- From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
- Date: Thu, 19 Aug 2010 12:42:15 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/features
In directory hutz:/tmp/cvs-serv3917
Modified Files:
Overview.html
Log Message:
change BONDI URIs to strings, mention URI prefix. Reorder in tables,
put descriptions first. Shorten headings and descriptions. Revise
abstract and intro and document title.
Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/features/Overview.html,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- Overview.html 16 Aug 2010 15:41:51 -0000 1.16
+++ Overview.html 19 Aug 2010 12:42:13 -0000 1.17
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
- <title>Device API Features</title> <meta
+ <title>Device API Permissions</title> <meta
http-equiv='Content-Type'
content='text/html;charset=utf-8'/> <script src='../ReSpec.js/js/respec.js'
class='remove'></script> <script class='remove'>
@@ -22,39 +22,56 @@
</head>
<body>
<section id='abstract'>
- This document defines identifiers for Web Device APIs and their intended impact for security gating.
+ This document defines permission identifiers for Web Device APIs
+ and how they may be used in various contexts to enable access control.
</section> <!-- abstract -->
<section id='introduction'>
<h2>Introduction</h2>
-<p>A number of Web APIs, in particular those used to access private or sensitive data from the hosting device, are meant to be discoverable, as well as disabled or enabled on a site-by-site or application-by-application basis, depending on the security context.</p>
-<p>For instance, the <a href="http://www.w3.org/TR/2009/CR-widgets-20091201/#the-feature-element">feature element</a> as defined in the Widget Packaging and
- Configuration specification [[WIDGETS]] allows a widget runtime engine to grant access only to the specific APIs that the configuration file of the widget listed.</p>
-<p>A similar approach is used in the proposed DAP security policy framework [[DAP-ACCESS-REQS]] [[DAP-POLICY-FRAMEWORK]].</p>
-<p>To define these specific security rules, the said APIs need to be identifiable, with a specific meaning attached to each of the identifiers — this is the role of this specification.</p>
- <p>A <dfn>feature</dfn> is a reference to a logical item that may require access control.</p>
- <p>This document lists features for well-known APIs, identifies them with a string that can be used to build a URI, and defines the meaning of the feature in terms of access control.</p>
-<p>
- Examples include the ability to read a local file, or to discover
- nearby Bluetooth devices, or to send an SMS message. </p>
+<p>A number of Web APIs, in particular those used to access private or
+ sensitive data from the hosting device, will need permission to
+ operate. Such permissions will be granted depending on the security context.
+To define these specific security rules, permissions (also known as
+ capabilities) need to be well defined so that they can be granted
+ and enforced. In addition, in some contexts applications need to be
+ able to specify which permissions will be needed in order to
+ operate.</p>
+<p>Permissions may be associated with APIs, those APIs identified by
+ the name of the API.
+</p>
+<p>This document summarizes the permissions that may be granted and
+ what they mean.</p>
+<!-- <p>For instance, the <a href="http://www.w3.org/TR/2009/CR-widgets-20091201/#the-feature-element">feature element</a> as defined in the Widget Packaging and -->
+<!-- Configuration specification [[WIDGETS]] allows a widget runtime -->
+<!-- engine to grant access only to the specific APIs that the -->
+<!-- configuration file of the widget listed.</p> -->
+<!-- <p>A similar approach is used in the proposed DAP security policy -->
+<!-- framework [[DAP-ACCESS-REQS]] [[DAP-POLICY-FRAMEWORK]].</p> -->
+<!-- <p> -->
+<!-- <p>A <dfn>feature</dfn> is a reference to a logical item that may require access control.</p> -->
</section> <!-- introduction -->
<section id="identifiers">
<h2>Identifiers</h2>
- <p>Each feature defined below is assigned with a string as an identifier.</p>
- <p>That string can be used to build a URI identifying the said feature in context where a URI is needed (e.g. in the Widget Packaging and Configuration specification [[WIDGETS]]) by appending that string to the base URI <code>http://www.w3.org/ns/apis/</code>.</p>
- <p class="note">The base URI is entirely tentative at this stage.</p>
+ <p>Each permission defined below is assigned with a string as an
+ identifier.</p>
+ <p>That string can be used to build a URI identifying that
+ permission in context where a URI is needed (e.g. in the Widget
+ Packaging and Configuration specification [[WIDGETS]]) by
+ appending that string to the base
+ <code>http://www.w3.org/dap/permission/</code>.</p>
+ <p class="note">The DAP base URI is entirely tentative at this stage.</p>
</section>
- <section id="api-features">
- <h2>API Features</h2>
-<p class="note">This section is in draft form and subject to
- change based on inputs related to permission classifications,
- any changes to the DAP security model and updates to the DAP API
- specifications.
