Re: ISSUE-28: [Policy] Requirement for NO security prompting [Security Policy Framework < General] from Jere.Kapyaho@nokia.com on 2009-10-07 (public-device-apis@w3.org from October 2009)

From: <Jere.Kapyaho@nokia.com>
Date: Wed, 7 Oct 2009 16:37:28 +0200
To: <brian.leroux@westcoastlogic.com>, <paddy.byers@gmail.com>
CC: <Frederick.Hirsch@nokia.com>, <Marcin.Hanclik@access-company.com>, <public-device-apis@w3.org>
Message-ID: <C6F28258.8C24%jere.kapyaho@nokia.com>

On 7.10.2009 17.30, "ext Brian LeRoux" <brian.leroux@westcoastlogic.com>
wrote:
> Rather than runtime dialogues, which do create a *terrible* user
> experience, can we consider a one time startup dialogue (similar to
> what is seen in android applications) that warns the user about what
> apis the application wants access to.

>From a usability point of view, a one-time dialog would be quite good. It
just needs to be presented sensibly and nicely (which is not necessarily a
DAP concern). I think in Android this is based on entries in the manifest
file, so the information can be collected up front.

Of course, a secure solution that would completely sidestep any user
prompting would be even better, but I have none to present at this moment.
(And if I had, it wouldn't be certificate signing.)

--Jere

Received on Wednesday, 7 October 2009 14:38:14 UTC