Corrected 2009-09-30 minutes for approval - v3

Apologies for the extra email, I had a mistake I missed, this is the  
version of 2009-09-30 minutes for approval at our next meeting (v3).  
Please ignore the previous two messages.
Attached is HTML version.

# Device APIs and Policy Working Group Teleconference

## 30 Sep 2009


See also: [IRC log][4]

## Attendees


     Robin_Berjon, Frederick_Hirsch, Dominique_Hazaƫl-Massieux,  
Anssi_Kostiainen, Ilkka_Oksanen, StephenLewontin, Jere_Kapyaho,  
hui_miao, Marcin_Hanclik, Paddy_Byers, Ingmar_Kliche, David_Rogers,
Richard_Tibbett, Claudio_Venezia, Claes_Nilsson


     Thomas_Roessler, Arve_Bersvendsen, Kangchan_Lee


     Robin Berjon, Frederick Hirsch



## Contents

   * [Topics][5]

     1. [Announcements][6]

     2. [Minutes approval][7]

     3. [Editorial team report][8]

     4. [Action items][9]

     5. [Policy Segment][10]

     6. [API Segment][11]

     7. [Issue review][12]

     8. [Other Business][13]

     9. [Adjourn][14]

   * [Summary of Action Items][15]

* * *

<trackbot> Date: 30 September 2009

<MarcoMarengo> thnx

<darobin> this is weird, I don't show up!

<darobin> JereK, you would make a great scribe!

yes! :-)

<brianleroux> +Brian_LeRoux

<darobin> Scribe: Jere_Kapyaho

<darobin> ScribeNick: JereK

<richt> +Richard_Tibbett

<brianleroux> will not be able to call in due to family noise  
pollution / hope
thats ok =)

<richt> +richt

### Announcements

<fhirsch> dial in questionnaire

<fhirsch> [][16]

fhirsch: TPAC coming up, please register and fill in phone-in  

<fhirsch> reminder about tpac

<fhirsch> [

<dom> [note that the number of hotel rooms blocked for TPAC is going  

<AnssiK> should people who will be attending f2f submit the  

fhirsch: DAP meeting as originally scheduled

### Minutes approval

<fhirsch> [

fhirsch: minutes sent out yesterday, approval?

**RESOLUTION: minutes of Sep 23 approved**

### Editorial team report

fhirsch: one other person wanted to join editorial team?

darobin: Anselm

fhirsch: need to join W3C first, all help welcome

... need to talk with Dom or tlr first

### Action items

fhirsch: should move actions to pending

... when completed, please send mail to list to let ppl know what  
you've done

... helps with follow-up

### Policy Segment

fhirsch: some open action items remain, discussion about possible  
material needed

... some decisions we have to make

<fhirsch> [

fhirsch: looked at high-level material of the inputs

... someone from BONDI please give info about 1.01

... e-mail summarizes points so far, but doesn't cover everything

... one of the big ones is do we need both capabilities for both APIs  

<drogersuk> I'll give you some more info on the diffs between 1.01 and  
1.0 via

<drogersuk> (for BONDI)

fhirsch: don't know if it's issue for WG, but want discussion on the  

... reading items from list quickly

... bunch of Qs about identification, would like to see a mail thread  
about it

... language independence

... use XML for policy, worth discussion

... thread about separate policy decision exists

... can someone take an action to summarize HTML5 security policy?

... need actions to move things forward

... thanks David for the diff information, any more detail would be  

<darobin> **ACTION:** David to provide diffs for the BONDI versions  
in [][20]]

<trackbot> Created ACTION-22 - Provide diffs for the BONDI versions  
[on David
Rogers - due 2009-10-07].

<paddy> I can start a discussion on features/device capabilities

fhirsch: now would be a good time to discuss

<drogersuk> can't hear a thing

<drogersuk> ok

<darobin> **ACTION:** Paddy to open an issue and start a discussion on
features/device capabilities [recorded in [

<trackbot> Created ACTION-23 - Open an issue and start a discussion on
features/device capabilities [on Paddy Byers - due 2009-10-07].

fhirsch: link to TAG discussion regarding policy sent by Robin

... has been a big issue in Geolocation, concerns retaining information

... anybody in the position to take actions related to policy?

darobin: Paddy took an action about features/device capabilities

<fhirsch> need help with identifying APIs, Capabilities, FEaturews by  

fhirsch: maybe also related WebIDL stuff

darobin: no WebIDL stuff in this, not in terms of URIs

fhirsch: could use help with this

darobin: should probably open this as an issue, what levels of  
granularity for

fhirsch: granularity of access control

... need to talk this through on the list, more than one person can do  

... get stuff done and see what's wrong with it

... can go quicker if we have something to disagree

StephenLewontin: volunteer to help with the HTML5 security

<dom> **ACTION:** Stephen to look into HTML5 security model [recorded in

<trackbot> Created ACTION-24 - Look into HTML5 security model [on  
lewontin - due 2009-10-07].

StephenLewontin: need any requirements for capability semantics?

... how are those defined, just recommendations?

fhirsch: clearly have to say what we mean

<fhirsch> issue: policy, need to define semantics of capabilities or not

<trackbot> Created ISSUE-24 - Policy, need to define semantics of  
or not ; please complete additional details at
[][23] .

