Define and use a "threshold check algorithm" that concrete sensors can use.

Raphael Kubo da Costa · Raphael Kubo da Costa · commit 2eb7baa2f078 · 2021-12-15T17:11:43.000+01:00
Related to w3c/ambient-light#63, which says the granularity of the data exposed by Ambient Light Sensors should be specified normatively. This commit goes a bit further and lays out some of the scaffolding necessary to specify the anti-fingerprinting measures currently implemented by Chrome -- namely, not only are illuminance values rounded but there's also a threshold value check to avoid storing values that are too close to the latest reading. A new algorithm, the threshold check algorithm, can be defined by concrete sensors and is associated with a sensor type. It is invoked by the "update sensor reading" abstract operation when defined, and if it returns false, "update sensor reading" will abort and not update the `latest reading` map. A few other parts also had to be adjusted to make this work possible: - A platform sensor is now explicitly associated with a sensor type. - Extension sensor attribute getters are no longer normatively required to simply return the value of invoking "get value from latest readings", as `AmbientLightSensor.illuminance`'s getter needs to do extra work. We only require that the attributes be read-only now.
diff --git a/index.bs b/index.bs
@@ -512,6 +512,10 @@ might also help mitigate certain threats,
 thus user agents should not provide
 unnecessarily verbose readouts of sensors data.
 
+Implementations of concrete sensors may define a [=threshold check algorithm=]
+so that new readings that do not meet the [=reading change threshold=] when
+compared to the [=latest readings=] are discarded.
+
 Note: Inaccuracies will further increase for operations carried out on the
 [=sensor readings=], or time deltas calculated from the [=reading timestamp|timestamps=].
 So, this mitigation strategy can affect certain use cases.
@@ -806,11 +810,19 @@ A [=sensor type=] has a [=permission request algorithm=].
 A [=sensor type=] has a [=set/is empty|nonempty=] [=ordered set|set=] of associated
 [=policy-controlled feature=] tokens referred to as <dfn export>sensor feature names</dfn>.
 
+A [=sensor type=] may have an associated <dfn export>threshold check
+algorithm</dfn>, which takes as arguments two separate [=sensor readings=] and
+determines if the difference between them is higher than an
+implementation-defined [=reading change threshold=].
+
 <h3 id="model-sensor">Sensor</h3>
 
-The current [=browsing context=]'s [=platform sensor=] has an associated [=ordered set|set=]
-of <dfn>activated sensor objects</dfn>, which is initially [=set/is empty|empty=] and an
-associated <dfn>latest reading</dfn> [=ordered map|map=], which holds the latest available [=sensor readings=].
+The current [=browsing context=]'s [=platform sensor=] must have:
+- An associated [=ordered set|set=] of <dfn>activated sensor objects</dfn>,
+  which is initially [=set/is empty|empty=];
+- An associated <dfn>latest reading</dfn> [=ordered map|map=], which holds the
+  latest available [=sensor readings=].
+- An associated [=sensor type=].
 
 Note: User agents can share the [=latest reading=] [=ordered map|map=] and
 the [=activated sensor objects=] [=ordered set|set=] between different
@@ -1396,6 +1408,11 @@ It represents the {{DOMException}} object passed to {{SensorErrorEventInit}}.
     : output
     :: None
 
+    1.  Let |type| be |sensor|'s associated [=sensor type=].
+    1.  If |type|'s [=threshold check algorithm=] is defined, then:
+        1.  Let |result| be the result of invoking |type|'s [=threshold check algorithm=]
+            with |reading| and |latest reading|.
+        1.  If |result| is false, then abort these steps.
     1.  [=map/For each=] |key| → <var ignore>value</var> of [=latest reading=].
         1.  [=map/Set=] [=latest reading=][|key|] to the corresponding
             value of |reading|.
@@ -2041,10 +2058,8 @@ each [=sensor type=] in [=extension specifications=]:
     [=extension sensor interface=] if it cannot support the corresponding sensor
     options.
 
-    The [=extension sensor interface=] [=attributes=] which expose [=sensor readings=] are
-    [=read only=] and their getters must return the result of invoking
-    [=get value from latest reading=] with <strong>this</strong> and
-    [=attribute=] [=identifier=] as arguments.
+    The [=extension sensor interface=] [=attributes=] which expose [=sensor readings=]
+    must be [=read only=].
 
 -   A [=powerful feature/name=], if the [=sensor type=] is not representing
     [=sensor fusion=] (otherwise, [=powerful feature/names=]
