Relinquishing Permissions

Draft Community Group Report,

This version:
https://jyasskin.github.io/permissions-revoke
Issue Tracking:
GitHub
Inline In Spec
Editor:
(Google Inc.)
Former Editor:
(Google Inc.)
Tests:
web-platform-tests permissions-revoke/ (ongoing work)

Abstract

This specification extends the Permissions API to provide a way to relinquish permission to use powerful features.

Status of this document

This specification was published by the Web Platform Incubator Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.

1. Introduction

This document specifies a function to relinquish permissions that are no longer needed.

2. Revoke API

partial interface Permissions {
  Promise<PermissionStatus> revoke(object permissionDesc);
};

When the revoke(permissionDesc) method is invoked, the UA MUST run the following algorithm, passing the parameter permissionDesc:

  1. Let rootDesc be the object permissionDesc refers to, converted to an IDL value of type PermissionDescriptor. If this throws an exception, return a promise rejected with that exception and abort these steps.

  2. Let typedDescriptor be the object permissionDesc refers to, converted to an IDL value of rootDesc.name’s permission descriptor type. If this throws an exception, return a promise rejected with that exception and abort these steps.

  3. Return a new promise promise and run the following steps in parallel:

    1. The UA now has new information that the user intends to revoke permission to use the feature described by typedDescriptor.

    2. If any tasks run due to Reacting to users revoking permission, wait for them to finish.

    3. Queue a task to resolve promise with the result of query(permissionDesc).

      This should pass typedDescriptor directly into the parallel part of query().

3. Security Considerations

No security considerations have been identified.

4. Privacy Considerations

No privacy considerations have been identified.

Conformance

Document conventions

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

Conformant Algorithms

Requirements phrased in the imperative as part of algorithms (such as "strip any leading space characters" or "return false and abort these steps") are to be interpreted with the meaning of the key word ("must", "should", "may", etc) used in introducing the algorithm.

Conformance requirements phrased as algorithms or specific steps can be implemented in any manner, so long as the end result is equivalent. In particular, the algorithms defined in this specification are intended to be easy to understand and are not intended to be performant. Implementers are encouraged to optimize.

Index

Terms defined by this specification

Terms defined by reference

References

Normative References

[HTML]
Anne van Kesteren; et al. HTML Standard. Living Standard. URL: https://html.spec.whatwg.org/multipage/
[PERMISSIONS]
Marcos Caceres; Mike Taylor. Permissions. 11 March 2022. WD. URL: https://www.w3.org/TR/permissions/
[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://datatracker.ietf.org/doc/html/rfc2119
[WEBIDL]
Edgar Chen; Timothy Gu. Web IDL Standard. Living Standard. URL: https://webidl.spec.whatwg.org/

IDL Index

partial interface Permissions {
  Promise<PermissionStatus> revoke(object permissionDesc);
};

Issues Index

This should pass typedDescriptor directly into the parallel part of query().