- From: Dominique Hazael-Massieux via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 14 Sep 2010 14:10:23 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/contacts
In directory hutz:/tmp/cvs-serv10315
Modified Files:
Overview.html
Log Message:
updated privacy section based on split of contacts-writer
Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/contacts/Overview.html,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -d -r1.77 -r1.78
--- Overview.html 14 Sep 2010 13:54:04 -0000 1.77
+++ Overview.html 14 Sep 2010 14:10:21 -0000 1.78
@@ -191,25 +191,25 @@
Privacy considerations for implementors of the Contacts API
</h2>
<p>
- A <a>user agent</a> must not create, find, save or delete contact information to Web sites without the express permission of the
- user. A <a>user agent</a> must acquire permission through a user interface, unless they have prearranged trust relationships with
- users, as described below. The user interface must include the URI of the document origin, as defined in [[HTML5]]. Those
+ A <a>user agent</a> MUST not retrieve contact information to Web sites without the express permission of the
+ user. A <a>user agent</a> MUST acquire permission through a user interface, unless they have prearranged trust relationships with
+ users, as described below. The user interface MUST include the URI of the document origin, as defined in [[HTML5]]. Those
permissions that are acquired through the user interface and that are preserved beyond the current browsing session (i.e. beyond
the time when the browsing context, as defined in [[HTML5]], is navigated to another URL) MUST be revocable and a <a>user
- agent</a> must respect revoked permissions.
+ agent</a> MUST respect revoked permissions.
</p>
<p>
Obtaining the user's express permission to access one API method does not imply the user has granted permission for the same
Web site to access other methods provided by this API, or to access the same method with a different set of arguments, as part of
the same permission context. If a user has expressed permission for an implementation to, e.g. find a set of existing contacts,
- the implementation must seek the user's express permission if and when any additional create, find, save or remove function
+ the implementation MUST seek the user's express permission if and when any additional <code>find</code> function
is called on this API.
</p>
<p>
A <a>user agent</a> may have prearranged trust relationships that do not require such user interfaces. For example, while a Web
- browser will present a user interface when a Web site performs an address book request, a Widget Runtime MAY have a prearranged,
+ browser will present a user interface when a Web site performs an address book request, a Widget [[WIDGETS]] runtime MAY have a prearranged,
delegated security relationship with the user and, as such, a suitable alternative security and privacy mechanism with which to
- authorize the creation, retrieval, update and/or removal of contact information.
+ authorize the retrieval of contact information.
</p>
</section>
<section>
Received on Tuesday, 14 September 2010 14:10:25 UTC