Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harmonize permissions and similar mechanisms #144

Open
plinss opened this issue Mar 27, 2019 · 14 comments
Open

Harmonize permissions and similar mechanisms #144

plinss opened this issue Mar 27, 2019 · 14 comments
Assignees
@dbaron @hadleybeeman @plinss @atanassov
Labels
Size: big

Comments

@plinss
Copy link
Member

plinss commented Mar 27, 2019

The web has several different apis currently available and in development for permissions and permission-adjacent items, such as gating access to features by user activation or similar mechanisms. There are also different mechanisms to hand-off permissions, and feature access privileges between iframes.

The TAG needs to take a look at consolidating these permissions into a single extensible model.

Related issues:
w3ctag/design-reviews#356
#347
w3ctag/design-reviews#225
w3ctag/design-reviews#203
w3ctag/design-reviews#199
w3ctag/design-reviews#159
w3ctag/design-reviews#45
@mikewest
Copy link

On this topic, I'd point y'all to https://www.w3.org/Privacy/permissions-ws-2018/papers/thomas-nattestad.pdf (and the permissions workshop position papers in general: https://www.w3.org/Privacy/permissions-ws-2018/papers.html).

@dbaron dbaron self-assigned this Apr 17, 2019
@dbaron
Copy link
Member

dbaron commented May 21, 2019

To what extent is this work that the TAG should do, versus work that the TAG should encourage others (who are hopefully more likely to be domain experts)?

@lknik lknik self-assigned this May 21, 2019
@cynthia
Copy link
Member

cynthia commented Sep 11, 2019

We discussed this during the Tokyo F2F, and one point that came up during the discussion is that we would like to see either the Permissions API get more traction as the first step of this work going forward, or an alternative if there is a better option. Regardless of what the mechanism is, the needs from a developer perspective are real and we think this should be addressed.

Another bit that came up was on how much the overlap between permissions and feature policy is - and whether or not the names match up.

@marcoscaceres
Copy link
Contributor

We boiled it down to: "if you need a permission, and an iframe can use it, you need a feature policy."

@hadleybeeman
Copy link
Member

Reviewed at our TAG face-to-face in Cupertino.

We want to take this forward, as a big chunk of work. We are moving it to the Design Principles repo, where we'll catch it at the right time.

@torgo torgo transferred this issue from w3ctag/design-reviews Dec 4, 2019
@torgo torgo added the Size: big label Dec 4, 2019
@mikewest
Copy link

mikewest commented Dec 5, 2019

I believe there are folks in multiple organizations with various opinions and proposals in this space. What's a good way to get involved in y'all's musings on the topic?

@plinss plinss added this to the 2020-02-03-week milestone Jan 29, 2020
@torgo
Copy link
Member

torgo commented Feb 3, 2020

Some suggestion on today's breakout that we could pull some principles directly out of the document that @mikewest linked above directly into the principles document.

@mikewest
Copy link

mikewest commented Feb 4, 2020

@torgo: Is that process something y'all would like help doing? Or would it be best to let y'all first produce something concrete that folks can express opinions about?

@torgo torgo unassigned lknik Mar 30, 2020
@torgo
Copy link
Member

torgo commented Mar 30, 2020

@mikewest we are just coming back to this now and trying to progress and yes, we'd be happy to have your help if you are still willing. Do you have some thoughts on this that you could write here?

@npdoty
Copy link

npdoty commented May 25, 2020

The 2018 workshop report and Adding another permission? a guide might also be useful sources on coming up with principles for harmonization of how we ask for permissions on the Web.

@torgo torgo modified the milestones: 2020-08-10-week, 2020-09-07 Aug 10, 2020
@hober
Copy link
Contributor

hober commented Aug 10, 2020

Adding another permission? a guide might also be [a] useful source[…] on coming up with principles for harmonization of how we ask for permissions on the Web.

I think it would make sense for the Design Principles doc to reference or incorporate this guide. @npdoty, do you have advice? Is the guide an active PING document that we can reference?

@dbaron dbaron mentioned this issue Sep 24, 2020
Closed
@cynthia cynthia mentioned this issue Sep 24, 2020
Open
@plinss plinss modified the milestones: 2020-09-07, 2020-10-05 Sep 30, 2020
@npdoty
Copy link

npdoty commented Oct 5, 2020

Adding another permission? a guide might also be [a] useful source[…] on coming up with principles for harmonization of how we ask for permissions on the Web.

I think it would make sense for the Design Principles doc to reference or incorporate this guide. @npdoty, do you have advice? Is the guide an active PING document that we can reference?

+1, I think it would be great to incorporate the adding-permissions guide into the Web Platform Design Principles document.

We can check with other PING folks about whether it makes sense to merge the whole permissions doc into design principles -- and PING can provide input on the Design Principles, or whether the design principles should just include a couple of the questions and cite a separately maintained document -- which PING can maintain if the TAG will also provide feedback during your discussions of the topic.

@torgo
Copy link
Member

torgo commented Oct 5, 2020

Thanks Nick! My thoughts are that it would be better to include a couple of the questions and then cite the PING document, but would be great to hear from other PING folks on this.

@npdoty
Copy link

npdoty commented Nov 5, 2020

Sounds good. Per PING call today, Christine will help us coordinate conversion to a Note and (with @hober maybe) get TAG review and updates of a couple questions for the design principles.

@plinss plinss modified the milestones: 2020-10-05, 2021-01-04-week Jan 4, 2021
@plinss plinss removed this from the 2021-02-01-week milestone Feb 28, 2021
torgo added a commit that referenced this issue Dec 4, 2024
@torgo
Update Permissions / Powerful APIs (1.4)
c8d0329 
This addresses some of the issues in #144
@torgo torgo mentioned this issue Dec 4, 2024
Merged
plinss pushed a commit that referenced this issue Dec 4, 2024
@torgo @jyasskin @martinthomson
Update Permissions / Powerful APIs (1.4) (#519)
a071d75 
* Update Permissions / Powerful APIs (1.4)

This addresses some of the issues in #144

* Update index.bs

Co-authored-by: Jeffrey Yasskin <[email protected]>

* Update index.bs

Co-authored-by: Martin Thomson <[email protected]>

---------

Co-authored-by: Jeffrey Yasskin <[email protected]>
Co-authored-by: Martin Thomson <[email protected]>
martinthomson added a commit that referenced this issue Dec 4, 2024
@torgo @jyasskin @martinthomson
Update Permissions / Powerful APIs (1.4) (#519)
2082e76 
* Update Permissions / Powerful APIs (1.4)

This addresses some of the issues in #144

* Update index.bs

Co-authored-by: Jeffrey Yasskin <[email protected]>

* Update index.bs

Co-authored-by: Martin Thomson <[email protected]>

---------

Co-authored-by: Jeffrey Yasskin <[email protected]>
Co-authored-by: Martin Thomson <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dbaron dbaron

@hadleybeeman hadleybeeman

@plinss plinss

@atanassov atanassov

Labels
Size: big
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests