Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add permissions bundles #549

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

tomayac
Copy link
Contributor

@tomayac tomayac commented Feb 4, 2022

  • Add permissions bundles to allow for tiered API access.
  • Minor changes (implementor → implementer Ngrams).

@ghost
Copy link

ghost commented Feb 4, 2022

CLA assistant check
All CLA requirements met.

@tomayac
Copy link
Contributor Author

tomayac commented Feb 4, 2022

(I'm just checking back with our open source folks regarding the CLA.)

@tomayac
Copy link
Contributor Author

tomayac commented Feb 7, 2022

CLA signed.

@tomayac
Copy link
Contributor Author

tomayac commented Feb 21, 2022

CC: @aarongustafson & @diekus.

@aarongustafson
Copy link
Member

@tomayac I’m intrigued by this concept, but it made me wonder if a permissions bundle could benefit from being an object with some form of label in addition to the array of permissions, rather than just an array of arrays? For example:

"permissions": [
  {
    "label": "Copy/paste",
    "bundle": [
      "clipboard-write",
      "clipboard-read"
    ]
  },
  {
    "label": "Communications",
    "bundle": [
      "camera", 
      "microphone",
      "notifications",
      "push"
    ]
  }
]

Perhaps implementers would disregard the labeling information, but it could also be profoundly helpful for providing basic context around why permissions are being grouped. Counterargument though: it will be abused when someone labels a bundle "Required." :-(

@tomayac
Copy link
Contributor Author

tomayac commented Apr 26, 2022

Maybe UAs could come up with commonly agreed-on enums for valid labels (like "Communications") that would then be presented in localized form (for example, "The app example.com wants to use your camera and microphone, and notify you of incoming calls.") to the user at the UA's discretion?

In contrast, mini apps have the notion of a free-form permission description, which would be more in line with your "label" proposal, but they don't have bundled permissions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants