W3C home > Mailing lists > Public > public-device-apis@w3.org > February 2010

Contacts API typical use cases and privacy considerations

From: Dominique Hazael-Massieux <dom@w3.org>
Date: Fri, 19 Feb 2010 10:59:14 +0100
To: "richard.tibbett" <richard.tibbett@orange-ftgroup.com>
Cc: public-device-apis@w3.org
Message-ID: <1266573554.3040.2757.camel@localhost>
Hi,

While trying to think of a good way to address the points raised by Noah
[1] and Richard [2] on how to restrict access to the addressbook data, I
came back to the main usage that I could see where this API would be
used on the Web at large (i.e. not in an downloadable app context) for
finding/reading data.

I came up with the following main use cases (which obviously are a
personal perspective, and very much up for discussion):
• auto-filling a form with my personal address and/or phone number (for
getting sent an item I just bought, making an hotel reservation, using
an eGov service)
• auto-filling a form with one postal address from someone I know (to
send them a gift)
• getting auto-completion on an email address of someone in my
addressbook (for on-line email, sending invitation to on-line services,
sharing content from a given Web site) [this would obviously also apply
to other fields, e.g. phone number, social network account, etc]
• sharing an arbitrary number of email addresses with an on-line social
network to expand my network

It's not obvious that the current Contacts.find() interface allows to
implement these simple use cases without opening a much wider than
needed access to the addressbook data.

In particular:
• for the two first use cases, the user would want to select one or two
pieces of information (address, phone number) from one entry in its
addressbook; a Web developer would want to provide a small icon (similar
to the calendar icon you get on many sites to pick a date) which would
let the user pick the said contact, and would get back to the page only
the selected address; I don't know how this can be achieved using the
current Contacts.find() without exposing the whole list of names and
addresses
• similarly, the auto-completion use case requires to call repeatedly
the Contact.find() method with a very broad access to the data

Both of these operations would seem to benefit from being brokered by
the browser to preserve as much of the privacy of the user as possible.

(I think Contacts.find() remains pretty useful for applications that
want to build on top of the addressbook, in possibly innovative ways
compared to what we can do today; but I think we should also address the
problems that already exist today)

Dom

1.
http://www.w3.org/mid/OFE390B98E.2E6FBE81-ON852576AB.00776921-852576B8.0053B66F@lotus.com
2.
http://www.w3.org/mid/18522_1265294902_4B6ADE36_18522_51007_1_355A518BC0575547B2A3D6773AAF8EEF8DB878@ftrdmel1
Received on Friday, 19 February 2010 09:59:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:06 GMT