- The user, or the user agent on the user's behalf, has given [=express permission=] to
+ The user, or the user agent or an [=administrator=] on the user's behalf,
+ has given [=express permission=] to
use a [=powerful feature=]. The caller will can use the feature possibly without having
the [=user agent=] asking the user's permission.
@@ -242,7 +243,8 @@
Denied:
- The user, or the user agent on the user's behalf, has denied access to this [=powerful
+ The user, or the user agent or an [=administrator=] on the user's behalf,
+ has denied access to this [=powerful
feature=]. The caller will can't use the feature.
@@ -550,9 +552,11 @@
|settings|, returning |previousResult|, and the user agent has not received new
information about the user's intent since that invocation, return |previousResult|.
-
Return the instance of |name|'s [=powerful feature/extra permission data type=]
- that matches the UA's impression of the user's intent, taking into account any
- [=powerful feature/extra permission data constraints=] for |name|.
+
Return the instance of |name|'s [=powerful feature/extra permission data type=] that
+ matches the UA's impression of the user's intent, combined with any configuration from
+ an [=administrator=], taking into account any [=powerful feature/extra permission data
+ constraints=] for |name|. If [=administrator=] configuration affected the result, the
+ [=user agent=] must inform the user.
@@ -817,18 +821,31 @@
If current state is not {{PermissionState/"prompt"}}, return current
state and abort these steps.
If an [=administrator=] has configured the [=implementation=] to grant or deny
+ permission for the calling algorithm to use the powerful feature
+ described by |descriptor|:
+
+
Set |current state| to {{PermissionState/"granted"}} if the [=administrator=]
+ granted permission; otherwise to {{PermissionState/"denied"}}.
+
Inform the user of the [=administrator=]'s configuration.
+
-
If the user gives [=express permission=] to use the powerful feature, set |current
- state| to {{PermissionState/"granted"}}; otherwise to {{PermissionState/"denied"}}. The
- user's interaction may provide new information about the user's intent for the
- [=origin=].
-
- This is intentionally vague about the details of the permission UI and how the user
- agent infers user intent. User agents should be able to explore lots of UI within
- this framework.
-
If the user gives [=express permission=] to use the powerful feature, set |current
+ state| to {{PermissionState/"granted"}}; otherwise to {{PermissionState/"denied"}}. The
+ user's interaction may provide new information about the user's intent for the
+ [=origin=].
+
+ This is intentionally vague about the details of the permission UI and how the user
+ agent infers user intent. User agents should be able to explore lots of UI within
+ this framework.
+
+
+
Let |key| be the result of [=powerful feature/permission key generation
algorithm|generating a permission key=] with the [=current settings object=].
@@ -1308,6 +1325,24 @@
A user agent SHOULD provide a means for the user to review, update, and reset the
[=permission=] [=permission/state=] of [=powerful features=] associated with an [=origin=].
+
+ Some [=user agents=] support administrators who can
+ override user choices about permissions, either to block permissions or to allow them on
+ certain sites. Overriding user choices in this way can be a privacy problem, so this
+ specification requires that the [=user agent=] inform users when it happens.
+
+
+
+ These [=administrators=] might be able to configure either an individual [=user agent=] or
+ the device it runs on, or both. It can be a privacy problem for a device-level
+ [=administrator=] to control a [=powerful feature=] that primarily operates on a single
+ [=user agent=], and it can also be a privacy problem for a user-agent-level
+ [=administrator=] to control another [=powerful feature=] that operates on the device as a
+ whole. [=Implementations=] should take this into account when defining their administration
+ policies, but for now the details aren't standardized.
+