- From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
- Date: Thu, 19 Aug 2010 14:26:07 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/features
In directory hutz:/tmp/cvs-serv30163
Modified Files:
Overview.html
Log Message:
update to include both features and capabilities
Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/features/Overview.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- Overview.html 19 Aug 2010 13:14:21 -0000 1.18
+++ Overview.html 19 Aug 2010 14:26:02 -0000 1.19
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
- <title>Device API Feature Permissions</title> <meta
+ <title>Device API Features and Capabilities</title> <meta
http-equiv='Content-Type'
content='text/html;charset=utf-8'/> <script src='../ReSpec.js/js/respec.js'
class='remove'></script> <script class='remove'>
@@ -22,52 +22,76 @@
</head>
<body>
<section id='abstract'>
- This document defines permission identifiers for Web Device APIs
- and how they may be used in various contexts to enable access control.
+ This document defines how Device API features and permissions
+ may be identified and used in various contexts to enable access
+ control. This includes user control and delegated
+ authority using policy for web browser
+ pages and widgets.
</section> <!-- abstract -->
<section id='introduction'>
<h2>Introduction</h2>
<p>A number of Web APIs, in particular those used to access private or
- sensitive data from the hosting device, will need permission to
- operate. Such permissions will be granted depending on the security context.
-To define these specific security rules, permissions (also known as
- capabilities) need to be well defined so that they can be granted
- and enforced. In addition, in some contexts applications need to be
- able to specify which permissions will be needed in order to
- operate.</p>
-<p>Permissions may be associated with APIs, those APIs identified by
- the name of the API.
+sensitive data from the hosting device, are meant to be discoverable,
+as well as disabled or enabled on a site-by-site or
+application-by-application basis, depending on the security
+context.</p>
+<p>For instance, the <a
+href="http://www.w3.org/TR/2009/CR-widgets-20091201/#the-feature-element">feature
+element</a> as defined in the Widget Packaging and
+ Configuration specification [[WIDGETS]] allows a widget runtime
+engine to grant access only to the specific APIs that the
+configuration file of the widget listed.</p>
+<p>A similar approach is used in the proposed DAP security policy
+framework [[DAP-ACCESS-REQS]] [[DAP-POLICY-FRAMEWORK]].</p>
+<p>To define these specific security rules, such APIs need to be
+identifiable, with a specific meaning attached to each of the
+identifiers. A <dfn>feature</dfn> is a reference to a logical item
+that may require access control.</p>
+<p>In addition, permissions or capabilities may be associated with the
+identified API, or feature, indicating the specific permissions granted.
+Such
+permissions need to be well defined.
+In some cases only a single permission may be associated with a feature,
+for example a contacts read permission associated with a contacts read
+API. In other APIs there may be more than one permission required to
+enable the feature. This document defines permissions (also known as
+capabilities) and how they are identified.
</p>
-<p>This document summarizes the permissions that may be granted and
- what they mean.</p>
-<!-- <p>For instance, the <a href="http://www.w3.org/TR/2009/CR-widgets-20091201/#the-feature-element">feature element</a> as defined in the Widget Packaging and -->
-<!-- Configuration specification [[WIDGETS]] allows a widget runtime -->
-<!-- engine to grant access only to the specific APIs that the -->
-<!-- configuration file of the widget listed.</p> -->
-<!-- <p>A similar approach is used in the proposed DAP security policy -->
-<!-- framework [[DAP-ACCESS-REQS]] [[DAP-POLICY-FRAMEWORK]].</p> -->
-<!-- <p> -->
-<!-- <p>A <dfn>feature</dfn> is a reference to a logical item that may require access control.</p> -->
</section> <!-- introduction -->
- <section id="identifiers">
- <h2>Identifiers</h2>
- <p>Each permission defined below is assigned with a string as an
- identifier.</p>
- <p>That string can be used to build a URI identifying that
- permission in context where a URI is needed (e.g. in the Widget
+ <section id="features">
+ <h2>Features</h2>
+<p>Features may be defined using API methods, and are named with the
+string identifying the specific API. Features may also be defined by a
+specfication to apply to specific attributes, for example
+contacts.find in conjunction with the addresses attribute might be a
+feature to obtain addresses. This may be separate from finding
+relationships since the ability to determine one probably should not
+imply the other.
+</p>
+ <p>In some cases a URI may be needed (e.g. in the Widget
Packaging and Configuration specification [[WIDGETS]]) by
appending that string to the base
+ <code>http://www.w3.org/dap/feature/</code>.
+ <p class="note">The DAP base URI is entirely tentative at this
+ stage.</p>
+</p>
+</section>
+ <section id="capabilities">
+ <h2>Capabilities</h2>
+ <p>Each capability (permission) is defined using a string as
+ specified in this document (and possibility API specifications
+ as well).
+ </p>
+ <p>In some cases a URI may be needed and obtained by
+ appending that string to the base
<code>http://www.w3.org/dap/permission/</code>.</p>
<p class="note">The DAP base URI is entirely tentative at this stage.</p>
- </section>
- <section id="api-permissions">
- <h2>API Permissions</h2>
<p> The sections below list BONDI 1.11 feature strings
- [[BONDI-FEATURES1-11]] as well as
+ [[BONDI-FEATURES1-11]] and corresponding
<a href="http://developer.android.com/reference/android/Manifest.permission.html">
Android permission identifiers</a>.</p>
-<p>The BONDI 1.11 feature URIs are formed by appending the BONDI
+<p>BONDI 1.11 feature URIs are formed by appending the BONDI
string to the base URI: <code>http://bondi.omtp.org/api/1.1/</code>.
</p>
<p class="note">
@@ -85,14 +109,14 @@
<table
class="simple"
- summary="Geolocation Permissions">
+ summary="Geolocation Features and Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11</a>
+ <a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android</a>
+ <a>Android Permissions</a>
</th>
</tr>
</thead>
@@ -197,14 +221,14 @@
<p>The permissions in this section correspond to the [[CONTACTS-API]] and [[CONTACTS-WRITER-API]].</p>
<table
class="simple"
- summary="Contact Permissions">
+ summary="Contact Features and Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11</a>
+ <a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android</a>
+ <a>Android Permissions</a>
</th>
</tr>
</thead>
@@ -249,14 +273,14 @@
<p>The permissions in this section correspond to the DAP Calendar API.</p>
<table
class="simple"
- summary="Calendar Permissions">
+ summary="Calendar Features and Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11</a>
+ <a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android</a>
+ <a>Android Permissions</a>
</th>
</tr>
</thead>
@@ -303,14 +327,14 @@
[[HTMLMEDIACAPTURE]]. </p>
<table
class="simple"
- summary="Capture Permissions">
+ summary="Capture Features and Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11</a>
+ <a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android</a>
+ <a>Android Permissions</a>
</th>
</tr>
</thead>
@@ -371,15 +395,15 @@
<p>The permissions in this section correspond to the DAP Messaging API.</p>
<table
class="simple"
- summary="Messaging Permissions">
+ summary="Messaging Features and Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11</a>
+ <a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android</a>
+ <a>Android Permissions</a>
</th>
</tr>
</thead>
@@ -698,14 +722,14 @@
[[SYSINFOAPI]].</p>
<table
class="simple"
- summary="System Information Permissions">
+ summary="System Information Features and Permissions">
<thead>
<tr>
<th>
- <a>BONDI 1.11</a>
+ <a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android</a>
+ <a>Android Permissions</a>
</th>
</tr>
</thead>
Received on Thursday, 19 August 2010 14:26:12 UTC