w3c / permissions-registry

Registry of known powerful features in the web platform.
https://w3c.github.io/permissions-registry/
1 stars 4 forks source link

CFC for publication as a "Draft Registry" #4

Open marcoscaceres opened 2 years ago

marcoscaceres commented 2 years ago

This issue serves as a CFC letting the WebAppSec Working Group know about the intention to publish a Permissions Registry as a Draft Registry.

As the name implies, serves a centralize Registry of permissions being standardized for the web platform: this covers both "powerful features" and "policy-controlled features".

The document is accessible at: https://github.com/w3c/permissions-registry/

Using the a comment reaction at the top right of this issue, please indicate support by using the 👍 reaction. Alternatively, use the 👎 reaction if you have an objection to the publication. Please leave a comment with the rationale for the objection.

Email callout: https://lists.w3.org/Archives/Public/public-webappsec/2022Jun/0000.html

marcoscaceres commented 2 years ago

@dveditz, in the minutes it states:

Mozilla would prefer to see that folded into Permissions API spec rather than 2x docs.

The Editors completely understand that. And that's obviously where we started. But having them in the spec caused the issues that required us to move them out in the first place.

If it's ok with folks at Mozilla, the Editors would like you to reconsider. We've put a lot of effort into moving the everything out, reviewing the usage of all permissions across specs, and in putting this registry together.

The Editors feel pretty strongly about having a separate registry is the right way for us, as a community, to manage the permissions for both the Permissions spec and for Permissions Policy.

In practice, devs will likely use MDN.

Absolutely, and that's what we want too! This is to help implementers, however.

miketaylr commented 2 years ago

Any thoughts @dveditz?

miketaylr commented 2 years ago

We attempted to have this conversation at TPAC, but ran out of time. @annevk, would you mind restating your point of view here (noting that it does not represent Mozilla's position on the topic)?

annevk commented 2 years ago

I think it would be clearer to have a single document on Permissions, encompassing the Permissions API document, the registry of strings needed for the API (which presumably we also want to have in an enum for IDL purposes), as well as the bits from Permissions Policy everyone agrees to implement.

Having a centralized point of control for these strings makes a lot of sense to me to avoid subtle issues and putting it all in a single document makes editing and review easier and (hopefully) ensures all the parts work well together.