- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Tue, 28 Apr 2009 07:19:18 -0400
- To: ext Thomas Roessler <tlr@w3.org>
- Cc: "public-device-apis@w3.org" <public-device-apis@w3.org>
- Message-Id: <AC4A3ECF-6E9A-4880-96DF-8CB006968A7C@nokia.com>
Hi Thomas, We support the creation of a new WG as proposed below and would like to see that important work started as soon as possible. Additionally, we are willing to contribute to the creation of a formal charter. One item that would be useful is an expansion of what you mean by "identification of APIs" and "identification of web applications and Widgets". -Regards, Art Barstow On Apr 14, 2009, at 7:34 AM, ext Thomas Roessler wrote: > Hello, > > it's about time that we start a chartering discussion. > Fundamentals that we need to sort out in order to get from here to > there: > > - general scope of the work (and things that are out of scope) > - basic principles for the work > - deliverables and milestones > - resources > - input documents > > Based on the outcomes from the workshop [1] and the notes from the > mobile web breakout session at the AC meeting [2], I'd propose the > following in terms of a (rough) mission and scope, and would > appreciate your feed-back on this mailing list: > > 1. The group would be chartered to produce a framework for the > expression of security policies that govern access of Web > applications and widgets to security-critical APIs. To achieve > this goal, the group will need to deal with the following items: > > - policy expression proper > - identification of APIs > - identification of web applications and Widgets > > 2. Out of scope: > > - concrete APIs > - policy management and discovery > - fundamental changes to JavaScript > > 3. Principles: > > - before inventing a new policy expression language, existing > languages (such as XACML) should be reviewed for suitability > - the resulting policy model must be compatible with the existing > same origin policy (as documented in the HTML5 specification) > - the work should not be specific to either mobile or desktop > environments, but may take differences between the environments > into account > > 4. Liaisons: > > - PLING (W3C Policy Languages Interest Group) > - HTML WG > - WebApps WG > - geolocation WG > - Mobile Web Best Practices WG > - BONDI > - OpenAjaxAlliance > > Note that this would be a good time for interested members to > indicate *privately* whether they're willing to make chairing or > editing resources available. > > This would also be a good time for those members who presented > concrete technical proposals at the workshop to indicate whether > they'll be interested in putting these proposals on the table as a > basis for the work proposed here. > > [1] http://www.w3.org/2008/security-ws/report > [2] http://lists.w3.org/Archives/Member/w3c-archive/2009Apr/0094.html > > Note: [2] is member-only; I'll circulate a publicly visible summary > some time soon. > > -- > Thomas Roessler, W3C <tlr@w3.org> >
Received on Tuesday, 28 April 2009 11:20:43 UTC