+ <section id="api-permissions">
+ <h2>API Permissions</h2>
+<p> The sections below list BONDI 1.11 feature strings
+ [[BONDI-FEATURES1-11]] as well as
+<a href="http://developer.android.com/reference/android/Manifest.permission.html">
+ Android permission identifiers</a>.
+<p>The BONDI 1.11 feature URIs are formed by appending the BONDI
+ string to the base URI: <code>http://bondi.omtp.org/api/1.1/</code>.
</p>
-<p> The sections below list BONDI 1.11 feature URIs
- [[BONDI-FEATURES1-11]] as well as
-<a href="http://developer.android.com/reference/android/Manifest.permission.html">ones
- used in Android</a>.Note that the meanings may not correspond
+<p class="note">
+Note that the BONDI and Android meanings may not correspond
exactly, so even if the names are similar they may not be equivalent.</p>
<section id="geolocation">
@@ -68,37 +85,44 @@
<table
class="simple"
- summary="Geolocation Features">
+ summary="Geolocation Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11 URI</a>
+ <a>BONDI 1.11</a>
</th>
<th>
- <a>Android string</a>
+ <a>Android</a>
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
- <code>http://bondi.omtp.org/api/1.1/geolocation.position</code>
+ Detection of the user's position:
</td>
<td>
- <code></code>
+
</td>
</tr>
<tr>
<td>
-The API allows the detection of the user's position.
+ <code>geolocation.position</code>
</td>
<td>
-
+ <code></code>
</td>
</tr>
<tr>
<td>
+
+ </td>
+ <td>
+access coarse (e.g., Cell-ID, WiFi) location
+ </td>
+ <tr>
+ <td>
</td>
<td>
<code>android.permission.ACCESS_COARSE_LOCATION</code>
@@ -109,9 +133,10 @@
</td>
<td>
-Allows an application to access coarse (e.g., Cell-ID, WiFi) location
+access fine (e.g., GPS) location
</td>
</tr>
+ </tr>
<tr>
<td>
</td>
@@ -124,7 +149,7 @@
</td>
<td>
-Allows an application to access fine (e.g., GPS) location
+access extra location provider commands
</td>
</tr>
<tr>
@@ -139,7 +164,7 @@
</td>
<td>
-Allows an application to access extra location provider commands
+create mock location providers for testing
</td>
</tr>
<tr>
@@ -154,7 +179,7 @@
</td>
<td>
-Allows an application to create mock location providers for testing
+Allows enabling/disabling location update notifications from the radio. Not for use by normal applications.
</td>
</tr>
<tr>
@@ -164,64 +189,56 @@
<code>android.permission.CONTROL_LOCATION_UPDATES</code>
</td>
</tr>
- <tr>
- <td>
-
- </td>
- <td>
-Allows enabling/disabling location update notifications from the radio. Not for use by normal applications.
