W3C home > Mailing lists > Public > public-xg-socialweb@w3.org > January 2010

Fwd: A comment on Security and Privacy Implications for Contact APIs

From: Harry Halpin <hhalpin@ibiblio.org>
Date: Wed, 27 Jan 2010 17:45:56 +0000
Message-ID: <b3be92a01001270945k75c4369ft2651c2d5fd08e14@mail.gmail.com>
To: public-xg-socialweb@w3.org
More from Thomas on how the privacy issue crops up even further, now
with Contact APIs. Are contacts like a filesystem?

---------- Forwarded message ----------
From: Thomas Roessler <tlr@w3.org>
Date: Wed, Jan 27, 2010 at 3:55 PM
Subject: Re: A comment on Security and Privacy Implications for Contact APIs
To: noah_mendelsohn@us.ibm.com
Cc: Thomas Roessler <tlr@w3.org>, public-device-apis@w3.org, www-tag@w3.org

On 27 Jan 2010, at 16:14, noah_mendelsohn@us.ibm.com wrote:

> For the above reasons, it seems to me that an appropriate mechanism for
> the contacts API will likely involve an ability not just to ask for
> permission, but to clarify the subset of the contacts for which access is
> being granted.  It may also be necessary to separate access for purposes
> of searching vs. access for purposes of display, transmission or
> republication.

It strikes me that an address book in some ways behaves similarly to a
file system:

Just like my file system includes some data that I'm happy to make
accessible to some web sites, my address book will include things like
a company's hotline.

And then there is the mobile phone number (or the complete dump of a
company's LDAP directory) that, if disclosed, will get me into real

This suggests that building the API so it deals with some specific
subset (and generally doesn't make decisions about the *entire*
address book) is really important.
Received on Wednesday, 27 January 2010 17:46:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:22:08 UTC