Re: Automatic Entry and Forms

Murray Altheim (murray@spyglass.com)
Fri, 23 Feb 1996 11:10:33 -0400


Message-Id: <v02110103ad52dd1bf63f@[140.186.34.50]>
Date: Fri, 23 Feb 1996 11:10:33 -0400
To: Robert Hazeltine <rhazltin@bacall.nepean.uws.edu.au>
From: murray@spyglass.com (Murray Altheim)
Subject: Re: Automatic Entry and Forms
Cc: hallam@w3.org, www-html@w3.org

Robert Hazeltine <rhazltin@bacall.nepean.uws.edu.au> wrote:
>On Thu, 22 Feb 1996, Phillip M. Hallam-Baker wrote:
>
>> Here is a proposal on Automated Forms Filling
>
>Someone has finally put a proposal together so forms can be filled in
>authomatically.  I have watched the discussion grow to this point but I
>think the stage has come to insert <REALITY CHECK> into the thread.
>
>The number of permutations of data sets and the purposes to which they
>can be put is staggering.  To organise such into a manageable scheme
>seems more daunting than setting up the web.

Robert,

No question here. But there's no need to standardize *all* fields, just
commonly-used ones, such as name, address, phone, PGP key, etc. Several
dozen at most.

>[...] I am a fairly consistent user of the Internet, and I have *not
>once* felt the urge to use an application that automatically gave someone
>information about myself [...].
>
>Even if it can be done, get real.

I've been on the Internet since the early 1980's, and neither have I. But
perhaps you haven't thought about where this might be a real benefit. We as
users aren't currently using the Internet in ways that have been
envisioned. Let's remember that once secure transactions are commonplace,
shopping and other types of financial and information transfer transactions
will occur regularly, maybe many times per day. This won't just be from
your home or office computer, but from qiosks and other venues. You
certainly won't want to be hand-entering data each time you use a service.

I would make a recommendation: make it an registration scheme (possibly
through IANA), where a registered field name would be accompanied with a
text description. If the form designer agreed that the text description
matched the input requirement, they'd use the registered field name. The
repertoire of registered names will always be smaller than the need, but
for commonly-used field names (which is really your scope anyway), this
might serve very well. This would also serve as a central point for both
form designers and users to understand the field definitions.

Specialized application areas might register fields used within their
discipline, so perhaps a registration field called 'scope' or 'application
area' might be helpful, with 'General' being default for things like name,
address, phone, etc.

There is obviously a question of centralization vs. decentralization here,
but for purposes of commonality of input, centralization seems preferably
IMO. The template URI could in either case reside with IANA (or its
location could be registered) or on a local system, and if so we'd probably
just want some flag in the field name or template designation.

I think I share your concern with this proposal that a particular UA or
server combination might be able to auto-generate a response containing
user information on simply viewing a page. I'd hate to devise a feature
capable of allowing servers or external agents to capture unencrypted
private information without the user's knowledge. Given that some scenarios
visage each workstation also becoming a server, it seems possible that a
robot could query each workstation for that personal data. Some privacy
safeguards would seem absolutely necessary.

Just some spurious thoughts on a Friday...

Murray

______________________________________________________
    Murray Altheim, Program Manager
    Spyglass, Inc., Cambridge, Massachusetts
    email: <mailto:murray@spyglass.com>
    http:  <http://www.stonehand.com/murray/murray.htm>