W3C home > Mailing lists > Public > public-xg-socialweb@w3.org > January 2010

Fwd: A comment on Security and Privacy Implications for Contact APIs

From: Harry Halpin <hhalpin@ibiblio.org>
Date: Wed, 27 Jan 2010 17:45:56 +0000
Message-ID: <b3be92a01001270945k75c4369ft2651c2d5fd08e14@mail.gmail.com>
To: public-xg-socialweb@w3.org
More from Thomas on how the privacy issue crops up even further, now
with Contact APIs. Are contacts like a filesystem?


---------- Forwarded message ----------
From: Thomas Roessler <tlr@w3.org>
Date: Wed, Jan 27, 2010 at 3:55 PM
Subject: Re: A comment on Security and Privacy Implications for Contact APIs
To: noah_mendelsohn@us.ibm.com
Cc: Thomas Roessler <tlr@w3.org>, public-device-apis@w3.org, www-tag@w3.org


On 27 Jan 2010, at 16:14, noah_mendelsohn@us.ibm.com wrote:

> For the above reasons, it seems to me that an appropriate mechanism for
> the contacts API will likely involve an ability not just to ask for
> permission, but to clarify the subset of the contacts for which access is
> being granted.  It may also be necessary to separate access for purposes
> of searching vs. access for purposes of display, transmission or
> republication.

It strikes me that an address book in some ways behaves similarly to a
file system:

Just like my file system includes some data that I'm happy to make
accessible to some web sites, my address book will include things like
a company's hotline.

And then there is the mobile phone number (or the complete dump of a
company's LDAP directory) that, if disclosed, will get me into real
trouble.

This suggests that building the API so it deals with some specific
subset (and generally doesn't make decisions about the *entire*
address book) is really important.
Received on Wednesday, 27 January 2010 17:46:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 January 2010 17:46:29 GMT