- </td>
- </tr>
</tbody>
</table>
</section>
<section id="contact-feature">
<h3>Contact API</h3>
-<p>The features in this section correspond to the [[CONTACTS-API]] and [[CONTACTS-WRITER-API]].</p>
+<p>The permissions in this section correspond to the [[CONTACTS-API]] and [[CONTACTS-WRITER-API]].</p>
<table
class="simple"
- summary="Contact Features">
+ summary="Contact Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11 URI</a>
+ <a>BONDI 1.11</a>
</th>
<th>
- <a>Android string</a>
+ <a>Android</a>
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
- <code>http://bondi.omtp.org/api/1.1/pim.contacts.read</code>
+ Read the contacts stored in the terminal
</td>
<td>
- <code>android.permission.READ_CONTACTS</code>
+ read the user's contacts data.
</td>
</tr>
<tr>
<td>
- Read the contacts stored in the terminal
+ <code>pim.contacts.read</code>
</td>
<td>
- Allows an application to read the user's contacts data.
+ <code>android.permission.READ_CONTACTS</code>
</td>
</tr>
<tr>
<td>
- <code>http://bondi.omtp.org/api/1.1/pim.contacts.write</code>
+ Read the contacts stored in the terminal
</td>
<td>
- <code>android.permission.WRITE_CONTACTS</code>
+ write (but not read) the user's contacts data.
</td>
</tr>
<tr>
<td>
- Read the contacts stored in the terminal
+ <code>pim.contacts.write</code>
</td>
<td>
- Allows an application to write (but not read) the user's contacts data.
+ <code>android.permission.WRITE_CONTACTS</code>
</td>
</tr>
</tbody>
@@ -229,51 +246,51 @@
</section>
<section id="calendar-feature">
<h3>Calendar API</h3>
-<p>The features in this section correspond to the DAP Calendar API.</p>
+<p>The permissions in this section correspond to the DAP Calendar API.</p>
<table
class="simple"
- summary="Calendar Features">
+ summary="Calendar Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11 URI</a>
+ <a>BONDI 1.11</a>
</th>
<th>
- <a>Android string</a>
+ <a>Android</a>
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/pim.calendar.read</code>
+Calls to read calendars
</td>
<td>
- <code>android.permission.READ_CALENDAR</code>
+read the user's calendar data.
</td>
</tr>
<tr>
<td>
-Calls to read calendars
+<code>pim.calendar.read</code>
</td>
<td>
-Allows an application to read the user's calendar data.
+ <code>android.permission.READ_CALENDAR</code>
</td>
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/pim.calendar.write</code>
+Call to create, update or delete events from calendar.
</td>
<td>
- <code>android.permission.WRITE_CALENDAR</code>
+write (but not read) the user's calendar data.
</td>
</tr>
<tr>
<td>
-Call to create, update or delete events from calendar.
+<code>pim.calendar.write</code>
</td>
<td>
-Allows an application to write (but not read) the user's calendar data.
+ <code>android.permission.WRITE_CALENDAR</code>
</td>
</tr>
</tbody>
@@ -282,68 +299,68 @@
</section>
<section id="capture-feature">
<h3>Capture API</h3>
-<p>The features in this section correspond to the DAP Capture API,
+<p>The permissions in this section correspond to the DAP Capture API,
[[HTMLMEDIACAPTURE]]. </p>
<table
class="simple"
- summary="Capture Features">
+ summary="Capture Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11 URI</a>
+ <a>BONDI 1.11</a>
</th>
<th>
- <a>Android string</a>
+ <a>Android</a>
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/camera.access</code>
+detection of available cameras:
</td>
<td>
- <code>android.permission.CAMERA</code>
+access the camera device:
</td>
</tr>
<tr>
<td>
-Feature that allows for the detection of available cameras.
+<code>camera.access</code>
</td>
<td>
-Required to be able to access the camera device.
+ <code>android.permission.CAMERA</code>
</td>
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/camera.capture</code>
+capturing a picture from a selected camera:
</td>
<td>
- <code></code>
+
</td>
</tr>
<tr>
<td>
-Feature that allows for capturing a picture from a selected camera.
