Relinquishing Permissions

Draft Community Group Report,

This version:
https://jyasskin.github.io/permissions-revoke
Issue Tracking:
GitHub
Inline In Spec
Editor:
Jeffrey Yasskin (Google Inc.)
Tests:
web-platform-tests permissions-revoke/ (ongoing work)

Abstract

This specification extends the Permissions API to provide a way to relinquish permission to use powerful features.

Status of this document

This specification was published by the Web Platform Incubator Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.

1. Introduction

This document specifies a function to relinquish permissions that are no longer needed.

2. Revoke API

partial interface Permissions {
  Promise<PermissionStatus> revoke(object permissionDesc);
};

When the revoke(permissionDesc) method is invoked, the UA MUST run the following algorithm, passing the parameter permissionDesc:

  1. Let rootDesc be the object permissionDesc refers to, converted to an IDL value of type PermissionDescriptor. If this throws an exception, return a promise rejected with that exception and abort these steps.

  2. Let typedDescriptor be the object permissionDesc refers to, converted to an IDL value of rootDesc.name’s permission descriptor type. If this throws an exception, return a promise rejected with that exception and abort these steps.

  3. Return a new promise promise and run the following steps in parallel:

    1. The UA now has new information that the user intends to revoke permission to use the feature described by typedDescriptor.

    2. If any tasks run due to Reacting to users revoking permission, wait for them to finish.

    3. Queue a task to resolve promise with the result of query(permissionDesc).

      This should pass typedDescriptor directly into the parallel part of query().

3. Security Considerations

No security considerations have been identified.

4. Privacy Considerations

No privacy considerations have been identified.

Conformance

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

Index

Terms defined by this specification

Terms defined by reference

References

Normative References

[HTML]
Anne van Kesteren; et al. HTML Standard. Living Standard. URL: https://html.spec.whatwg.org/multipage/
[PERMISSIONS]
Mounir Lamouri; Marcos Caceres. The Permissions API. URL: https://www.w3.org/TR/permissions/
[PROMISES-GUIDE]
Domenic Denicola. Writing Promise-Using Specifications. 16 February 2016. Finding of the W3C TAG. URL: https://www.w3.org/2001/tag/doc/promises-guide
[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://tools.ietf.org/html/rfc2119
[WebIDL]
Cameron McCormack; Boris Zbarsky; Tobie Langel. Web IDL. URL: https://heycam.github.io/webidl/

IDL Index

partial interface Permissions {
  Promise<PermissionStatus> revoke(object permissionDesc);
};

Issues Index

This should pass typedDescriptor directly into the parallel part of query().