On 04/10/2012, at 14:14, "ptheriault" <[email protected]<mailto:[email protected]>> wrote:
On Oct 4, 2012, at 7:40 PM, Antonio Manuel Amaya Calvo wrote: Hi there. On 04/10/2012 11:13, ptheriault wrote: Just to revisit the original topic of this thread- am I right in assuming that there is no permission associated with this API planned for basecamp? or is that still an open decision? According to https://mxr.mozilla.org/mozilla-central/source/dom/apps/src/PermissionsInstaller.jsm#158 there's a permission and is set to ALLOW to certified and DENY for all the rest, which isn't consequent with what the wiki said. https://mxr.mozilla.org/mozilla-central/source/dom/apps/src/PermissionsInstaller.jsm#158 is copied from version 0.2 of the matrix, which was done prior to the current version on the wiki. The current wiki came from the first post in this thread: https://groups.google.com/d/topic/mozilla.dev.webapps/Sff8MqFSO4E/discussion Independently on what's approved finally for the API, I think the original (what the wiki said, ALLOW for all) makes more sense. Maybe making it PROMPT for privileged and installed if finally receiving a notification automatically launches the app. Ok, I have set the permissions in the final basecamp matrix (https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdHNlbDBDUGMzUzJSdFYyNEZjcngtUWc#gid=0) to implicit for all apps and deny for regular web content. as the wiki originally said. As for prompting, there was some discussion in the previous thread - I proposed the same as you have stated above, but from a privacy perspective, not due to the automatic app launch issue. The arguments against prompting were that it is not really something the user will understand the implications of, and there are already other existing channels by which apps could achieve the same effect which don't require prompting. The privacy review needs further input (https://wiki.mozilla.org/Privacy/Reviews/Push_API) but I'm not sure that prompting really helps a great deal from a privacy perspective, and it goes against the principles of the security model to make the user's make a decision that they don't understand. As for an automatic launch perspective, prompting doesn't improve the situation in my opinion. Given the UI implications, I think we should leave it as implicit (for all apps, but not web content) unless there is a strong reason to introduce prompting for version one. Ok, fair enough. Still, that means, IMHO, that apps should not be activated when a notification is received. Letting someone remote choose when something is run on my device is something that makes me nervous. But that's an argument not for here nor now :) Best regards, Antonio Best regards, Antonio On Sep 27, 2012, at 7:26 PM, Guillermo López wrote: 2012/9/27 Guillermo López <[email protected]<mailto:[email protected]> <mailto:[email protected]>> 2012/9/27 Justin Lebar <[email protected]<mailto:[email protected]> <mailto:[email protected]>> > Yeah, that was my understanding too, but then I was told that > notifications actually launched the app if it wasn't running in the > first place. I would be curious to learn when this switch was made. The protocol implemented by Telefonica in the bug forces us to wake up the app on every notification, but everyone I've spoken with has said that they thought we were doing this differently. So I wonder at what point a decision was made to switch, and why. Hi, see: https://bugzilla.mozilla.org/show_bug.cgi?id=763198#c17 and comment 19 I talked with Jonas on IRC about the different options, and we agree that the solution in the comment 19 is the best one given our use case. Apart from what we agree: 1) This copies the behavior of Android: push notifications that can wake up the app if it's closed to do whatever the app wants: show a notification, update the data on background, or request a full sync. 2) This is more flexible to the developer, since if you show a visual notification that the user need to agree to get some action taken by the app, this can lead in a lost of information in the moment. 