Authorized clients

Jasper St. Pierre jstpierre at mecheye.net
Tue Jan 7 12:00:31 PST 2014 

On Tue, Jan 7, 2014 at 2:43 PM, Pekka Paalanen <ppaalanen at gmail.com> wrote:

> On Tue, 7 Jan 2014 14:26:36 -0500
> "Jasper St. Pierre" <jstpierre at mecheye.net> wrote:
>
> > On Tue, Jan 7, 2014 at 9:07 AM, Martin Peres
> > <martin.peres at free.fr> wrote:
> >
> > > Would it be ok for you if the compositor asked the user to
> > > agree for the program to
> > > do the operation? If so, we can guarantee that this is really
> > > the user's intent and
> > > allow the application. We can also add a security warning with
> > > a "Do not ask again"
> > > checkbox. Would it be satisfactory to you?
> > >
> >
> > The user opened up a screen recording app. The user's intent is
> > very much to record the screen. We don't need to ask the user
> > again with a prompt.
>
> For just screenshooting and recording, how about a simple setting
> "allow all programs capture the screen? yes/no" in the compositor's
> configuration dialog? Since it sounds like any automatic
> authentication/authorization scheme is going to hit cornercases.
>

Because I don't want my weather app broadcasting my porn preferences to
Twitch.tv. Android solves this by telling the user up-front what the app is
requesting access to, and (experimentally) allowing the user to turn off
fine-grained access for any component.

I think we need some way to request permissions, but it's up to the
compositor to determine how these are granted. If it's a modal "yes/no"
dialog, or if it's a lookup based on the application ID, or a blanket
policy doesn't matter, the client just gets back a "go ahead" or a "nope"
in response.

This is very similar to PolicyKit, so talking with David Zeuthen might be
useful here if he has any work in the area to make PolicyKit more like an
Android model.

With that, write a screenshooting protocol interface, that is
> bindable for all clients, and informs the client whether capturing
> at will is allowed or not. When not, the client can show an
> informational message "Screen capturing is disabled in your
> compositor preferences."
>
> Make that support dynamic enable/disable and make access denied a
> non-fatal error.
>

-- 
  Jasper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20140107/4aa29ebb/attachment.html>

More information about the wayland-devel mailing list