+<code>camera.capture</code>
</td>
<td>
-
+ <code></code>
</td>
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/camera.record</code>
+capturing a video from a selected camera:
</td>
<td>
- <code></code>
+
</td>
</tr>
<tr>
<td>
-Feature that allows for capturing a video from a selected camera.
+<code>camera.record</code>
</td>
<td>
-
+ <code></code>
</td>
</tr>
</tbody>
@@ -351,32 +368,24 @@
</section>
<section id="messaging-feature">
<h3>Messaging API</h3>
-<p>The features in this section correspond to the DAP Messaging API.</p>
+<p>The permissions in this section correspond to the DAP Messaging API.</p>
<table
class="simple"
- summary="Messaging Features">
+ summary="Messaging Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11 URI</a>
+ <a>BONDI 1.11</a>
</th>
<th>
- <a>Android string</a>
+ <a>Android</a>
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.email.send</code>
- </td>
- <td>
- <code></code>
- </td>
- </tr>
- <tr>
- <td>
Send an email message
</td>
<td>
@@ -385,7 +394,7 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.mms.send</code>
+<code>messaging.email.send</code>
</td>
<td>
<code></code>
@@ -401,10 +410,10 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.sms.send</code>
+<code>messaging.mms.send</code>
</td>
<td>
- <code>android.permission.SEND_SMS</code>
+ <code></code>
</td>
</tr>
<tr>
@@ -412,15 +421,15 @@
Send an SMS
</td>
<td>
-Allows an application to send SMS messages.
+send SMS messages.
</td>
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.binarysms.send</code>
+<code>messaging.sms.send</code>
</td>
<td>
- <code></code>
+ <code>android.permission.SEND_SMS</code>
</td>
</tr>
<tr>
@@ -433,7 +442,7 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.email.subscribe</code>
+<code>messaging.binarysms.send</code>
</td>
<td>
<code></code>
@@ -449,10 +458,10 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.mms.subscribe</code>
+<code>messaging.email.subscribe</code>
</td>
<td>
- <code>android.permission.RECEIVE_MMS</code>
+ <code></code>
</td>
</tr>
<tr>
@@ -460,15 +469,15 @@
Subscribe to MMS message notifications
</td>
<td>
-Allows an application to monitor incoming MMS messages, to record or perform processing on them.
+monitor incoming MMS messages, to record or perform processing on them.
</td>
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.sms.subscribe</code><br/>
+<code>messaging.mms.subscribe</code>
</td>
<td>
- <code>android.permission.RECEIVE_SMS</code>
+ <code>android.permission.RECEIVE_MMS</code>
</td>
</tr>
<tr>
@@ -476,15 +485,15 @@
Subscribe to SMS message notifications
</td>
<td>
-Allows an application to monitor incoming SMS messages, to record or perform processing on them.
+monitor incoming SMS messages, to record or perform processing on them.
</td>
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.binarysms.subscribe</code>
+<code>messaging.sms.subscribe</code><br/>
</td>
<td>
- <code></code>
+ <code>android.permission.RECEIVE_SMS</code>
</td>
</tr>
<tr>
@@ -497,7 +506,7 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.email.getAccounts</code>
+<code>messaging.binarysms.subscribe</code>
</td>
<td>
<code></code>
@@ -513,7 +522,7 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.email.attach</code>
+<code>messaging.email.getAccounts</code>
</td>
<td>
<code></code>
@@ -529,7 +538,7 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.mms.attach</code>
+<code>messaging.email.attach</code>
</td>
<td>
<code></code>
@@ -545,10 +554,10 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.sms.get</code>
+<code>messaging.mms.attach</code>
</td>
<td>
- <code>android.permission.READ_SMS</code>
+ <code></code>
</td>
</tr>
<tr>
@@ -556,15 +565,15 @@
Retrieve SMS
</td>
<td>
-Allows an application to read SMS messages.
+read SMS messages.
