W3C Workshop on Permissions and User Consent Call for Participation
Sensors, devices, and rich Web APIs bring novel and complex threats to user privacy along with their heightened capabilities. Users may have trouble understanding the nature of the information they disclose and the threats presented by those disclosures. Deciding when and how to seek a user’s consent (“permission”) or when that consent can be inferred or bypassed has been challenging, with different APIs, operating systems, and browsers handling things in different ways.
This workshop brings together security and privacy experts, UI/UX researchers, browser vendors, mobile OS developers, API authors, Web publishers and users to address the privacy, security and usability challenges presented by the complex and overlapping variety of permissions and consent systems that are currently presented for hardware sensors, device capabilities and applications on the Web.
The scope includes:
- user consent;
- bundling of permissions;
- lifetime/duration of permissions;
- permission inheritance to iframes and other embedded elements;
- relation to same origin policy;
- UIs and controls;
- interaction with private browsing modes;
- implicit permission grants;
- progressive permission grants;
- cross-stack permissions: how OS, browser, and web app permissions interact;
- permission transparency;
- relation to regulatory requirements;
- special considerations for systems that use the browser as a pass-through (e.g. EME and Web Authentication); and
- permissions/transparency/UI as it relates to display-less devices that connect to the Internet.
We aim to share experiences and user studies, leading to common understanding of when and how to seek user consent for use of various Web platform capabilities. We expect this workshop to lead to concrete and consistent guidance for API authors and implementers and to identify areas for further standardization or research. An important take-away from this workshop should be guidance on how Permissions APIs should be designed, both now and in the future, considering the rapid evolution of the web platform.
This workshop will build on the meeting on trust and permissions for Web applications held in 2014.
How can I participate?
Attendance is free for all invited participants and is open to the public, whether or not W3C members.
If you wish to express interest in attending, please fill out the application form. The application form asks several questions about your background and ideas; please give these questions serious thought. In addition to the application form, you are encouraged to submit a presentation topic in the form of a position statement.
Because the venue has limited space, you must receive an acceptance email in order to attend. You might wish to defer making non-refundable travel arrangements until you receive an invitation. Be sure to keep an eye on these important dates.
Our aim is to get diverse attendance from a variety of industries and communities, including:
- User and usability researchers;
- Privacy researchers;
- Regulators / policymakers;
- Privacy advocates; and
- Persons with expertise and/or experience related to accessibility, multilingual requirements, low connectivity environments, and the particular privacy needs of vulnerable individuals or communities