annevk
commented
1 year ago I'm not sure I understand the issue. Is the capability unclear to you? Or do you think we should have more UI guidance (that implementers are then free to ignore)?
Open npdoty opened 1 year ago
annevk
commented
1 year ago I'm not sure I understand the issue. Is the capability unclear to you? Or do you think we should have more UI guidance (that implementers are then free to ignore)?
npdoty
commented
1 year ago No, I'm not clear what the exact capability is from reading the spec. For example: is requesting access necessary to use localStorage and cookies at all, or just to get access to a cookie jar that is shared by the origin when it's in a first-party context?
I have yet to see a UI example where I understood the capability being requested and I expect most users have less detailed knowledge of the capabilities involved than I do. Guidance could indeed be ignored, but I think some minimal guidance would at least make sure it's even possible to clearly communicate the capability being specified.
While we don't want to standardize prompt language, the spec could be clearer on what the capability is being provided, for cases where a user may be prompted.
Is it about accessing data? Or about combining / breaking out of partitioning of data?
Do users understand currently implemented prompts? What context or information would they need in order to understand the capability?
This would likely also be part of a Privacy Considerations section: #115
We've touched on this a few times, but don't think there was a dedicated issue.
"Explanatory string" proposals are a distinct question, although related to how the user will understand.
This would be one part of a review for new web permissions; these questions might be helpful: https://www.w3.org/blog/2019/07/adding-another-permission/