</td>
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.mms.get</code>
+<code>messaging.sms.get</code>
</td>
<td>
- <code>android.permission.RECEIVE_MMS</code>
+ <code>android.permission.READ_SMS</code>
</td>
</tr>
<tr>
@@ -572,15 +581,15 @@
Retrieve MMS
</td>
<td>
-Allows an application to monitor incoming MMS messages, to record or perform processing on them.
+monitor incoming MMS messages, to record or perform processing on them.
</td>
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.email.get</code>
+<code>messaging.mms.get</code>
</td>
<td>
- <code></code>
+ <code>android.permission.RECEIVE_MMS</code>
</td>
</tr>
<tr>
@@ -593,7 +602,7 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.sms.delete</code>
+<code>messaging.email.get</code>
</td>
<td>
<code></code>
@@ -609,7 +618,7 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.mms.delete</code>
+<code>messaging.sms.delete</code>
</td>
<td>
<code></code>
@@ -625,7 +634,7 @@
</tr>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/messaging.email.delete</code>
+<code>messaging.mms.delete</code>
</td>
<td>
<code></code>
@@ -641,10 +650,10 @@
</tr>
<tr>
<td>
-<code></code>
+<code>messaging.email.delete</code>
</td>
<td>
- <code>android.permission.WRITE_SMS</code>
+ <code></code>
</td>
</tr>
<tr>
@@ -652,7 +661,7 @@
</td>
<td>
-Allows an application to write SMS messages.
+write SMS messages.
</td>
</tr>
<tr>
@@ -660,7 +669,7 @@
<code></code>
</td>
<td>
- <code>android.permission.BROADCAST_SMS</code>
+ <code>android.permission.WRITE_SMS</code>
</td>
</tr>
<tr>
@@ -668,7 +677,15 @@
</td>
<td>
-Allows an application to broadcast an SMS receipt notification
+broadcast an SMS receipt notification
+ </td>
+ </tr>
+ <tr>
+ <td>
+<code></code>
+ </td>
+ <td>
+ <code>android.permission.BROADCAST_SMS</code>
</td>
</tr>
</tbody>
@@ -676,38 +693,46 @@
</section>
<section id="sysinfo-feature">
<h3>System Information API</h3>
-<p>The features in this section correspond to the DAP System
+<p>The permissions in this section correspond to the DAP System
Information API
[[SYSINFOAPI]].</p>
<table
class="simple"
- summary="System Information Features">
+ summary="System Information Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11 URI</a>
+ <a>BONDI 1.11</a>
</th>
<th>
- <a>Android string</a>
+ <a>Android</a>
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
-<code>http://bondi.omtp.org/api/1.1/pim.devicestatus</code>
+Access to the device status module
</td>
<td>
- <code></code>
+
</td>
</tr>
<tr>
<td>
-Access to the device status module
+<code>pim.devicestatus</code>
</td>
<td>
+ <code></code>
+ </td>
+ </tr>
+ <tr>
+ <td>
</td>
+ <td>
+Allows applications to access information about networks
+ </td>
</tr>
<tr>
<td>
@@ -722,7 +747,7 @@
</td>
<td>
-Allows applications to access information about networks
+Allows applications to access information about Wi-Fi networks
</td>
</tr>
<tr>
@@ -738,7 +763,7 @@
</td>
<td>
-Allows applications to access information about Wi-Fi networks
+collect battery statistics
</td>
</tr>
<tr>
@@ -754,7 +779,7 @@
</td>
<td>
-Allows an application to collect battery statistics
+read the owner's data.
</td>
</tr>
<tr>
@@ -770,7 +795,7 @@
</td>
<td>
-Allows an application to read the owner's data.
+Allows read only access to phone state.
</td>
</tr>
<tr>
@@ -781,14 +806,6 @@
<code>android.permission.READ_PHONE_STATE</code>
</td>
</tr>
- <tr>
- <td>
-
- </td>
- <td>
-Allows read only access to phone state.
- </td>
- </tr>
</tbody>
</table>
</section>
Received on Thursday, 19 August 2010 12:42:18 UTC