Support for image picker functionality?

[jg10-mastodon-social]

I just found out that Google Photos has disabled access to photo library APIs and replaced it with a photo picker API, with user privacy as an explicit motivation.

https://developers.googleblog.com/en/google-photos-picker-api-launch-and-library-api-updates/

The idea is effectively that a user should use an authorization agent to explicitly share individual photos/media items with the app rather than granting access to all photos. This seems broadly consistent with SAI's ethos, but its not clear to me how SAI should implement this.

In an app's access needs, is there a way for a shape tree to ask for access to the items selected dynamically by the user with a photo picker? There's currently a comment that access needs for specific data instances requires advance knowledge of the data instances, which this use case is explicitly trying to avoid.

data-interoperability-panel/proposals/specification/access-needs.bs

Lines 157 to 160 in dd62af0

	<td>[=Data Instance=]</td>
	<td>Request specific [=Data Instance=] of the registered
	[=shape tree=]. Requires advance knowledge of the
	[=Data Instance=]</td>

In a data authorization, either a single (whole) data registration or data instance would be specified. Presumably the picker use case would therefore require the server to create a new data instance with just the selected photos? The same would apply to a data grant.

data-interoperability-panel/proposals/specification/access-authorizations.bs

Lines 184 to 194 in dd62af0

	<td>hasDataRegistration</td>
	<td>A [=Data Registration=] for `registeredShapeTree`</td>
	<td>Links to a [=Data Registration=] of registeredShapeTree in a
	[=Data Registry=] that is a subject of the current
	[=Data Authorization=].</td>
	</tr>
	<tr>
	<td>hasDataInstance</td>
	<td>[=Data instance=] of `registeredShapeTree`</td>
	<td>Links to a [=Data Instance=] of registeredShapeTree in a
	[=Data Registry=].</td>

Based on this first reading, photo picker functionality would require either the authorization agent or the server to actively create data instances in response to requests, not just grant access to existing data instances. Or alternatively, resource indication would need to allow selection of multiple data instances.

The authorization agent primer seems to indicate that the former is not intended, and the latter might be possible (plural is used), but the spec doesn't seem to indicate that multiple data instances can be individually selected and indicated (singular seems to always be used)? Would separate data grants be made for each photo?

data-interoperability-panel/proposals/primer/authorization-agent.bs

Lines 110 to 111 in dd62af0

	An Authorization Agent is not responsible for modifying data instances. Sometimes it still needs to access them
	during [[#gathering-authorizations]] if the user wants to select specific data instances.

[elf-pavlik]

I think this would already be possible by app simply re-initializing authorization flow and user updating their selection of photos, assuming they used SelectedFromRegistry scope.

To be honest I think sai-js still needs some work to handle such re-authorization flow and UI to support image/audio/video previews.

There are probably some things that could improve UX for this 'add to selection' flow. And avoid user getting general authorization screen with shapetrees other than photos.

Also with PhotoAlbums and video/audio playlists user could give app access to it and inherited access to members of that list. In that case one could add specific media to relevant list/album. This is a distinct flow and would probably be used in different use cases.

@jg10-mastodon-social have you considered adding your use case to https://github.com/w3c/lws-ucs

[jg10-mastodon-social]

Thanks for the explanation!

To be honest, I was dismayed to learn of this change in Google Photos and frustrated that doing privacy right involves this kind of restriction.
I suppose I raise this here in the hope that people with better understanding of handling of the principle of least privilege can think through how best to handle it...

I haven't contributed a use case to lws before and don't currently feel capable of doing so.
Is there a particularly good example you'd recommend as a template?

[elf-pavlik]

Is there a particularly good example you'd recommend as a template?

Issue tracker in that repo uses github template when creating a use case

This is for example a use case which I submitted, not claiming it to be exemplary
w3c/lws-ucs#17