Add information to "Extending the Permission API" section #265
Conversation
index.bs
Outdated
| <h3 id="permission-api">Extending the Permission API</h3> | ||
|
|
||
| Provide guidance on how to extend the Permission API [[PERMISSIONS]] | ||
| for each [=sensor types=]. | ||
| {{Sensor}} interface for concrete [=sensor=] must protect it's [=sensor reading|reading=] |
There was a problem hiding this comment.
An implementation of the {{Sensor}} interface for each [=sensor types=] must protect its
index.bs
Outdated
| for each [=sensor types=]. | ||
| {{Sensor}} interface for concrete [=sensor=] must protect it's [=sensor reading|reading=] | ||
| by associated {{PermissionName}} or more complex {{PermissionDescriptor}}. | ||
| [=Low-level=] {{Sensor|sensor}} may use it's interface name as a {{PermissionName}}, for instance |
There was a problem hiding this comment.
A [=Low-level=] {{Sensor|sensor}} may use its
index.bs
Outdated
| by associated {{PermissionName}} or more complex {{PermissionDescriptor}}. | ||
| [=Low-level=] {{Sensor|sensor}} may use it's interface name as a {{PermissionName}}, for instance | ||
| "gyroscope" or "accelerometer". [=sensor fusion|Fusion sensors=] must | ||
| [=request permission to use|request permission to use=] sensors used as a source of fusion. |
There was a problem hiding this comment.
request permissions for each of the fused sensors ?
There was a problem hiding this comment.
This might sound that source sensors are also fusion sensors.
index.bs
Outdated
| "gyroscope" or "accelerometer". [=sensor fusion|Fusion sensors=] must | ||
| [=request permission to use|request permission to use=] sensors used as a source of fusion. | ||
|
|
||
| Even though, it might be difficult to reconstruct [=low-level=] [=sensor readings=] from |
index.bs
Outdated
| therefore, those sensors must [=request permission to use|request permission to use=] | ||
| "magnetometer" as it provides information about orientation of device in relation to Earth's | ||
| magnetic field. In contrast, relative orientation sensor does not expose such information, thus, | ||
| does not need to [=request permission to use|request permission to use=] "magnetometer". |
There was a problem hiding this comment.
Brainstorming some examples that I don't think (subjectively) require permission:
- ambient light
- ambient temperature
- barometric pressure
I'm interested in reasonable scenarios that counter my initial intuition
There was a problem hiding this comment.
@pozdnyakov you mean relative orientation sensor readings fused from gyro and accel need magnetometer, or comment was for different line? 😄
@rwaldron ALS needs permission, there are pin skimming research papers. Ambient temperature and pressure, I'm not sure, maybe you are right. Do you want me to add exception for such sensors?
There was a problem hiding this comment.
Assume someone lives alone at sea level (1 Bar) on the east coast of America and that room temperature inside their home is 20°C. If an ambient temperature sensor says it's 5°C this person is more like to be outdoor in winter than in their home. If a barometric pressure sensor says it's 0.5 Bar this person is more likely to be at the top of a 5000 meter mountain than in their home. In either case it's possible to deduce that the person is not at home and to safely burgle their home without being disturbed.
There was a problem hiding this comment.
@fivdi Thanks, those are possible attack vectors for information leaks.
@rwaldron I thought about possible scenarios where permission might not be required and here are few things to consider:
- UA can decide to autogrant permission to access 'safe' sensors.
- Attack vectors are unknown, would be better to have permission token, so that UA might patch and remove autogranting or apply other mitigation strategy for previously 'safe' sensors.
- GS API spec and all concrete sensor derivatives rely on Permission API integration and need permission tokens. Also we don't have sensors that fall into 'no permission token needed' category at this moment.
My proposal is to keep Permission API extendability for new sensors as is.
I can create issue for Level2 to investigate possibility of supporting sensors without dedicated permission token / descriptor.
There was a problem hiding this comment.
I just meant that it would be better to add "it" => "It does not", but I see now how it actually looks :/ sorry for the hassle..
There was a problem hiding this comment.
@rwaldron Rick, could you please take a look again? Thanks!
index.bs
Outdated
| does not need to [=request permission to use|request permission to use=] "magnetometer". | ||
|
|
||
| In order to provide fine grained control over the sensor's data, | ||
| {{PermissionDescriptor|permission descriptors}} may be used. For example, descriptor can contain |
There was a problem hiding this comment.
{{PermissionDescriptor|permission descriptors}} can be also used to control accuracy or sample rate of the exposed [=sensor readings=] ?
index.bs
Outdated
| {{PermissionDescriptor|permission descriptors}} may be used. For example, descriptor can contain | ||
| settings for accuracy or [=sampling frequency=]. | ||
|
|
||
| Here is an example of {{PermissionDescriptor}} for a possible extension of the Permission API for |
alexshalamov
force-pushed
the
permission_api_extensions
branch
3 times, most recently
from
f7ef32b to
bb82b3e
Compare
| it does not need to [=request permission to use|request permission to use=] magnetometer. | ||
|
|
||
| {{PermissionDescriptor|Permission descriptors}} can also be used to set maximum allowed limits | ||
| for accuracy or [=sampling frequency=]. An example for a possible extension of the Permission API |
There was a problem hiding this comment.
of the PermissionDescriptor interface ?
There was a problem hiding this comment.
PermissionDescriptor is a dictionary. All API specific dictionaries are defined in Permission API. Actually it would be nice to have something like partial dictionary or namespace in Permission API, so that other specs would not need to modify it whenever new token is required.
|
I attempted to resolve this conflict, because it looks like index.html just needs to be regenerated, but bikeshed did something bizarre: |
alexshalamov
force-pushed
the
permission_api_extensions
branch
from
bb82b3e to
26ff704
Compare
Fixes: #132
Fixes: #22
Preview | Diff