-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
describe implicitly-granted (chooser-based) permissions #178
Comments
https://w3c.github.io/permissions/#prompt-the-user-to-choose anticipates folks integrating with file upload and screenshare choosers, and was co-designed with the Bluetooth and USB device choosers. I call these chooser-based permission rather than implicit ones, since the user is actually more explicit about what they want to grant access to. It is still useful to query() the status of these permissions, since they can be So, in general, yes, I'd welcome patches to add more chooser-based permissions to the registry. @raymeskhoury, are you still the right contact for Permission Delegation? @clelland, this overlaps some with the Feature Policy names. |
@jyasskin, when you say that there's overlap, which names are you thinking of? Anything with a permission should already have an associated feature which can be controlled with Feature Policy, and it looks like this mechanism just uses the same names to invoke the chooser as well? Feature Policy should control the underlying permission state, forcing it to |
If Permission Delegation defines any new names that aren't defined by the Permissions spec, those should be covered by the Feature Policy names too. There may be nothing for you to do here, but I wanted to double-check that. |
Summary of Issue #178 (Thanks ChatGPT) Context: Key Points:
Conclusion: |
So, I think this is an interesting idea - my proposal is to close here, but we keep #377 open as a pointer to it, if and when a UA decides they need the infrastructure to implement these types of permission. |
The registry section of the Permissions API spec should describe implicitly granted permissions (such as file upload or screenshare of a window) in addition to the explicitly granted ones that it currently describes.
I mentioned this initially in w3ctag/design-reviews#225 (comment) in the context of the proposal for Permission Delegation discussed in that issue.
The background here is that some permissions for powerful capabilities on the web (e.g., geolocation) are granted by explicitly asking the user about that permission. The current permissions API spec and the capabilities it provides are designed around this type of permission.
However, there are a set of permissions that are granted more implicitly through an act of user selection. For example, permission to upload a file is granted by the user choosing that file in a file picker; similar for screensharing a window in Screen Share. This sort of permission grant is in many ways better than explicitly asking the user since it's often clearer what's being granted, and the grant is clearly tied to the thing that needs it. It also requires less API around it, since it doesn't make sense to query the status of this permission, or to request it separately.
However, there are some uses of the permissions API, such as the Permission Delegation proposal that would control the delegation of permissions to cross-origin subframes, where it seems like it would be useful to have API around these permissions. It seems like a page should be able to control whether its subframes can request file upload or screen share just like it should be able to control whether its subframes can request geolocation. (In both cases, the request appears in significant ways to come from the toplevel page.)
So I think these permissions ought to be described in the registry in the permissions API spec, in a way that
Permissions.query()
doesn't apply, but that other APIs such as permission delegation do apply.The text was updated successfully, but these errors were encountered: