- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 28 Apr 2009 14:05:17 +0200
- To: Arthur Barstow <art.barstow@nokia.com>
- Cc: "public-device-apis@w3.org" <public-device-apis@w3.org>
On 28 Apr 2009, at 13:19, Arthur Barstow wrote: > We support the creation of a new WG as proposed below and would like > to see that important work started as soon as possible. > Additionally, we are willing to contribute to the creation of a > formal charter. Thanks Art, that's good to hear. > One item that would be useful is an expansion of what you mean by > "identification of APIs" and "identification of web applications and > Widgets". Essentially, an access control policy needs to have a way to identify the thing that access is granted to, and the thing that can accesses it -- each of which could be anything between a large random number and a URI, depending on use cases and design philosophies. More to the point, one could identify an API by URI reference, or perhaps by the name of a constructor (if each API was actually using a constructor pattern), or perhaps by the name of an object that exposes requisite methods (if each API was using the geolocation API's pattern). Likewise, there will be a need to identify the web application (or widget) that wants to access an API -- or, more precisely, the properties of a given web application or widget that feed into the access control decision. That might be things such as the origin for a Web application, or some information about a signing party for a widget. Perhaps this point is too low-level to call out in a charter; thoughts welcome.
Received on Tuesday, 28 April 2009 12:05:29 UTC