Skip to toolbar

Community & Business Groups
  • Home /
  • Proposed Group: Trust...

Proposed Group: Trust & Permissions Community Group

W3C Team | Posted on:

The Trust & Permissions Community Group has been proposed by Dave Raggett:

As the Open Web Platform expands, and apps are developed that access various sensitive resources, new ways of managing permissions to access these resources are likely to arise. This Community Group will explore and evaluate such ways based upon experience with native and hybrid platforms, and drawing upon research studies. This follows on from the Paris meeting on trust and permissions held on 3-4 September 2014, see [1].

Resources vary in sensitivity and timeliness, e.g. when and to whom a password should be disclosed is quite different from when access to the user’s webcam should be granted. Similarly, modes of obtaining user permission vary, including asking users upfront for permission when an app is installed or first run (exemplified in Android and Windows) or asking users for permission when the application is attempting to use a given capability (exemplified in iOS) and permission can even be obtained after the fact by inviting the user to continue or to cancel an action after it has occurred, i.e. asking for forgiveness rather than permission. In some cases, the user’s actions can be taken as implicitly granting permission, such as the Windows file chooser dialog. A further approach is for users to delegate decisions on permissions to a trusted 3rd party.

The goal of this CG is to develop and articulate best practices for which modes of obtaining permission best match which resource types, and make these best practices available to both platform developers (browser and operating system vendors) and app developers. Ideally the APIs offered to apps to obtain permission to access resources should be consistent across platforms, while allowing platforms the flexibility to present a user experience that meets each platform’s needs.

The scope of this Community Group is limited to discussion and guidance on best practices, to review draft APIs from individual WG’s, and pre-standardization work on promising ideas for better user experience obtaining permission, including trusted UI and trust delegation per Roesner et al, see [2]. Work on best practices will focus on the kinds of resources that need protection, the enumeration of good ways to obtain user permission, to dis-recommend permission models that are known to be problematic, and to recommend the preferred user experience for a given kind of resource. The main focus is on the Open Web Platform, but packaged apps are not excluded.

[1] http://www.w3.org/2014/07/permissions/
[2] http://research.microsoft.com/pubs/152495/user-driven-access-control-nov2011.pdf

You are invited to support the creation of this group. Once the group has a total of five supporters, it will be launched and people can join to begin work. In order to support the group, you will need a W3C account.

Once launched, the group will no longer be listed as “proposed”; it will be in the list of current groups.

If you believe that there is an issue with this group that requires the attention of the W3C staff, please send us email on site-comments@w3.org

Thank you,
W3C Community Development Team

Leave a Reply

Your email address will not be published. Required fields are marked *

Before you comment here, note that this forum is moderated and your IP address is sent to Akismet, the plugin we use to mitigate spam comments.

*