W3C

Device APIs and Policy Working Group Teleconference

03 Mar 2010

Agenda

See also: IRC log

Attendees

Present
Anssi_Kostiainen, Bryan_Sullivan, Claes_Nilsson, Dominique_Hazael-Massieux, Dzung_Tran, Frederick_Hirsch, Ilkka_Oksanen, Jesus_Martin, LauraA, Marcin_Hanclik, Marco_Marengo, Paddy_Byers, Richard_Tibbett, Robin_Berjon, Wonsuk_Lee, Mark_S_Miller, John_morris, Arve, Alissa, Thomas_Roessler
Regrets
Suresh_Chitturi
Chair
Robin_Berjon, Frederick_Hirsch
Scribe
Claes

Contents


<trackbot> Date: 03 March 2010

<paddy> I can scribe for 1 hr then I have to leave

<darobin> Scribe: Claes

<darobin> ScribeNick: Claes

<fjh> ScribeNick: Claus

<fjh> ScribeNick: Claes

Administrative

<fjh> F2F 16-18 March

<fjh> http://lists.w3.org/Archives/Public/public-device-apis/2010Mar/0043.html

look at draft agenda for f2f and comment on list

<fjh> Day 1, Tuesday, 16 March (10:00 - 17:00)

<fjh> Day 2, Wednesday 17 March (9:00 - 17:00)

<fjh> Day 3, Thursday 18 March (9-15:30)

<fjh> registration questionnaire http://www.w3.org/2002/09/wbs/43696/prague-2010/

Don't forget to answer questionnaire for f2f meeting

Dom: No bridge has been requested

Robin: Issue with using phone line for int calls

Robin to back on this

<dom> ACTION: Dom to reserve Zakim for Prague F2F [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action01]

<trackbot> Created ACTION-97 - Reserve Zakim for Prague F2F [on Dominique Hazaël-Massieux - due 2010-03-10].

<darobin> [we currently have 5 people who say they're interested in phone participation]

Minutes Approval

<fjh> http://lists.w3.org/Archives/Public/public-device-apis/2010Feb/att-0161/minutes-2010-02-24.html

<fjh> proposed RESOLUTION: Minutes from 24 February approved

RESOLUTION: Minutes from 24 February approved

Editorial updates

<fjh> pls look at policy requirements

<fjh> http://dev.w3.org/2009/dap/policy-reqs/#privacy-considerations

<fjh> privacy paper

<fjh> http://lists.w3.org/Archives/Public/public-device-apis/2010Feb/0174.html

Policy, privacy and security

Paddy: Feedback requested on my input

All in req doc

Alissa: Think of a way to formalize the different req we have

4 diff categories of reqs

Based on work in Geo-location work

<dom> Alissa's message on framework for privacy requirements (ref ACTION-77)

fjh: Article in NY Times on privacy issues. Fjh to forward

<fjh> ACTION: alissa to provide draft text for requirements document summarizing 4 privacy aspects and other suggested changes to privacy material [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action02]

<trackbot> Sorry, couldn't find user - alissa

<dom> ACTION: John to provide draft text for requirements document summarizing 4 privacy aspects and other suggested changes to privacy material [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action03]

<trackbot> Created ACTION-98 - Provide draft text for requirements document summarizing 4 privacy aspects and other suggested changes to privacy material [on John Morris - due 2010-03-10].

<dom> [Alissa hasn't been nominated to the group yet; I gave the action to John as a proxy for the time being]

<jmorris> dom, good, thanks

<dom> alissa, if you could look into getting officially nominated to the group as CDT rep, this would be useful

<alissa> sure

<fjh> claes - REST DAP Web Server to access to local resources

<fjh> proposal for how API access control through "user authorization" and/

<fjh> or "pre-arranged trust" through a policy framework can fit into a REST

<fjh> based architecture."

<fjh> http://lists.w3.org/Archives/Public/public-device-apis/2010Mar/0017.html

<fjh> claes notes this was based on prototype project

<fjh> ... goal to show architecture of device including local web server for accessing device resources

<fjh> ... how to implement security, including authentication and authorization

<fjh> http://lists.w3.org/Archives/Public/www-archive/2010Mar/att-0004/SEMC_-_Local_REST_APIs.pdf

<fjh> mark notes has looked at it briefly local web server acting as provider fits powerbox

Mark: This fits in the Powerbox

<fjh> claes notes have implemented authorization based on authenticated identity, but not prearrranged trust

<Zakim> fjh, you wanted to ask about javascript apis and policy

<fjh> ACTION: claes to provide more detailed proposal aligned with powerbox proposal [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action04]

<trackbot> Created ACTION-99 - Provide more detailed proposal aligned with powerbox proposal [on Claes Nilsson - due 2010-03-10].

bsulliva: Good ideas. Incorporate into Powerbox model.

<fjh> Powerbox and Privacy

<fjh> http://lists.w3.org/Archives/Public/public-device-apis/2010Mar/0023.html

fjh: Privacy information for user would help she to make a decsion

<fjh> My suggestion is that when user selects provider, could take privacy into account when making that decision

<jmorris> [dom, alissa is now a member of the WG, if it is possible to shift action-98 to her. But it can stay with me if it is simpler]

<dom> [thx, jmorris, ACTION-98 is now assigned to alissa]

<tlr> [P3P had automated negotiation in early versions, but abolished that later on]

Mark: No feedback that a Provider obeys the policy

Who is peaking?

speaking

<darobin> jmorris

<fjh> concern from mark - user not confuse privacy policy statement with enforcement

<fjh> concern from mark - policy might not be useful, like EULA

<fjh> similar to NYT article concern

<fjh> mark asks about use of P3P here?

