Declarative details are useful, but rather than creating a declarative sublanguage in JSON strings, why not use the declarative properties of HTML?
It would also be helpful to encourage developers to declare their capabilities and explanations in the content that they display to users:
- decrease abuse, so that developers can't put a different secret justification in the JSON that they tell the user in HTML
- help developers keep content in sync, so they don't accidentally update one but not the other
- encourage developers to tell their users directly what the site is doing
If we defined a method for explanation/justification/declaration in HTML around a capability or permission element, the browser could then consume and log those explanations, and surface it in things like prompts/settings in case the user is reviewing it later.
See one example discussion/proposal in digital credentials:
w3c-fedid/digital-credentials#208
Declarative details are useful, but rather than creating a declarative sublanguage in JSON strings, why not use the declarative properties of HTML?
It would also be helpful to encourage developers to declare their capabilities and explanations in the content that they display to users:
If we defined a method for explanation/justification/declaration in HTML around a capability or permission element, the browser could then consume and log those explanations, and surface it in things like prompts/settings in case the user is reviewing it later.
See one example discussion/proposal in digital credentials:
w3c-fedid/digital-credentials#208