RE: Draft Charter for a Device API and Security WG

Hi Dom,

On the naming, I'm not precious but I think we should ensure that it is clear to people outside what the group is working on. Security policy is critical to this working group's success and we should make that clear from the start. An alternative suggestion could be "Device APIs and Policy" or DAP for short.

Cheers,


David.

-----Original Message-----
From: Dominique Hazael-Massieux [mailto:dom@w3.org] 
Sent: 14 May 2009 07:51
To: David Rogers
Cc: Arthur Barstow; ext Robin Berjon; Marcin Hanclik; public-device-apis@w3.org; Philipp Hoschka; Nick Allott
Subject: RE: Draft Charter for a Device API and Security WG

Hi Dave,

Le mercredi 13 mai 2009 à 21:38 +0100, David Rogers a écrit :
> In general we are very pleased with the charter, so here are some
> small changes from us:
> 
> 1) Title: "Device APIs and Security Working Group Charter"

I'm not sure about adding "and Security" to the name of the group:
 * it makes the name quite long and mouthful
 * it reads awkwardly: it won't work on device security, nor on security
in general, but on the securing access to device APIs which that title
doesn't convey

I don't feel very strongly about it, so I can add it back if others do.

> 2) In 3.1 Recommendation-Track Deliverables:
> 
> System Information API -> Change to "System Information and Events"

Done.

> * Application Configuration API
>  - An API to manage application settings and user preferences

OK, added for now (but others should feel free to disagree)

> * User Interaction API
>  - A set of APIs that gives a widget or website far better control of how it manifests itself on different platforms. This would include minimise/maximise  functions, window size, alerting mechanisms etc.

Hmm... Is that really a "device service" API? It feels more like
something for the WebApps Working Group. Is it so strongly related to
the others APIs that it would need to be developed in this group?

> * Security Policy Framework:
>  - Definition of a policy description language for security policies
>  - Expression of security policies that govern access of Web Applications and Widgets to security-critical APIs

Added.

> 3) In 4.2 Liaisons:
> 
> Ubiquitous Web Applications Working Group http://www.w3.org/2007/uwa/ To help with work on device status, particularly the work on Delivery Context: Client Interfaces (DCCI) 1.0 http://www.w3.org/TR/DPF/.


Added.

> 4) In 4.3 External groups:
> 
> OMTP
> 
> OMTP's BONDI initiative aims to define key interfaces that enable the mobile web platform to access sensitive functions on the mobile, within a security framework that protects the user from malicious actions. OMTP can provide input to requirements and technologies for this Working Group, as well as review and endorse deliverables.

Added.

Dom

Received on Thursday, 14 May 2009 10:32:42 UTC