On Thu, Mar 15, 2012 at 5:44 PM, David Chan <[email protected]> wrote: > Sorry I should have used the same nomenclature that was used earlier. > > Polling as in the app repeated asks for geolocation because it "failed". > Having different failures for denied vs can't lock onto GPS would solve > this, but I don't know how much it matters for an app.
We design our APIs so they don't have this problem, in general. This failure mode can happen even when the user allows geolocation. Suppose I access my maps app from the subway. If our geolocation api were poorly designed, the maps app would continuously poll until I got out of the subway. In the case of the geolocation API, you request the location (either as one-shot or continuous), and then you wait. You eventually get called back once GPS is available. If the user denies permission to access geolocation, that's the same as being stuck in the subway permanently. Or at least, that's how I think it should work. > ----- Original Message ----- >> From: "Justin Lebar" <[email protected]> >> To: "David Chan" <[email protected]> >> Cc: "Jim Straus" <[email protected]>, [email protected], >> [email protected], "Mozilla B2G mailing >> list" <[email protected]>, [email protected], "mozilla >> dev webapps" >> <[email protected]>, "Jonas Sicking" <[email protected]> >> Sent: Thursday, March 15, 2012 2:31:02 PM >> Subject: Re: [b2g] OpenWebApps/B2G Security model >> >> > There is still an open question on how a permissions manager should >> > respond in the event of a DENIED permission. One suggestion is to >> > not >> > error out but return some default/safe value e.g. no contacts if an >> > app is not granted Contacts information. A concern of this proposal >> > is that an app may continue to poll for a permission until it is >> > granted or an app may pop up a dialog to have the user grant the >> > permission. >> >> I don't understand this. Can you give a concrete example of what the >> problem is here, for example with the current geolocation API? >> >> All of our APIs are async, so there's no polling involved, as far as >> I >> understand. >> >> > ----- Original Message ----- >> >> From: "Jim Straus" <[email protected]> >> >> To: "Jonas Sicking" <[email protected]> >> >> Cc: [email protected], [email protected], >> >> [email protected], "mozilla dev webapps" >> >> <[email protected]>, "Mozilla B2G mailing list" >> >> <[email protected]> >> >> Sent: Tuesday, March 13, 2012 1:09:06 PM >> >> Subject: Re: [b2g] OpenWebApps/B2G Security model >> >> >> >> Hello all - >> >> I've been sketching out an implementation of permissions. I've >> >> laid out some code framework, but wanted to through tis out for >> >> validation. Assumptions: that B2G/Firefox will have separate >> >> processes for each app/tab. This is already declared to be true >> >> (but not implemented) for B2G. This proposal doesn't required >> >> ipc >> >> , but I believe we need to support it. Also note that this >> >> should >> >> be able to replace the existing Permission and PermissionManager >> >> in gecko. >> > _______________________________________________ >> > dev-b2g mailing list >> > [email protected] >> > https://lists.mozilla.org/listinfo/dev-b2g >> _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
