Updated explainer with better wording around permission reconsideration and accessibility #17
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Additional clarification & simplification of text
Added caveat that PEPC will require prototyping and real world testing to validate assumptions.
| ## tl;dr | ||
|
|
||
| We propose a semantic permission element with styling constraints that ensures a | ||
| We propose a <permission> HTML element with styling constraints that ensures a |
Contributor
There was a problem hiding this comment.
Suggested change
| We propose a <permission> HTML element with styling constraints that ensures a | |
| We propose a `<permission>` HTML element with styling constraints that ensures a |
| Some APIs, including geolocation & notifications, predate requiring user | ||
| activation and support use without user activation for backwards | ||
| compatibility. For this reason user agents may use unintrusive UI for these | ||
| requests, which can easily be missed by users. User agents must navigate the |
Contributor
There was a problem hiding this comment.
Suggested change
| requests, which can easily be missed by users. User agents must navigate the | |
| requests, which, in some browsers, can easily be missed by users (e.g., browsers that don't present permission requests as modal dialogs). User agents must navigate the |
Comment on lines
+192
to
+193
| be accessible if properly implemented and tested, however, PEPC has explicit | ||
| accessibility semantics by default. |
Contributor
There was a problem hiding this comment.
This is sorta true... but to have "explicit accessibility semantics", wouldn't it need an explicit ARIA role (which then maps to the OS's a11y model)?
| PEPC does not to replace existing permission journeys to benefit a large | ||
| fraction of the users who interact with permission gated capabilities. A | ||
| relatively small number of sites account for a large fraction of permission | ||
| requests with real world benefit, for example : |
Contributor
There was a problem hiding this comment.
Suggested change
| requests with real world benefit, for example : | |
| requests with real world benefit, for example: |
|
|
||
| Most of the implementation complexity of the PEPC lies in the annoyance | ||
| reduction mechanisms. As previously mentioned, the main security surface is the | ||
| "Confirmation UI" which is straightforward to implement. |
Contributor
There was a problem hiding this comment.
Suggested change
| "Confirmation UI" which is straightforward to implement. | |
| "Confirmation UI", which we believe is straightforward to implement. |
| reduction mechanisms. As previously mentioned, the main security surface is the | ||
| "Confirmation UI" which is straightforward to implement. | ||
|
|
||
| This proposal describes a deliberately conservative set of annoyance reduction |
Contributor
There was a problem hiding this comment.
Suggested change
| This proposal describes a deliberately conservative set of annoyance reduction | |
| This proposal describes a deliberately restricted set of annoyance reduction |
|
|
||
| This proposal describes a deliberately conservative set of annoyance reduction | ||
| mechanisms with the aim to discovering in [developer trials](#developer-trials) | ||
| which restrictions will be infeasible for users, developers or implementors. |
Contributor
There was a problem hiding this comment.
Suggested change
| which restrictions will be infeasible for users, developers or implementors. | |
| which restrictions will be infeasible for users, developers, or implementors. |
| such Camera/Microphone or Location and the PEPC can share strings used in the | ||
| existing permission journey. | ||
|
|
||
| Developers will need to handle the `onvalidationstatuschange` event, which helps |
Contributor
There was a problem hiding this comment.
Covers both "onvalidationstatuschange" and .addEventListener("validationstatuschange"...):
Suggested change
| Developers will need to handle the `onvalidationstatuschange` event, which helps | |
| Developers will need to handle the `"validationstatuschange"` event, which helps |
Contributor
marcoscaceres
left a comment
marcoscaceres
left a comment
There was a problem hiding this comment.
Couple of nits and comments...
rizzojose
approved these changes
Jul 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated explainer with better wording around permission reconsideration and accessibility