Site permissions UI
dolske at mozilla.com
Tue Apr 9 23:04:27 UTC 2013
What should we do to improve site-based permissions? I'm signing us up
(Dao, specifically ;-) for a Q2 goal to improve the state of
permissions, and would like to bounce a couple of ideas around...
Why / Scope:
We're adding more and more permissions -- Geolocation has been the
canonical example of this kind of UI, and since we shipped it in Firefox
3.5 we've added a slew of new permissions. As one (rough) metric, we
went from Firefox 4 having just 4 doorhanger anchors, to *14* as of
today. And more are coming!
I think we've got pretty good UI for handling the prompting for user
permission, but we've generally not put much effort into having good UI
to indicate what permissions are active or revoking a permission
afterwards. We've got Page Info --> Permissions, but that's fairly well
hidden. We've also got about:permissions, but I'm going to posit that a
full-blown permissions manager is a Hard Problem, and that we can
significantly improve things without needing to crack that nut. [i.e.,
"fix about:permissions is out of scope".]
Design / design goals:
Chrome (http://cl.ly/image/3V0Q1c3J1w2N) puts this info in a less-hidden
location; it's a promising approach although I think they've got all the
details wrong. :) Steven did a mockup some time ago of an better version
for Firefox: http://cl.ly/image/3u3M2w3O3w1X This seems like a good
starting point for design iteration.
I'd like for this new UI to be able to address a few purposes (although
perhaps not all in the initial version):
* Indication of which permanent ("always" / "never") permissions have
been granted to a page, and allow revoking of such. (This would be the
minimal requirement to allow removing the Page Info UI).
* Indication of which permissions have actually been granted/denied for
the page (even on a temporary basis). AKA the things the page is
actually using (or has attempted to use). Revoking doesn't need to be
possible (since you can reload the page), but maybe we get it for free
from the last point.
* Notification that there are permissions (permanent? temporary? both?)
in play on the page. Strawman: glow the site identity icon as a cue to
look at what's going on. There was also the idea (dating back to
geolocation's landing?) that upon granting a permission the icon would
stick around. Thus serving both as a reminder that the site is tracking
your location, and as a way to revoke the permission. We already do
something similar for WebRTC (a global toolbarbutton to show what A/V
devices are in use), and are talking about having the doorhanger icon
stick around for plugins (see last week's "Multiple Plugin CTP Cases"
thread on this list). Is there a consistent UI that would fit a general
need for most permissions?
Also, as an implementation detail, I've heard requests to make adding
permissions easier, since each patch adding one has to do a bunch of
boilerplate work to hook up UI. I'm not sure if there's much we can
actually do to make this easier, but it's worth considering... Some kind
of handwavy way to simply associate a permission type with some strings
and icons, and then all the prompts and indicators magically work.
More information about the firefox-dev