Combined permission request is problematic

w3c / deviceorientation

W3C Device Orientation spec

https://www.w3.org/TR/orientation-event/

Other

49 stars 32 forks source link

Combined permission request is problematic #183

Open marcoscaceres opened 1 month ago

marcoscaceres commented 1 month ago

In requestPermission(absolute), the spec notes:

There is no algorithm for requesting multiple permissions at once. However, user agents are encouraged to bundle concurrent requests for different kinds of media into a single user-facing permission prompt.

Which is indicative that the permission model is not correct. This also sets a bad precedent for mixing multiple permissions policies.

We should fix this.

reillyeon commented 1 month ago

This text is adapted from a similar note in [MEDIACAPTURE-STREAMS].

marcoscaceres commented 1 month ago

Right, but there the request permission to use is single permission descriptor? Or am I misreading? (not seeing the note... maybe it got changed since this spec got changed)

reillyeon commented 1 month ago

I'm referring to the "User Agents are encouraged to bundle concurrent requests for different kinds of media into a single user-facing permission prompt" note under the step "For each media type kind in requestedMediaTypes, run the following sub steps, preferably at the same time". The effect of that step is that the site may request both "camera" and "microphone" permission at the same time if the device supports both audio and video.

marcoscaceres commented 1 month ago

Right, cool. I still think that the camera and microphone is a somewhat unique situation in the platform (those are some of the most privacy sensitive APIs on the Web).

I'm wonder if you agree that perhaps we could consider simplifying what is done here? At the same time, there is a little bit of pressure on "this ship has somewhat sailed" (like, we support this in WebKit somewhat... even if we require all there permissions).

Just seems that we are tying things that could be done more cleanly and extensibly, particularly as we continue to evolve this API.

marcoscaceres commented 1 month ago

Put differently, can we come up with what might be the ideal?... we don't need to commit to changing anything in the spec, but it's more conceptually... like, for me, it would be:

one permission policy: like "orientation-motion" (we can no doubt do better even)
and the then have .requestPermission({absolute: true})

Or something like that.

reillyeon commented 3 weeks ago

I think this ship has sailed but I think an ideal design which limited itself to only the sensors required to implement the current capabilities this specification (i.e. just sensors for determining device orientation and motion) would require only a single permission. I don't think it is necessary to communicate the difference between absolute and non-absolute through browser UX. It's only useful internally because it allows developers to inform the browser that they don't care about compass heading and can therefore avoid activating an additional unnecessary sensor.