RE: proposed update to policy requirements from Nilsson, Claes1 on 2010-08-16 (public-device-apis@w3.org from August 2010)

From: Nilsson, Claes1 <Claes1.Nilsson@sonyericsson.com>
Date: Mon, 16 Aug 2010 16:16:07 +0200
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>
Message-ID: <6DFA1B20D858A14488A66D6EEDF26AA32D5BF60EA8@seldmbx03.corpusers.net>

Hi,

I read the document and have a few basic comments/questions. Please excuse me if I am addressing something that already has been discussed. I might have missed some mails due to my summer vacation.

Seems as section 2 covers the cases when the specific API itself implements API access control through some user interface as described by the "Security and Privacy Considerations" sections in the DAP API specifications and that section 3 and 4 describes the use cases when there is a prearranged trust relationships with users. Assuming this is correct: 

* Are untrusted (unsigned) widgets a part of the "Un-managed Web Browser" use case or another separate use case?

* Does the "Trusted Widget" use case without a delegated authority assume a user configured access control policy or does it assume user approving API access at widget installation time? 

Section 3.3: 
* The examples refer to web sites, not trusted widgets. 

Editorial:

Section 4.1:
* First sentence says "The enterprise Managed Device API use case ...". Should be "The Delegated Authority Device API use case ...".

Section 5.3 and 5.4: 
* Contains the same text.

Regards 
  Claes

-----Original Message-----
From: public-device-apis-request@w3.org [mailto:public-device-apis-request@w3.org] On Behalf Of Frederick.Hirsch@nokia.com
Sent: den 14 augusti 2010 02:58
To: public-device-apis@w3.org
Cc: Frederick.Hirsch@nokia.com
Subject: proposed update to policy requirements

I put together a proposed update to the policy requirements editors draft.

I restructured it to reflect our latest thinking that there are essentially three cases: web, trusted widget and managed policy with requirements that build on the more general cases.

It turns out most of what we had before is still relevant, but I consolidated and reorganized it.

See http://dev.w3.org/2009/dap/docs/policy-requirements-proposal.html

If the WG agrees I propose to update the current editors draft with these changes.

regards, Frederick

Frederick Hirsch
Nokia

Received on Monday, 16 August 2010 14:16:44 UTC