Suggest permission lifetime (#108) · w3c/geolocation@a1531cb (original) (raw)

`@@ -394,6 +394,38 @@

`

394

394

` information also discloses the location of the user of the device,

`

395

395

` thereby potentially compromising the user's privacy.

`

396

396

`

`

``

397

`+

`

``

398

`+

`

``

399

`+

User consent

`

``

400

`+

`

``

401

`+

`

``

402

`+

The Geolocation API is a [=powerful feature=] that

`

``

403

`+

requires [=express permission=] from an end-user before any location

`

``

404

`+

data is shared with a web application. This requirement is

`

``

405

`+

normatively enforced by the [=check permission=] steps on which the

`

``

406

`+

{{Geolocation/getCurrentPosition()}} and

`

``

407

`+

{{Geolocation/watchPosition()}} methods rely.

`

``

408

`+

`

``

409

`+

`

``

410

`+

An end-user will generally give [=express permission=] through a user

`

``

411

`+

interface, which usually present a range of permission

`

``

412

`+

[=permission/lifetimes=] that the end-user can choose from. The

`

``

413

`+

choice of [=permission/lifetimes=] vary across user agents, but they

`

``

414

`+

are typically time-based (e.g., "a day"), or until browser is closed,

`

``

415

`+

or the user might even be given the choice for the permission to be

`

``

416

`+

granted indefinitely. The permission [=permission/lifetimes=] dictate

`

``

417

`+

how long a user agent [=permission/grants=] a permission before that

`

``

418

`+

permission is automatically reverted back to its default [=permission

`

``

419

`+

state=], prompting the end-user to make a new choice upon subsequent

`

``

420

`+

use.

`

``

421

`+

`

``

422

`+

`

``

423

`+

Although the granularity of the permission [=permission/lifetime=]

`

``

424

`+

varies across user-agents, this specification urges user agents to

`

``

425

`+

limit the lifetime to a single browsing session by default (see

`

``

426

`+

[[[#check-permission]]] for normative requirements).

`

``

427

`+

`

``

428

`+

`

397

429

`

`

398

430

`

`

399

431

` Privacy considerations for recipients of location information

`

`@@ -835,13 +867,23 @@

`

835

867

`

`

836

868

`

`

837

869

`

`

838

``

`-

`

``

870

`+

`

839

871

`

`

840

872

` Check permission

`

841

873

`

`

842

874

`

`

843

875

` The Geolocation API is a [=default powerful feature=].

`

844

876

`

`

``

877

`+

`

``

878

`+

The user agent MAY suggest time-based [=permission=]

`

``

879

`+

[=permission/lifetimes=], such as "24 hours", "1 week", or choose to

`

``

880

`+

remember the permission [permission/grant=] indefinitely. However, it

`

``

881

`+

is RECOMMENDED that a user agent prioritize restricting the

`

``

882

`+

[=permission=] [=permission/lifetime=] to a single session: This can

`

``

883

`+

be, for example, until the [=environment settings object/realm=] is

`

``

884

`+

destroyed, the end-user [=navigates=] away from the [=origin=], or

`

``

885

`+

the relevant browser tab is closed.

`

``

886

`+

`

845

887

`

`

846

888

` When instructed to check permission, given a

`

847

889

`` {{PositionErrorCallback}}? |errorCallback:PositionErrorCallback|:

``