Disposition documentation added - Web Intents

The old Google Groups will be going away soon, but your browser is incompatible with the new version.

« Groups Home

Web Intents

Home

Discussions

About this group

Join this group

Message from discussion Disposition documentation added

Greg Billock

View profile

More options Sep 26 2011, 2:05 pm

From: Greg Billock <gbill...@google.com>

Date: Mon, 26 Sep 2011 11:05:59 -0700

Local: Mon, Sep 26 2011 2:05 pm

Subject: Re: Disposition documentation added

Print | View thread | Show original | Report this message | Find messages by this author

(I've been out on vacation. Will try to clarify a couple things inline.)

On Wed, Sep 21, 2011 at 6:55 AM, Sean Eagan <seaneag...@gmail.com> wrote:
> > We envision the 'inline' display replacing the service selection
> components
> > of the picker UI.

> If all of the service selection UI is replaced, what useful remaining
> picker UI will exist to distinguish it from any arbitrary bubble,
> dialog, panel, etc. ? If none, then why would the service care to be
> displayed there ?

The idea is that being displayed inline will be a more seamless user
experience -- they haven't really navigated away from the page, so they can
enter descriptions, copy-paste text, etc. from the context page. The
"window" disposition feels more like a navigation. Sometimes that's probably
appropriate, but for many actions, it's a bit abrupt.

> > For some intents, though, it might be
> > better to basically layer on top of the existing (client) page context,
> so
> > the user can maintain a better mental image of what's going on with the
> > intent work flow, and perhaps interact with the client page (i.e.
> copy-paste
> > a title or something).

> We agree on the use case of keeping the service UI in context with the
> client UI. I believe that allowing the client to embed the service
> directly within the page accomplishes this best. Regarding your
> phishing concerns with embedded content, iframes fall into this
> category, do you believe iframes should be deprecated because of this
> ? The component model [1] also enables embedded content, do you
> believe it should not ?

There are definitely clickjacking and phishing concerns with iframes.
Developers have to pay a lot of attention to them. For this context, there's
no way an intent service could know that it is being deployed in an iframe
"involuntarily" and hence clickjacked. Since the services are likely to be
ones that require login, that's a huge problem.

> I agree the next best way to preserve context is to display the
> service within the same tab or window as the client, as with an
> "inline" disposition. However, I don't think the service should load
> "within the picker". There should be a clear distinction between the
> picker and a given service. For one thing, a service could
> potentially spoof the picker UI. Also, consider a service loading
> within the picker and then subsequently kicking off a "nested" intent,
> where should the picker for the nested intent load ?

In our prototypes, we're using a "spoof-proof" bubble which is displayed in
a way that web content can't copy -- the surface overlaps with browser
chrome, which content cannot do. Whether this is a sufficient guard against
phishing remains to be seen, but browsers are using this mechanism to defeat
phishing, so users at least in theory are aware of the UI.

> Also, it ought to be clear to the user from which context a given
> intent was launched. Thus, the picker for a given intent should have
> some way to visually link itself to the browsing context which
> initiated the intent. Having multiple browsing contexts within the
> same tab or window, as with "inline" and embedding, may make this
> difficult. One thing which may help is requiring browsing contexts to
> have focus in order to initiate intents, and possibly making the
> picker "modal" so that users do not switch browsing contexts and
> forget which one initiated the intent. I believe the android intents
> picker is modal.

> So far we have mostly been discussing regular browsing contexts as
> being the clients, however, there are many use cases for the UA itself
> to be a client. For example, the UA may initiate an intent based on
> something typed into the location bar, or a context menu click. I'm
> not sure how "inline" will make sense when there is no client browsing
> context.

These are all great questions, and we don't have final answers for pretty
much any of them. :-) The question of intent picker modality is open, as is
that of simultaneous and nested intents. The mental model guiding us is that
intents are only triggered by direct intentional user action. That is, some
control they click or tap on. (Of course, that can be subject to
exploitation, as pop-unders on clicking on text areas shows. We don't have a
final answer for things like that.) The idea, then, is that when the user
makes that action, they are presented with a UI within the current browsing
context. The trade-off there is spoof-proofing the UI surface and anchoring
it to the element of content which originated the action. But as you say,
sometimes the UA itself may originate the action (i.e. a context menu). In
trading off these various concerns, we've settled on a prototype that uses
the spoof-proof bubble.

> > Perhaps we'll conquer the problem of managing
> > a visually consistent language for displaying any UI indications needed
> on
> > bubbles vs. tabs (or panels as well, in ChromeOS). For now, we're not
> > confident enough in our ability to solve this problem to want to tightly
> > couple the success of intents to solving that problem.

> Assuming the picker consists of a UI component which has not
> previously been used to host arbitrary web content, such as a bubble,
> doesn't loading services within the picker as with "inline" just add
> this new UI component to the list in which the UA must provide a
> consistent UI ?

> > This is a great discussion. We've pretty much talked ourselves out of
> having
> > a "background" disposition at this point, and believe me, it'd be great
> to
> > get an good way to think about getting rid of "disposition" altogether.
> :-)
> > I don't think we've done it yet, but I think we've identified some of the
> > key problems that need to be solved to really make that the compelling
> way
> > forward.

> My core arguments against the disposition concept as is are:

> * It is a problem which all web content faces, not just
> web-intents-loaded content, and thus its solution should be accessible
> to all web content
> * Services do not want the same disposition on all platforms and form
> factors, so they should not be registering a priori, but rather at
> runtime when they have access to such information
> * The client and user should have ultimate control over the
> disposition of the service since they know their own use case the best
> * Unnecessary complexity

> [1] http://wiki.whatwg.org/wiki/Component_Model

> Thanks,
> Sean Eagan

Good summary. The kinds of concerns we have for this are definitely not
unique (iframes, content spoofing, monolithic namespace among components on
a page). The idea that services may want to vary their disposition based on
platform is interesting, although presumably they can count on the
registration platform not changing character when they register. (That is,
they can adjust their disposition requests based on whether they see
themselves on a mobile vs. desktop UA.) I definitely agree that the UA has
veto power over the disposition, and the service can't dictate display
constraints very strongly without degrading the user experience.

-Greg

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy

Account Options