- From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
- Date: Thu, 19 Aug 2010 16:00:35 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/features
In directory hutz:/tmp/cvs-serv27786
Modified Files:
Overview.html
Log Message:
update to focus on features and capabilities, bring in BONDI
definitions. More work required to straighten out how
features/capabilities relate to specific DAP APIs, e.g. contacts.find
for addresses vs relationships, for example.
Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/features/Overview.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- Overview.html 19 Aug 2010 14:26:02 -0000 1.19
+++ Overview.html 19 Aug 2010 16:00:33 -0000 1.20
@@ -22,11 +22,12 @@
</head>
<body>
<section id='abstract'>
- This document defines how Device API features and permissions
- may be identified and used in various contexts to enable access
- control. This includes user control and delegated
- authority using policy for web browser
- pages and widgets.
+ This document defines the feature and capability aspects of the
+ Device API architecture and summarizes the specific features and
+ capabilities currently defined.
+ These may be used in various contexts to
+ enable access
+ control.
</section> <!-- abstract -->
<section id='introduction'>
@@ -42,28 +43,49 @@
Configuration specification [[WIDGETS]] allows a widget runtime
engine to grant access only to the specific APIs that the
configuration file of the widget listed.</p>
-<p>A similar approach is used in the proposed DAP security policy
-framework [[DAP-ACCESS-REQS]] [[DAP-POLICY-FRAMEWORK]].</p>
-<p>To define these specific security rules, such APIs need to be
-identifiable, with a specific meaning attached to each of the
-identifiers. A <dfn>feature</dfn> is a reference to a logical item
-that may require access control.</p>
-<p>In addition, permissions or capabilities may be associated with the
-identified API, or feature, indicating the specific permissions granted.
-Such
-permissions need to be well defined.
-In some cases only a single permission may be associated with a feature,
-for example a contacts read permission associated with a contacts read
-API. In other APIs there may be more than one permission required to
-enable the feature. This document defines permissions (also known as
-capabilities) and how they are identified.
+<p>The Device APIs provide a number of features that may require
+ explicit
+ access control decisions based on the device capabilities they require.
+ In order to avoid misunderstanding and confusion, we use the same
+ terminology
+as
+ in the BONDI 1.11 contribution
+ [[BONDI-ARCH-SECURITY-11]] as a basis:</p>
+<ul>
+<li><p>A <dfn>Device Capability</dfn>
+ is a specific resource, or functionality of a
+device, that can be accessed, manipulated or exploited by a Web
+Application. Device Capabilities are defined and identified in a
+portable way, without a dependency on any specific JavaScript API, or
+on any underlying software platform or platform-specific API.
+</p></li>
+<li><p>A <dfn>Feature</dfn> is a set of JavaScript APIs and/or device
+ behaviors that
+provide access to specified Device Capabilities. A Feature is
+identified uniquely by IRI, and is the unit of expression of
+dependencies by BONDI Web Applications.
+</p></li>
+<li><p>
+A <dfn>JavaScript API</dfn> is a program interface for Web Applications defined
+using an Interface Definition Language (IDL). JavaScript APIs are
+usually provided as a means for a Web Application to gain access to
+Device Capabilities. However, the definition of the API itself
+concerns the interfaces, methods, properties and other attributes that
+make up the API; the definition of the API is not necessarily
+associated with any specific Device Capabilities and, by itself,
+access to an API does not imply access to any underlying Device
+Capabilities.</p></li>
+</ul>
+<p>This document relaxes the BONDI restriction that features must be
+ defined by IRI by defining strings and a prefix URI that may be used
+ to create a unique IRI in each case.
</p>
</section> <!-- introduction -->
<section id="features">
<h2>Features</h2>
<p>Features may be defined using API methods, and are named with the
string identifying the specific API. Features may also be defined by a
-specfication to apply to specific attributes, for example
+specification to apply to specific attributes, for example
contacts.find in conjunction with the addresses attribute might be a
feature to obtain addresses. This may be separate from finding
relationships since the ability to determine one probably should not
@@ -76,10 +98,41 @@
<p class="note">The DAP base URI is entirely tentative at this
stage.</p>
</p>
+ <section id="feature-geolocation">
+ <h3>Geolocation API</h3>
+<p>
+</p>
+</section>
+ <section id="feature-contact">
+ <h3>Contact API</h3>
+<p>
+</p>
+</section>
+ <section id="feature-calendar">
+ <h3>Calendar API</h3>
+<p>
+</p>
+</section>
+ <section id="feature-capture">
+ <h3>Capture API</h3>
+<p>
+</p>
+</section>
+ <section id="feature-messaging">
+ <h3>Messaging API</h3>
+<p>
+</p>
+</section>
+ <section id="feature-sysinfo">
+ <h3>System Information API</h3>
+<p>
+</p>
+</section>
+
</section>
<section id="capabilities">
<h2>Capabilities</h2>
- <p>Each capability (permission) is defined using a string as
+ <p>Each capability is defined using a string as
specified in this document (and possibility API specifications
as well).
