Policy work items - request for proposals from Frederick Hirsch on 2009-11-02 (public-device-apis@w3.org from November 2009)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 2 Nov 2009 15:15:13 -0500
To: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <BB18247E-30A4-4997-B009-5F88D9D9AD7F@nokia.com>

During the morning F2F session I recorded the following somewhat  
independent work items:

1. trust model definition
2. access control model definition
3 capability definitions for APIs in DAP charter and related W3C APIs
4. features - definition
5 security considerations for each API,  privacy concerns for each  
API, definition of likely user prompts based on API functionality that  
have security implications (e.g. take picture query also gives  
security permission)
6 security threat models and countermeasures/ security use cases
7 Context for security decisions - what additional information can be  
included in decision
8. FileAPI security model and simplification

Is this list complete, are the items somewhat orthogonal?

Do we have volunteers to help with concrete proposals, especially for  
the list of capability definitions, API security considerations,  
security use cases/threats.

regards, Frederick

Frederick Hirsch, Nokia
Co-Chair, W3C DAP Working Group

Received on Monday, 2 November 2009 20:15:55 UTC