Re: JavaScript Permissions interface in WebApps


> But the Geolocation WG did not reject the idea of taking action to protect privacy. I think it is regrettable to make such a statement.

Was the Geolocation WG able to take any action to help resolve the privacy concerns? If so, what can the DAP WG learn from this work? 


regards, Frederick

Frederick Hirsch

On Jul 2, 2010, at 1:05 PM, ext Andrei Popescu wrote:

> Hi John,
> On Fri, Jul 2, 2010 at 5:20 PM, John Morris <> wrote:
>> Doug,
>> I appreciate that you have consistently taken the position that no privacy
>> protections should be built into any API.  It is unfortunate that you cannot
>> be in London in a week for either the workshop or the F2F, so that you could
>> express your views on that subject.  And yes, we did "talk to death" many of
>> the issues in December 2008 at the Geolocation WG F2F.
>> But for anyone who was not involved in that process, I think it is important
>> to understand some key points about the Geolocation WG and that Geolocation
>> meeting:
>> -- the goal of the leading participants of that WG was to have the W3C
>> standardize an API that was developed outside of the W3C before the WG was
>> formed.  The API spec brought into the W3C did not address privacy, and the
>> proponents of that spec had no interest in changing the API to address
>> privacy in a meaningful way.
>> -- at the December 2008 F2F, opponents of addressing privacy repeatedly said
>> that the W3C should not do something specific to location, and that if the
>> W3C  were to take any action to address privacy, it should do so with a
>> broader framework.
>> -- the December 2008 F2F was immediately followed (the next day) by a
>> workshop which looked at device API issues more broadly, and decided to do
>> exactly that - form a WG that would consider a broader framework.  Hence DAP
>> was born.
>> -- in rejecting "last call" objections to the Geolocation API's failure to
>> meaningfully address privacy, the Geolocation WG chairs stated:
>> "The working group concluded that privacy protection does not belong in the
>> Geolocation API itself, but is better handled as part of a more generic
>> privacy
>> and security framework for device access. The recently formed Device API
>> and Policy Working Group is chartered to develop precisely such a
>> framework (”

>> I make these points simply to assert that the fact that the Geolocation WG
>> "talked to death" the idea of taking action to protect privacy (and rejected
>> that idea) is not evidence that such action should be rejected today.
> But the Geolocation WG did not reject the idea of taking action to
> protect privacy. I think it is regrettable to make such a statement.
> We simply rejected the idea of adding privacy attributes to the API
> and presented convincing reasons why we thought it was not protecting
> any privacy. Meanwhile, as far as I know, no new evidence was brought
> to this debate so the reasons we had to reject the idea back then are
> still valid today.
> Thanks,
> Andrei

Received on Friday, 2 July 2010 17:55:49 UTC