<fjh> mark notes standard markings rather than reading text

<fjh> +1

jmorris: Multiple choice structure would help

<dom> Web Security Context Working Group

Can we pull in something from this WG?

<fjh> tlr notes tyler edited requirements note that might have some useful information

tlr: Standardizing UI practices is extremely hard

alissa: Might something between no policy expression at all and a strict policy

<fjh> jmorris notes there is a limited set of privacy policy points that are very important

<fjh> location - redistribution, retention

<fjh> ACTION: jmorris to share information on key important privacy policy aspects relevant to DAP [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action05]

<trackbot> Created ACTION-100 - Share information on key important privacy policy aspects relevant to DAP [on John Morris - due 2010-03-10].

UMP long thread....

<fjh> UMP, http://lists.w3.org/Archives/Public/public-device-apis/2010Mar/0016.html

<fjh> mark notes that CORS uses UMP as a mode of operation

Mark: Key thing is that the request to the provider must be a UMP message

fjh: Has an issue with dependencies

<fjh> robin notes could use subset of UMP, avoiding risks

Robin: We do not need the whole UMP spec, a subset ok

<fjh> OpenProvider Proposal for A/V Capture

<fjh> http://lists.w3.org/Archives/Public/public-device-apis/2010Mar/0021.html

richt: Powerbox falls down between the web app and the Provider

OpenProvider an E2E data exchange structure from the Provider to the Web App

Allow the OpenProvider to do user interaction

Essentially a basic container with extension nodes

Richt will spec this up during coming week

<fjh> mark asks if this is a replacement for mime type and class in powerbox

<fjh> richt notes this is complementary to powerbox

OpenProvider is based on OpenSearch

that makes it possible to install search providers in browsers

<fjh> richt notes that javascript api then links to browser opensearch extensibility mechanism

OpenProvider uses JS APIs to be able to transfer parameters

fjh asks how this integrates into the Powerbox model

Richt: explained by Robin's walkthrough (section?)

<fjh> richt notes that integration with Powerbox along line of data exchange as provided in Robin's walkthrough

<fjh> mark asks about layering on top of powerbox spec

Mark: Can OpenProvider be layered ontop of Powerbox?

<darobin> [I would like to point out that my walkthrough liberally filled out holes in bits of PB that I couldn't figure out — it's not representative of the original]

Richt: will spec this up and we can have a discussion

Mark: Powerbox is very simple and therefore proposing a layered decison

<Zakim> fjh, you wanted to ask about policy and WebIDL

<dom> Bryan's comments on OpenProvider

bsulliva: Proxy (Bondi PEP) similar as a mediator between the web app and the resource

<dom> Proxy provider, from Mark

Richt: Agress with Mark, OpenProvider brings more complexity but thinks it is useful

<fjh> ACTION: richt to have more detailed proposal regarding OpenProvider, discussing relationship to Powerbox [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action06]

<trackbot> Sorry, couldn't find user - richt

<dom> ACTION: richard to have more detailed proposal regarding OpenProvider, discussing [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action07]

<trackbot> Created ACTION-101 - Have more detailed proposal regarding OpenProvider, discussing [on Richard Tibbett - due 2010-03-10].

fjh: Help with privacy and policy at F2F requested. Submit suggestions on list

bsulliva: UWA wiki evolving aligment of properties

<dom> UWA Wiki

<darobin> hmpf

<darobin> well, anything else to bring up in APIs?

<darobin> I was asking if people would help out with trying out existing examples in REST/PB

<fjh> please complete actions before f2f http://lists.w3.org/Archives/Public/public-device-apis/2010Mar/ 0024.html

<dom> ACTION-96?

<trackbot> ACTION-96 -- Robin Berjon to rewrite existing examples as PowerBox -- due 2010-03-03 -- OPEN

<trackbot> http://www.w3.org/2009/dap/track/actions/96

<darobin> ah well

<darobin> so I'll be doing some of that, but if people want to help out, I'll be happy to take the help :)

<darobin> that's all — anything else in APIs?

<darobin> well if there's no AOB — let's all go to bed!

Sorry for spelling errors, trying to type fast :-)

<fjh> adjourned

Summary of Action Items

[NEW] ACTION: alissa to provide draft text for requirements document summarizing 4 privacy aspects and other suggested changes to privacy material [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action02]
[NEW] ACTION: claes to provide more detailed proposal aligned with powerbox proposal [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action04]
[NEW] ACTION: Dom to reserve Zakim for Prague F2F [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action01]
[NEW] ACTION: jmorris to share information on key important privacy policy aspects relevant to DAP [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action05]
[NEW] ACTION: John to provide draft text for requirements document summarizing 4 privacy aspects and other suggested changes to privacy material [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action03]
[NEW] ACTION: richard to have more detailed proposal regarding OpenProvider, discussing [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action07]
[NEW] ACTION: richt to have more detailed proposal regarding OpenProvider, discussing relationship to Powerbox [recorded in http://www.w3.org/2010/03/03-dap-minutes.html#action06]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $