- From: Dominique Hazael-Massieux via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 10 Sep 2010 12:58:18 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/policy-reqs In directory hutz:/tmp/cvs-serv26262 Modified Files: Overview.html Log Message: a bit more intro Index: Overview.html =================================================================== RCS file: /sources/public/2009/dap/policy-reqs/Overview.html,v retrieving revision 1.49 retrieving revision 1.50 diff -u -d -r1.49 -r1.50 --- Overview.html 10 Sep 2010 12:55:33 -0000 1.49 +++ Overview.html 10 Sep 2010 12:58:16 -0000 1.50 @@ -62,17 +62,19 @@ <p> Various groups have been defining APIs designed to enable Web sites and applications access to device resources, including geolocation, personal information such as calendar and contacts, - system information such as network information, etc. Much of this information is sensitive and can be misused. As part of its charter, the Device API and Policy Working Group is developing a set of technologies to control access to - this information, including through the use of a policy framework. - </p> + system information such as network information, etc. Much of this information is sensitive and can be misused.</p> + <p>As part of its charter, the Device API and Policy Working Group is developing a set of technologies to control access to this information, including through the use of a policy framework.</p> + + <p>This document explores use cases for such a framework through user stories, and derives requirements both for APIs and the framework based on these use cases.</p> + <section id="defs"> - <h2>Definitions</h2> + <h2>Definition</h2> <p>A <dfn>non-safe API</dfn> is an API that shares sensitive user information or makes a commitment for the user to a third-party (e.g. paying a fee).</p> </section> </section> <!-- introduction --> <section id="interactions" class="informative"> <h2>Access Control Interactions</h2> - <p>Three main types of interactions haven been identified for this access control:</p> + <p>Three main types of interactions haven been identified for controling access to non-safe APIS:</p> <ul> <li>based on granular user consent, for every first call of a sensitive API,</li> <li>based on user consent for a set of APIs at once, packaged into a single interaction (e.g. at “installation” time),</li>
Received on Friday, 10 September 2010 12:58:19 UTC