Escalating trust

[francofaa]

User agents may provide a method for escalating trust for a specific publication. Some publications may require additional capabilities (for example, access to camera or geolocation) that a user agent might normally not enable. Today, some platform and UA vendors offer methods for otherwise untrusted local scripts to become trusted and regain API privileges, a similar ability needs to exist for publications as well.

Unsure whether this is redundant for the web.

(@BigBlueHat , @iherman, @bdugas)

[iherman]

Yes, it does sound redundant as a use case, this is how the Web operates...

[BigBlueHat]

Yes, it does sound redundant as a use case, this is how the Web operates...

Well, it's how standalone browser's implementing JavaScript work, but what about reading systems built with Web views (or not) in mobile apps?

Also, are these permission requests simply part of the HTML-based content containing JavaScript which asks for the permissions? or is there some other manifest-level thing needed like what is used in Browser Extensions (which is notably an "up-front" request to do things vs. various "as-needed" requests).

But perhaps these questions change the nature of the use case from "user agents may provide..." to "publications may request escalated trust"--which seems necessary for scripting in packaged publications (for example).

[francofaa]

Opened 219 for moving use case starting "Luke has written another book..." to a more relevant requirement.

Moreover, I argue that the language "Today, some platform and UA vendors offer methods for otherwise untrusted local scripts to become trusted and regain API privileges, a similar ability needs to exist for publications as well" is sufficient to indicate that we acknowledge that this technology already exists on the web.

The matter of whether script trust escalation belongs in the manifest does not need to reside in the UCR, so I am closing this issue.

[iherman]

This issue was discussed in a meeting.

• No actions or resolutions
  View the transcript

  escalating trust
  Wendy Reid: https://github.com/w3c/dpub-pwp-ucr/issues/217
  Franco Alvarado: first was 217, escalating trust
  User agents may provide a method for escalating trust for a specific publication. Some publications may require additional capabilities (for example, access to camera or geolocation) that a user agent might normally not enable. Today, some platform and UA vendors offer methods for otherwise untrusted local scripts to become trusted and regain API privileges, a similar ability needs to exist for publications as well.
  Franco Alvarado: I saw ivan and benjamin’s feedback
  Benjamin Young: platforms seem to be more granular and contextual when asking for permission
  … at what point does the publication need to encode what things it will need?
  … does it happen at manifest level?
  … or does the JS in a widget ask for a particular permission?
  Franco Alvarado: maybe that granularity doesn’t need to be in the UCR? or into an explainer or the spec
  Benjamin Young: the use case is publications asking for permissions
  … those requests would be in implementations
  … if there was permission needed to ask for bluetooth, then there’s a moment that the content makes the request, and consent from user sent back to content
  … there should be a use case
  Joshua Pyle: that makes sense, get permission only when you need it
  … from the manifest, it might be good to specify all the things the script might ask for
  … I would want to know in advance that the book might ask for microphone or geolocation
  Benjamin Young: there’s a model for that in browser extensions
  … (https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Request_the_right_permissions)
  … if you were to imagine a wp as a browser extension
  … that could happen in lots of places
  … there might be a use case that the content asks for that
  … does the publication itself need more?
  Dave Cramer: first of all, a web page asking for permissions is not the same thing as content requiring the use of that API
  … lots of web pages ask me for my location, I say no
  … I still get the content
  … it might slow down my content experience
  … but I still get the content
  … I’m leery to add this sort of layer on top of the Web
  … it introduces the opportunity for error about permissions
  … I state that need this access, but I don’t actually use it
  … so this seems at least inefficient and error prone
  Joshua Pyle: the task for franco is to determine if this is already covered in the web
  … we should probably mention use cases, but say that the web already provides such mechanisms
  Ivan Herman: +1 to josh
  Franco Alvarado: I don’t have an answer, but I wanted to bring up a use case
  UC 12: Luke has written another book, this time using all of the capabilities of the Open Web Platform that he can think of including using the readers location to adapt the content. He submits the book for review to a Web Publication retail platform, where the book is signed by the publisher. When purchased, the UA detects that the book came from a trusted source and has not been modified, therefore allowing it to use the full capabilities of the web platform.
  Franco Alvarado: It doesn’t seem this is related to what the requirement is saying
  … this is more like security… the origin of the wp
  Wendy Reid: the web actually covers you in this case
  Benjamin Young: we’re not only writing use cases for the web
  … but also for other reading systems, outside of browsers
  … must implementors do something to be conforming user agents?
  … content can escalate trust
  … reading systems need to be aware that this kind of thing can happen
  … they go beyond what we spec because its in the content
  … the use case needs to stay
  … and also uc-12 may be in the wrong place
  Joshua Pyle: not sure we’re all on the same page
  … about whether everything that works on the web should work in wp
  … so implementers need to use a browser
  … and we shouldn’t start deleting use cases
  … but we should state when we think the web already supports them
  Franco Alvarado: I agree
  … and I agree on moving uc-12
  … and we can retain this use case
  Franco Alvarado: Today, some platform and UA vendors offer methods for otherwise untrusted local scripts to become trusted and regain API privileges, a similar ability needs to exist for publications as well.
  Franco Alvarado: I think that ^ acknowledges that the web already does this. I’m ready to move on.
  Wendy Reid: let’s do that