Closed Bug 768931 Opened 12 years ago Closed 12 years ago

Each permission in the manifest should support a corresponding "intended usage"

Categories

(Core Graveyard :: DOM: Apps, defect)

Product:
Core Graveyard
Component:
DOM: Apps
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-kilimanjaro:?, blocking-basecamp:+)

Status:
RESOLVED FIXED
Project Flags:
blocking-kilimanjaro ?
blocking-basecamp +

People

(Reporter: ladamski, Assigned: anant)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-needed, feature, Whiteboard: [WebAPI:P0][LOE:S][qa-]) 

Developers should be able to provide an "intended usage" to describe the intended use of each permission requested and any data obtained.

This should be short to fit in a mobile UI dialog.

Localization is a big challenge.  Could we provide a generic set of pre-localized options?

See https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/aa0ff6e8ba9742ad/25595a281f08312e?lnk=raot#25595a281f08312e for background
Blocks: 768862
Group: webtools-security
blocking-basecamp: --- → ?
blocking-kilimanjaro: --- → ?
Intended usage should only displayed to the user for trusted applications.  
Certified applications don't display permission dialogs.  
Use of APIs by installed web apps (aka untrusted apps) can't be verified so we should not be displaying untrustworthy 3rd party claims in a trusted system dialog.

Having the rationale for all types of applications can still be useful for reviewers however.
Would this be a required or optional parameter in the manifest? Would there be an assumed default value if nothing is specified if this is optional?
I think it should be required; this will cause app developers to at least briefly think about what they will do with the data obtained through having permission.
Assignee: nobody → anant
Component: General → DOM: Apps
Product: Web Apps → Core
Anant - Can we get an update on this bug for the spec piece?
Depends on: 772358
Blocks: basecamp-permissions
Whiteboard: [WebAPI:P0]
Keywords: feature
Whiteboard: [WebAPI:P0] → [WebAPI:P0][LOE:S]
https://github.com/mozilla/webapps-spec/commit/cdae925cc5b98537164fd9182be9e8827482044a

The property "description" will contain the intended use of the permission.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [WebAPI:P0][LOE:S] → [WebAPI:P0][LOE:S][qa-]
Keywords: dev-doc-needed
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.