StephenLewontin: will put this in writing, need to make a decision  
about the
semantics of capabilities

<dom> ACTION-24 due in two weeks

<trackbot> ACTION-24 Look into HTML5 security model due date now in  
two weeks

StephenLewontin: will make an effort to do the action in two weeks

marcin: currently discussions in BONDI around features and  
capabilities for

... white paper to highlight topics in progress

... needs some additions due to recent input, could use it as input  
for this
in DAP

... doable by next week's call

<dom> **ACTION:** marcin to provide BONDI white paper on features and
capabilities [recorded in [

<trackbot> Created ACTION-25 - Provide BONDI white paper on features and
capabilities [on Marcin Hanclik - due 2009-10-07].

fhirsch: thanks Marcin

... back to the list

... another big one is trusted identity and trust

... don't want PKI, but need to see how far to go in this direction

... don't think there's any disagremeent in separating policy, the  
BONDI ones
are straightforward

... would be helpful to get the material from people

... would be good to have a proposal when you create the issue, will  
send mail
about this

... will be more productive that way

... any other comments about policy?


### API Segment

<dom> ISSUE-12?

<trackbot> ISSUE-12 -- Gathering requirements for Gallery API -- OPEN

<trackbot> [][25]

darobin: how do we orthogonalize API design so that policy is still  

... example is user grants access to gallery, depends on File

... simplest thing is to ignore the issue and hope policy system  
handles, but
could be too simplistic

<darobin> [][26]

darobin: suggested to raise an issue about this, link above


darobin: Richard raised another issue, link above

<darobin> ISSUE: Orthogonality of API and Policy systems when an API has
dependencies on other APIs

<trackbot> Created ISSUE-25 - Orthogonality of API and Policy systems  
when an
API has dependencies on other APIs ; please complete additional  
details at
[][28] .

richt: let's call it cross-module dependencies and impact on policy

darobin: means what you just said

richt: and the grouping of features and capabilities if that's relevant

darobin: now updated with the correct name

<fhirsch> issue-25 grant access to gallery yet gallery depends on  
file, is
this implicit

darobin: potentially complicated enough to discuss by mail not by phone

... would like to note that this has also been discussed in BONDI,  
input from
those people welcome

marcin: issue 25 is related to discussion about policy, could combine  

<fhirsch> yes it is policy related

darobin: definitely, depending on decision about policy power, API  
could be
designed to be free of policy issues, but also the other way around

<fhirsch> action-25?

<trackbot> ACTION-25 -- Marcin Hanclik to provide BONDI white paper on
features and capabilities -- due 2009-10-07 -- OPEN

<trackbot> [][29]

marcin: issue 25 is related to action 25

darobin: lucky strike

... thanks Marcin

... question of umbrella requirements document for APIs, any objections?

<dtran> Dzung Tran is on the phone (muted)

<fhirsch> yes to Robin's question, no objection


darobin: will check document to IRC so that Bryan has something to  
work with,
then move forward

... many requirements gathering issues, 7, 14, etc., discussions ongoing

... anyone have any issue they'd like to bring up regarding API reqs?

<dom> (umbrella req document relates to ISSUE-22, which I assume can  
now be


richt: discussion about System Information led to asynchronicity

... could be something to discuss in the umbrella document

darobin: issue-14?

... that should move to 'applies to all APIs' section, agreed

... anything else on API reqs?


darobin: will coordinate with Bryan about the reqs posted so far, then  
fleshing out the real APIs

... anything further on APIs?


### Issue review

fhirsch: no need to go one by one

<fhirsch> [][30]

fhirsch: but not that many, just ask status

darobin: three quarters are those just talked about in the API section,
doesn't leave much

fhirsch; talk about error handling, but might make sense to wait

darobin: error handling better discussed in e-mail

... there was the beginning of a thread, ISSUE-2

<darobin> [] 

fhirsch: relationship of error handling to security and leakage of

... any talk in BONDI?

darobin: hasn't been discussed as ISSUE-2, not sure about BONDI

fhirsch: maybe less important now than other things

... end the call early if we run out of topics, continue actively on  
the list

... need to get enough material on the list to have a meaningful call

darobin: agreed

fhirsch: any concerns or issues to raise?


fhirsch: work on the issue and post on the list

darobin: great idea

<richt> Congraulations to Arve :-)

darobin: adjourned

### Other Business


### Adjourn

<brianleroux> goodbye

<marcin> bye

<dtran> quick question: how do you map your handle ??:59 to Dzung Tran

<dtran> Sorry,

<dtran> I guess I am 59

<dtran> which is Dzung Tran

<drogersuk> I was 54 i think

<fhirsch> :)

<darobin> drogersuk: you look younger though

<drogersuk> regular shaving

<drogersuk> lol

<darobin> RRSAgent: bye

## Summary of Action Items

**[NEW]** **ACTION:** David to provide diffs for the BONDI versions  
in [][20]]

**[NEW]** **ACTION:** marcin to provide BONDI white paper on features  
capabilities [recorded in [

**[NEW]** **ACTION:** Paddy to open an issue and start a discussion on
features/device capabilities [recorded in [

**[NEW]** **ACTION:** Stephen to look into HTML5 security model  
[recorded in

[End of minutes]

* * *

Minutes formatted by David Booth's [scribe.perl][32] version 1.135 ([CVS

$Date: 2009-03-02 03:52:20 $





    [5]: #agenda

    [6]: #item01

    [7]: #item02

    [8]: #item03

    [9]: #item04

    [10]: #item05

    [11]: #item06

    [12]: #item07

    [13]: #item08

    [14]: #item09

    [15]: #ActionSummary



















regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Monday, 5 October 2009 23:02:17 UTC