Site permissions UI

Justin Dolske dolske at
Tue Apr 9 23:04:27 UTC 2013

What should we do to improve site-based permissions? I'm signing us up 
(Dao, specifically ;-) for a Q2 goal to improve the state of 
permissions, and would like to bounce a couple of ideas around...

Why / Scope:

We're adding more and more permissions -- Geolocation has been the 
canonical example of this kind of UI, and since we shipped it in Firefox 
3.5 we've added a slew of new permissions. As one (rough) metric, we 
went from Firefox 4 having just 4 doorhanger anchors, to *14* as of 
today. And more are coming!

I think we've got pretty good UI for handling the prompting for user 
permission, but we've generally not put much effort into having good UI 
to indicate what permissions are active or revoking a permission 
afterwards. We've got Page Info --> Permissions, but that's fairly well 
hidden. We've also got about:permissions, but I'm going to posit that a 
full-blown permissions manager is a Hard Problem, and that we can 
significantly improve things without needing to crack that nut. [i.e., 
"fix about:permissions is out of scope".]

Design / design goals:

Chrome ( puts this info in a less-hidden 
location; it's a promising approach although I think they've got all the 
details wrong. :) Steven did a mockup some time ago of an better version 
for Firefox: This seems like a good 
starting point for design iteration.

I'd like for this new UI to be able to address a few purposes (although 
perhaps not all in the initial version):

* Indication of which permanent ("always" / "never") permissions have 
been granted to a page, and allow revoking of such. (This would be the 
minimal requirement to allow removing the Page Info UI).

* Indication of which permissions have actually been granted/denied for 
the page (even on a temporary basis). AKA the things the page is 
actually using (or has attempted to use). Revoking doesn't need to be 
possible (since you can reload the page), but maybe we get it for free 
from the last point.

* Notification that there are permissions (permanent? temporary? both?) 
in play on the page. Strawman: glow the site identity icon as a cue to 
look at what's going on. There was also the idea (dating back to 
geolocation's landing?) that upon granting a permission the icon would 
stick around. Thus serving both as a reminder that the site is tracking 
your location, and as a way to revoke the permission. We already do 
something similar for WebRTC (a global toolbarbutton to show what A/V 
devices are in use), and are talking about having the doorhanger icon 
stick around for plugins (see last week's "Multiple Plugin CTP Cases" 
thread on this list). Is there a consistent UI that would fit a general 
need for most permissions?

Also, as an implementation detail, I've heard requests to make adding 
permissions easier, since each patch adding one has to do a bunch of 
boilerplate work to hook up UI. I'm not sure if there's much we can 
actually do to make this easier, but it's worth considering... Some kind 
of handwavy way to simply associate a permission type with some strings 
and icons, and then all the prompts and indicators magically work.


More information about the firefox-dev mailing list