these while using the application would also > be painfully annoying, and it's not obvious how to make permissions > meaningful to the user (eg. when you use its feature) while also scaling > to lots of permissions. Indeed. The system shouldn't ask for any permissions. For example instead of reading contact data, it could cause the OS to pop up a contacts list from which you can pick a contact to give access to it to the app. On Sun, 1 May 2011, Robert O'Callahan wrote: > > Notifications are a particularly hard case for the principle of > requesting permissions in response to user action, because the whole > point of notifications is that they happen when the user isn't giving > the application attention :-). My proposal for notifications was to have them default to being just inside the page (nothing that a <div> couldn't do), but that they would include explicit UI to promote them to full-system notifications; and vice-versa, so a system notification could be demoted back to just in-page notification with a similar gesture. On Tue, 3 May 2011, Cameron Heavon-Jones wrote: > > The quantity of permission requests can be managed in an effective > manner by the agent allowing the user to store their preferences for the > next command or as a universal setting. That doesn't work. It might be appropriate for Bing Maps to have access to my Geolocation information, but I certainly don't want some random blog to have access to it. Defaults don't work here. > For web applications to specify their required permissions would seem to > introduce a duplication of specification. If a web application includes > an image file upload which the user chooses to capture from webcam, > first how is the application to know that the user would use a web cam? There's no need for the app to know. It can just allow the user to upload a photo, and the browser can offer to use the webcam. I haven't added anythign to the spec in relation to this proposal. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 26 July 2011 14:44:44 UTC