A meeting was held in Paris on 3-4 September 2014 to bring together browser vendors and other stakeholders to discuss next steps for work on trust and permissions for the Open Web Platform, based upon insights gained from experience with native app platforms, hybrid and proprietary Web platforms.
Meeting participants included Apple, Ericsson, ETRI, Gemalto, GM, Google, Intel, Microsoft, Samsung, Sony Mobile, and Qualcomm. We reviewed how permissions are handled in existing platforms, including current APIs in the Open Web Platform, as well as for iOS, Android, Windows Phone, Chrome Apps, Firefox OS and GM’s Web platform for automotive.
We then looked at what can be learned from research studies. Adrienne Porter Felt introduced her work towards comprehensive and effective permission systems. This includes a diagram depicting a decision graph for determining the most effective permission grant mechanism in any given context.
We also heard about the role of trusted UI where user actions implicitly grant permissions in an intuitive way. We continued with discussion of which considerations are important for the Open Web Platform and a review of a draft permissions testing API from Google.
The final session considered plans for future work, identifying areas of rough consensus, and areas where further work is needed to close the gap. We identified suggestions for existing W3C groups, and a proposal for a new Community Group to focus on best practices. For more details, see the meeting minutes and the plans for future work. We gratefully acknowledge Gemalto for hosting this meeting.