3) This will wake up the app, but it should be enough to *parse* the message and do whatever it wants. (Even to kill itself? I don't know). Cheers, Guillermo Personally, I don't think that waking up the app is so bad; it allows us to make the API simpler in many respects. But that's a separate question from wanting to know why we changed. On Wed, Sep 26, 2012 at 6:08 PM, Antonio Manuel Amaya Calvo <[email protected]<mailto:[email protected]> <mailto:[email protected]>> wrote: > On 26/09/2012 23:09, ptheriault wrote: >> >> Antonio, >> >> I was surprised to see that too - my guess is that it was a guess from >> long ago before push API was defined. On monday I created a version 1.0 of >> the matrix with many updates and corrections (including this) and sent it to >> the b2g list. Below are links to the new matrix, and the change log/question >> list: >> >> Permissions Matrix 1.0: >> https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdHNlbDBDUGMzUzJSdFYyNEZjcngtUWc >> 1.0 version changes: https://etherpad.mozilla.org/permissionmatrixupdates > > > Thanks for the new version, somehow I missed that update. > > >> >> (for reference, the change I made was to update permissions to match the >> wiki. Also I wasnt sure if there is a Mgmt API which allows the system to >> know what push notifications are registered?) >> >> Now to your concern about apps launching - is your fear that apps can keep >> themselves running by sending push notifications? >> My understanding of the way Push Notifications were handled was that there >> was user interaction in the process - i.e. they show up in the notifications >> tray, and then, only after the user has tapped on the notification the app >> is relaunched. > > > Yeah, that was my understanding too, but then I was told that > notifications actually launched the app if it wasn't running in the > first place. Which if finally is what sees the light, makes it an > explicit permission (at least) in my book :) > > Best regards, > > Antonio > > >> >> Regards, >> Paul >> >> >> On Sep 26, 2012, at 8:34 PM, Antonio Manuel Amaya Calvo wrote: >> >>> Hey Paul. >>> >>> I've seen that on the permission matrix at >>> >>> https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E&pli=1#gid=0 >>> the PushAPI is reserved to certified apps only, when it used to be a >>> Public API (according to >>> https://wiki.mozilla.org/WebAPI/Security/pushNotificationsAPI at least). >>> >>> Do you know why and when was that changed? >>> >>> I was in fact going to suggest either changing the way the system treats >>> notification currently (from what I've been told, the system *launches* >>> the app if it isn't running, which isn't good) or at least making it an >>> explicit permission for anything less than privileged, but just removing >>> the permission completely for anything less than certified seems a >>> little bit extreme. >>> >>> Best regards, >>> >>> Antonio >>> >>> >>> -- >>> Antonio Manuel Amaya Calvo_/ / _ /Security&Trust on N&S >>> email: [email protected]<mailto:[email protected]> <mailto:[email protected]> / _ _/ ( / Telefonica I+D >>> Tlf.: +34-91.312.98.95 <tel:%2B34-91.312.98.95> _/ _/ \__/ D. Ramón de la Cruz 82 >>> Fax : 28006 Madrid, SPAIN >>> >>> ________________________________ >>> >>> Este mensaje se dirige exclusivamente a su destinatario. Puede consultar >>> nuestra política de envío y recepción de correo electrónico en el enlace >>> situado más abajo. >>> This message is intended exclusively for its addressee. We only send and >>> receive email on the basis of the terms set out at: >>> http://www.tid.es/ES/PAGINAS/disclaimer.aspx >> >> testResults['bluetooth'] >> > > -- > Antonio Manuel Amaya Calvo_/ / _ /Security&Trust on N&S > email: [email protected]<mailto:[email protected]> <mailto:[email protected]> / _ _/ ( / Telefonica I+D > Tlf.: +34-91.312.98.95 <tel:%2B34-91.312.98.95> _/ _/ \__/ D. Ramón de la Cruz 82 > Fax : 28006 Madrid, SPAIN > > ________________________________ > > Este mensaje se dirige exclusivamente a su destinatario. Puede consultar > nuestra política de envío y recepción de correo electrónico en el enlace > situado más abajo. > This message is intended exclusively for its addressee. We only send and > receive email on the basis of the terms set out at: > http://www.tid.es/ES/PAGINAS/disclaimer.aspx > _______________________________________________ > dev-b2g mailing list > [email protected]<mailto:[email protected]> <mailto:[email protected]> > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-b2g mailing list [email protected]<mailto:[email protected]> <mailto:[email protected]> https://lists.mozilla.org/listinfo/dev-b2g -- Guillermo López [willyaranda]. Mozilla Reps Mentor. http://mozilla-hispano.org <http://mozilla-hispano.org/> http://twitter.com/mozilla_hispano http://facebook.com/mozillahispano Certified Mozillian: https://mozillians.org/willyaranda -- Guillermo López [willyaranda]. Mozilla Reps Mentor. http://mozilla-hispano.org <http://mozilla-hispano.org/> http://twitter.com/mozilla_hispano http://facebook.com/mozillahispano Certified Mozillian: https://mozillians.org/willyaranda ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
