Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissioning, user consent, and the Imperative API #20

Closed
hadleybeeman opened this issue Mar 4, 2020 · 1 comment
Closed

Permissioning, user consent, and the Imperative API #20

hadleybeeman opened this issue Mar 4, 2020 · 1 comment

Comments

@hadleybeeman
Copy link

Hi all,

@hober, @dbaron and I are looking at w3ctag/design-reviews#391 in a breakout at our W3C TAG Wellington face-to-face.

One thing I'm concerned about:

The Imperative API, as I read it, operates by pulling SMS content from the operating system, without the user knowing that that's what's happening.

While I understand that that creates a smooth UX, it also feels counter to the rest of the web architecture that doesn't escape from the user agent into the OS without the user's explicit permission. (I'm thinking of device APIs, for example, which would allow the camera to send video or the microphone to send audio – after getting the user's permission by a prompt.)

The way you're recommending this work, it doesn't do that; it just reaches in and takes. This seems the complete opposite of solutions like autocomplete="one-time-code", which leave the control – and indeed, the content of the SMS – in the hands of the user.

The Imperative API's approach seems counter to the W3C TAG's Ethical Web Principles, specifically the principle on Security and Privacy, which includes:

We will start by creating web technologies that create as few risks as possible, and will make sure our users understand what they are risking in using our services.

I'd be grateful for your thoughts on this.
@dbaron dbaron mentioned this issue Mar 4, 2020
Closed
5 tasks
@samuelgoto
Copy link
Collaborator

The Imperative API, as I read it, operates by pulling SMS content from the operating system, without the user knowing that that's what's happening.

From a privacy perspective and user consent perspective, we believe there are no differences between the declarative API and the imperative API. Both of them are behind explicit consent from the user with an explicit gesture. Specifically, you can see all the many UX explorations we went through here:

https://github.com/WICG/WebOTP/blob/master/explainer.md#alternatives-considered

And which the current implementation landed somewhere around here:

https://github.com/WICG/WebOTP/blob/master/explainer.md#opt-in-ux

Although it looks more like an infobar:

https://github.com/WICG/WebOTP/blob/master/explainer.md#proposal

So, to be clear, there is user consent that is gathered before any information is handed back to the origin, which we believe to be consistent either the declarative API or the imperative API.

I'm going to close and resolve this, since I think it was just a clarification that needed to be provided, rather than disagreement or something that we could act on. If that's not the case, feel free to reopen and I'd be happy to continue this on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@samuelgoto @hadleybeeman