AMorgaut
commented
10 years ago The purpose was to think of the mentioned use case in which several permissions are required for an application to work, and see if the user experience could be enhanced using a single global notification asking for several permissions instead of having to manage many ones.
If the user attention is asked too many times, he often won't read anymore what is asked and just allow anything I may be wrong but a clear overview of what will be permitted with options to check/uncheck some of them looks safer to me. (note that some may be flagged as required by the app)
It is actually what are kind of doing google, facebook, github and some other during OAuth first connections.
My opinion is that the use case is very valid as it can have an impact on security
I know (at least I have heard) that we can not impose UI rendering to User agents in such situation, so I'd be even satisfied with a linked W3C Note.
The mockup of the proposal still is incomplete to me in that label are not enough to efficiently describe the permissions that are checked. Current notifications use representative icons that I think should probably be added there too to be sure that, if the user didn't want to spend too much time to read (unfortunately real life situation), we gave him another occasion to see what it was about through identifiable pictures
marcoscaceres
Elsewhere, @AMorgaut wrote:
Regarding permissions for Device APIs being listed in the manifest, I thought a previous proposal
and the related discussion on the WHATWG mailing list to which I participated :
may worth a read