- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Thu, 10 Dec 2009 16:07:13 -0500
- To: W3C Device APIs and Policy WG <public-device-apis@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
I mentioned this TAG message (below) on our last call and offered to draft a response to the TAG. The wiki cited provides generic examples of how information can be misused, or used in accordance with agreements yet not people's expectations. Unless I'm mistaken, the Geolocation WG elected not to directly address policy in the APIs, different from what is suggested by the TAG or IETF Geopriv WG. If I remember, reasons included that it would be inappropriate for a browser to present statements that it cannot enforce, that web site policies should address the concern and that conveying privacy policy information (e.g. intent/restrictions for reuse/redistribution etc) add complexity. The counter argument is that conveying privacy policy intent is important. If there are additional arguments, perhaps a short summary would be useful. I have a few questions to the WG. First, it seems an appropriate response to the TAG is to thank them for the suggestion and indicate that this will be considered as we develop our policy requirements and framework (as Noah outlined in a subsequent list message). Any other suggestions? I'd like to send a formal response acknowledging the message. Second, I suggest the privacy requirements need to be addressed in our policy requirements document as well as in API documents. We need to be clear on the options, our approach and rationale in the requirements document. Again this is hard since we will deal with both widget and web site models. Can anyone help with this? Third, we should ask whether we will address privacy explicitly in APIs or in policy, implicitly using extension points, or elsewhere in the ecosystem model. How should we make progress on this? Concrete proposals to the list would be most helpful. We might want to have a discussion with the TAG once we've reached some tentative conclusions. regards, Frederick Frederick Hirsch, Nokia Co-Chair, W3C DAP Working Group Begin forwarded message: > From: "ext noah_mendelsohn@us.ibm.com" <noah_mendelsohn@us.ibm.com> > Date: December 4, 2009 10:33:32 AM EST > To: "public-device-apis@w3.org" <public-device-apis@w3.org> > Cc: "public-geolocation@w3.org" <public-geolocation@w3.org>, "www-tag@w3.org > " <www-tag@w3.org> > Subject: W3C TAG position on policy mechanisms for Web APIs and > Services > > To: The W3C Device APIs and Policy Working Group > > The W3C Policy Languages Interest Group maintains a Wiki [1] which > contains real world cases where personal information has been > compromised > due to inadequate policy or poor/nonexistent enforcement. One of these > cases describes how Virgin Mobile used photos that it found on > Flickr in a > national advertising program. The photos appeared on large > billboards, > much to the surprise of the owner and the subject. > > In the public mind, issues related to the management and protection of > user information in Web Applications, Device access over the Web and > Services provided over the Web loom large and must be addressed. > The TAG, > therefore, urges working groups working in these areas to include in > their > architectures the ability to communicate policy information so that > it can > be used to determine correct access to and retention of user data and > resources. Addressing these concerns should be a requirement, > although the > details of how they are addressed may vary by application. For > example, a > working group might provide mechanisms for including policy > information in > API calls in a flexible manner, perhaps by using some more generalized > extensibility mechanism. > > We note that there has been some dialog in this area. In > particular, the > IETF GeoPriv Working Group has requested [2] the W3C Geolocation > Working > Group to add additional support for user privacy. There is a > discussion > thread on this subject on the Geolocation Mailing list [3]. > > Thank you very much. > > Noah Mendelsohn > For the W3C Technical Architecture Group > > [1] http://www.w3.org/Policy/pling/wiki/InterestingCases > [2] > http://lists.w3.org/Archives/Public/public-geolocation/2009Aug/0006.html > [3] > http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/thread.html#msg98 > > > P.S. Tracker: this should fulfill TAG ACTION-318 > > -------------------------------------- > Noah Mendelsohn > IBM Corporation > One Rogers Street > Cambridge, MA 02142 > 1-617-693-4036 > -------------------------------------- > > > > >
Received on Thursday, 10 December 2009 21:07:55 UTC