</p>
@@ -90,7 +143,8 @@
<p> The sections below list BONDI 1.11 feature strings
[[BONDI-FEATURES1-11]] and corresponding
<a href="http://developer.android.com/reference/android/Manifest.permission.html">
- Android permission identifiers</a>.</p>
+ Android capability identifiers (called permissions in the Android
+ Developers Guide <a href="http://developer.android.com/guide/topics/security/security.html">Security and Permissions web page</a>.</p>
<p>BONDI 1.11 feature URIs are formed by appending the BONDI
string to the base URI: <code>http://bondi.omtp.org/api/1.1/</code>.
</p>
@@ -98,7 +152,7 @@
Note that the BONDI and Android meanings may not correspond
exactly, so even if the names are similar they may not be equivalent.</p>
- <section id="geolocation">
+ <section id="capability-geolocation">
<h3>Geolocation API</h3>
<p>The <code>geolocation</code> identifier corresponds to the
access to the <code><a
@@ -109,14 +163,14 @@
<table
class="simple"
- summary="Geolocation Features and Permissions">
+ summary="Geolocation Features and Capabilities">
<thead>
<tr>
<th>
<a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android Permissions</a>
+ <a>Android Capabilities</a>
</th>
</tr>
</thead>
@@ -216,19 +270,19 @@
</tbody>
</table>
</section>
- <section id="contact-feature">
+ <section id="capability-contact">
<h3>Contact API</h3>
<p>The permissions in this section correspond to the [[CONTACTS-API]] and [[CONTACTS-WRITER-API]].</p>
<table
class="simple"
- summary="Contact Features and Permissions">
+ summary="Contact Features and Capabilities">
<thead>
<tr>
<th>
<a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android Permissions</a>
+ <a>Android Capabilities</a>
</th>
</tr>
</thead>
@@ -268,19 +322,19 @@
</tbody>
</table>
</section>
- <section id="calendar-feature">
+ <section id="capability-calendar">
<h3>Calendar API</h3>
<p>The permissions in this section correspond to the DAP Calendar API.</p>
<table
class="simple"
- summary="Calendar Features and Permissions">
+ summary="Calendar Features and Capabilities">
<thead>
<tr>
<th>
<a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android Permissions</a>
+ <a>Android Capabilities</a>
</th>
</tr>
</thead>
@@ -321,20 +375,20 @@
</table>
</section>
- <section id="capture-feature">
+ <section id="capability-capture">
<h3>Capture API</h3>
<p>The permissions in this section correspond to the DAP Capture API,
[[HTMLMEDIACAPTURE]]. </p>
<table
class="simple"
- summary="Capture Features and Permissions">
+ summary="Capture Features and Capabilities">
<thead>
<tr>
<th>
<a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android Permissions</a>
+ <a>Android Capabilities</a>
</th>
</tr>
</thead>
@@ -390,12 +444,12 @@
</tbody>
</table>
</section>
- <section id="messaging-feature">
+ <section id="capability-messaging">
<h3>Messaging API</h3>
<p>The permissions in this section correspond to the DAP Messaging API.</p>
<table
class="simple"
- summary="Messaging Features and Permissions">
+ summary="Messaging Features and Capabilities">
<thead>
<tr>
@@ -403,7 +457,7 @@
<a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android Permissions</a>
+ <a>Android Capabilities</a>
</th>
</tr>
</thead>
@@ -715,21 +769,21 @@
</tbody>
</table>
</section>
- <section id="sysinfo-feature">
+ <section id="capability-sysinfo">
<h3>System Information API</h3>
<p>The permissions in this section correspond to the DAP System
Information API
[[SYSINFOAPI]].</p>
<table
class="simple"
- summary="System Information Features and Permissions">
+ summary="System Information Features and Capabilities">
<thead>
<tr>
<th>
<a>BONDI 1.11 Feature</a>
</th>
<th>
- <a>Android Permissions</a>
+ <a>Android Capabilities</a>
</th>
</tr>
</thead>
@@ -771,7 +825,7 @@
</td>
<td>
-Allows applications to access information about Wi-Fi networks
+Allows applications to access information about WiFi networks
</td>
</tr>
<tr>
Received on Thursday, 19 August 2010 17:56:28 UTC