RE: ACTION-660: Input to BP2, on User Awareness and Control from Sullivan, Bryan on 2008-02-15 (public-bpwg@w3.org from February 2008)

From: Sullivan, Bryan <BS3131@att.com>
Date: Thu, 14 Feb 2008 23:47:56 -0800
To: <public-bpwg@w3.org>, "Holley Kevin (Centre) " <imceamailto-kevin+2eholley+40o2+2ecom@cingular.com>
Cc: <mark.cataldo@ORANGE-FTGROUP.COM>
Message-ID: <8080D5B5C113E940BA8A461A91BFFFCD05D93FF7@BD01MSXMB015.US.Cingular.Net>
Kevin,
Thanks, I will. I realize some of this has the flavor of the notifications that MExE/MIDP applications must provide given assignment to certain trust domains. Part of the objective is to generalize those things beyond the MIDP environment, and describe approaches to balancing notification/control with application trust. 
 
Best regards,
Bryan Sullivan | AT&T | Service Standards 
bryan.sullivan@att.com 

________________________________

From: Holley Kevin (Centre) [mailto:Kevin.Holley@o2.com] 
Sent: Thursday, February 14, 2008 11:36 PM
To: Sullivan, Bryan; public-bpwg@w3.org; mark.cataldo@ORANGE-FTGROUP.COM
Subject: Re: ACTION-660: Input to BP2, on User Awareness and Control



Dear Bryan and all,

Much of this sounds like the Mexe work developed by 3GPP around 1999-2003.

Probably worth checking that to avoid re inventing the wheel.

Regards,

Kevin


Kevin Holley
Manager, Application Standards
Group Technology
O2
Telefónica O2 Europe plc,

Direct Line: +44 1473 782214
Mobile: +44 7802 220811
Fax: +44 7711 752031
Email: kevin.holley@o2.com
IM: kevinaholley (MSN/Y!/AIM etc.)

www.o2.com


----- Original Message -----
From: public-bpwg-request@w3.org <public-bpwg-request@w3.org>
To: BPWG-Public <public-bpwg@w3.org>
Sent: Thu Feb 14 22:31:42 2008
Subject: ACTION-660: Input to BP2, on User Awareness and Control


Hi all,

This is one of a series of emails addressing ACTION-660. This thread
will address the requirements and recommendations for User Awareness and
Control in BP2.

Here is the current editor's draft text in the Requirements (2) and Best
Practice Statements (5) sections:
+++++
2.3 User awareness and control
Applications should ensure the user is aware of sensitive functions,
i.e. that may affect the service experience, and is offered some options
for user control.

5.3 User awareness and control
Users should be informed if applications will make automatic data
requests that can impact service cost.

Users should be informed of impacts to device memory (for application
code and data) due to installation and use of applications.

Users should be informed about the types of personal information (data
or contextual information, e.g. location) that will be used by the
application, and exchanged over network connections.

Informational notices should be provided during application selection,
install, on first runtime, or first use of sensitive functions.

Informational notices should provide an estimate of the impact so the
user can determine its significance.

Users should be given easy-to-use controls to personalize application
behavior, e.g.
- Configure automatic operations, e.g. content update schedules
- Manage data memory use
- Select privacy/security options

If user control over sensitive application functions is not provided,
users should be given the chance to opt-out for the function, or to
terminate the application.

User control preferences should be saved by the application to avoid the
need to reenter them each time the application is used.
+++++

[bryan] These recommendations address how informed the user is over the
consequences of application use, and how much in control they are for
sensitive functions. Providing user information and control is a
balancing act between simplicity of use (e.g. don't overburden the user
with information and control responsibilities) and protection. The
method and timing of notices is less important (overall) that the basic
assurance of them being provided, but the usability impacts will
nonetheless prompt specific method/timing guidelines re "how to do it".
One facet is the ability for applications to gain unprompted access to
network/data API's through the applications being signed by a trusted
authority, which can improve the usability aspects but should not
totally circumvent notice requirements. Some of these recommendations
may require usability-focused guidelines on how to do it, e.g. how to
estimate impact in ways the average user can understand. We welcome
suggestions for other recommendations in this area.

Best regards,
Bryan Sullivan | AT&T




This electronic message contains information from O2 which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address below) immediately.

 

Switchboard: +44 (0)113 272 2000

 

Telefónica O2 Europe plc Registered Office: Wellington Street, Slough, Berkshire SL1 1YP

Registered in England and Wales: 5310128 VAT number: GB 778 6037 85
Received on Friday, 15 February 2008 07:48:44 UTC