- From: Robin Berjon <robin@berjon.com>
- Date: Mon, 16 Jan 2012 12:53:16 +0100
- To: Noah Mendelsohn <nrm@arcanedomain.com>
- Cc: "www-tag@w3.org" <www-tag@w3.org>
On Jan 13, 2012, at 22:16 , Noah Mendelsohn wrote: > On 1/13/2012 2:40 PM, Robin Berjon wrote: >> I'm happy to pick up Dan's work on API Minimisation wherever he leaves >> off (Dan: feel free to finish it before the end of the month though >> ;-). I wonder if it should be related to the API design document[0] >> that's recently been started (but that's a rather major undertaking). > > Picking up work before you're asked is definitely a way to ingratiate > yourself with the chair, thank you. That said, we generally do these things > by consensus, so whether we want to continue to invest in this is a > question I will put before the TAG as a whole. Sure thing. It's just that since the product page says "the TAG will consider restaffing this effort as new members join" and the concept of API minimisation came from DAP, I didn't expect the consensus to give me much choice in this matter :) Dan's current draft is good, but I think that it's missing a discussion of fingerprinting since that's another aspect of minimisation (see http://panopticlick.eff.org/). There are best practices emerging around this that are well worth documenting IMHO. A good example is the Gamepad API (http://dvcs.w3.org/hg/webevents/raw-file/default/gamepad.html) where the page cannot discover the presence of an attached gamepad unless it has been interacted with by the user. > You can probably figure out from the other product pages linked at [1] what > sort of plans we try to put in place before investing in serious project > work, I.e. setting out overall project goals, success criteria (which > typically should include actual impact on the community, as opposed to just > "we shipped a document"), proposed dates for deliverables, etc. Suggestion: > would you care to draft a proposed revision to the API Minimization product > page at [2], giving your ideas on what we should do and when? That would, > IMO, be an excellent basis for discussion with the group. Sure, I can do that in the next two weeks. > For now, please either attach any proposed drafts to an e-mail, or else > check them in under some convenient name in TAG space if you have the > appropriate CVS access (you should, but we may have to take care of that > with the team.) If and when the TAG approves this as a plan, I'll copy it > into the space below [1]. I'm getting "Permission denied" for my key at this point, I'll sort that out with the Team. > Please give some thought to whether this is part of the minimization project. I suspect not. If that's the case, then we'll need to consider whether to broaden the scope of the "product" on APIs to include security as well, or whether to propose it as a separate piece of TAG work. Either way, maybe you could start with an e-mail giving a bit more background on this concern? It's definitely larger than minimisation. I need to gather my notes on the topic — I'll put those together in an email (listing at least the problems — a complete discussion of the solutions would be for the document). -- Robin Berjon - http://berjon.com/ - @robinberjon
Received on Monday, 16 January 2012 11:54:27 UTC