# Device APIs and Policy Working Group Teleconference

## 03 Mar 2010

[Agenda][3]

See also: [IRC log][4]

## Attendees

Present

    Anssi_Kostiainen, Bryan_Sullivan, Claes_Nilsson, Dominique_Hazael-
Massieux, Dzung_Tran, Frederick_Hirsch, Ilkka_Oksanen, Jesus_Martin, LauraA,
Marcin_Hanclik, Marco_Marengo, Paddy_Byers, Richard_Tibbett, Robin_Berjon,
Wonsuk_Lee, Mark_S_Miller, John_morris, Arve, Alissa, Thomas_Roessler

Regrets

    Suresh_Chitturi

Chair

    Robin_Berjon, Frederick_Hirsch

Scribe

    Claes

## Contents

  * [Topics][5]

    1. [Administrative][6]

    2. [Minutes Approval][7]

    3. [Editorial updates][8]

    4. [Policy, privacy and security][9]

  * [Summary of Action Items][10]

* * *

<trackbot> Date: 03 March 2010

<paddy> I can scribe for 1 hr then I have to leave

<darobin> Scribe: Claes

<darobin> ScribeNick: Claes

<fjh> ScribeNick: Claus

<fjh> ScribeNick: Claes

### Administrative

<fjh> F2F 16-18 March

<fjh> [http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0043.html][11]

look at draft agenda for f2f and comment on list

<fjh> Day 1, Tuesday, 16 March (10:00 - 17:00)

<fjh> Day 2, Wednesday 17 March (9:00 - 17:00)

<fjh> Day 3, Thursday 18 March (9-15:30)

<fjh> registration questionnaire
[http://www.w3.org/2002/09/wbs/43696/prague-2010/][12]

Don't forget to answer questionnaire for f2f meeting

Dom: No bridge has been requested

Robin: Issue with using phone line for int calls

Robin to back on this

<dom> **ACTION:** Dom to reserve Zakim for Prague F2F [recorded in
[http://www.w3.org/2010/03/03-dap-minutes.html#action01][13]]

<trackbot> Created ACTION-97 - Reserve Zakim for Prague F2F [on Dominique
Hazaël-Massieux - due 2010-03-10].

<darobin> [we currently have 5 people who say they're interested in phone
participation]

### Minutes Approval

<fjh> [http://lists.w3.org/Archives/Public/public-device-
apis/2010Feb/att-0161/minutes-2010-02-24.html][14]

<fjh> proposed RESOLUTION: Minutes from 24 February approved

**RESOLUTION: Minutes from 24 February approved**

### Editorial updates

<fjh> pls look at policy requirements

<fjh> [http://dev.w3.org/2009/dap/policy-reqs/#privacy-considerations][15]

<fjh> privacy paper

<fjh> [http://lists.w3.org/Archives/Public/public-device-
apis/2010Feb/0174.html][16]

### Policy, privacy and security

Paddy: Feedback requested on my input

All in req doc

Alissa: Think of a way to formalize the different req we have

4 diff categories of reqs

Based on work in Geo-location work

<dom> [Alissa's message on framework for privacy requirements (ref
ACTION-77)][17]

fjh: Article in NY Times on privacy issues. Fjh to forward

<fjh> **ACTION:** alissa to provide draft text for requirements document
summarizing 4 privacy aspects and other suggested changes to privacy material
[recorded in [http://www.w3.org/2010/03/03-dap-minutes.html#action02][18]]

<trackbot> Sorry, couldn't find user - alissa

<dom> **ACTION:** John to provide draft text for requirements document
summarizing 4 privacy aspects and other suggested changes to privacy material
[recorded in [http://www.w3.org/2010/03/03-dap-minutes.html#action03][19]]

<trackbot> Created ACTION-98 - Provide draft text for requirements document
summarizing 4 privacy aspects and other suggested changes to privacy material
[on John Morris - due 2010-03-10].

<dom> [Alissa hasn't been nominated to the group yet; I gave the action to
John as a proxy for the time being]

<jmorris> dom, good, thanks

<dom> alissa, if you could look into getting officially nominated to the group
as CDT rep, this would be useful

<alissa> sure

<fjh> claes - REST DAP Web Server to access to local resources

<fjh> proposal for how API access control through "user authorization" and/

<fjh> or "pre-arranged trust" through a policy framework can fit into a REST

<fjh> based architecture."

<fjh> [http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0017.html][20]

<fjh> claes notes this was based on prototype project

<fjh> ... goal to show architecture of device including local web server for
accessing device resources

<fjh> ... how to implement security, including authentication and
authorization

<fjh> [http://lists.w3.org/Archives/Public/www-archive/2010Mar/att-0004/SEMC_-
_Local_REST_APIs.pdf][21]

<fjh> mark notes has looked at it briefly local web server acting as provider
fits powerbox

Mark: This fits in the Powerbox

<fjh> claes notes have implemented authorization based on authenticated
identity, but not prearrranged trust

<Zakim> fjh, you wanted to ask about javascript apis and policy

<fjh> **ACTION:** claes to provide more detailed proposal aligned with
powerbox proposal [recorded in [http://www.w3.org/2010/03/03-dap-
minutes.html#action04][22]]

<trackbot> Created ACTION-99 - Provide more detailed proposal aligned with
powerbox proposal [on Claes Nilsson - due 2010-03-10].

bsulliva: Good ideas. Incorporate into Powerbox model.

<fjh> Powerbox and Privacy

<fjh> [http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0023.html][23]

fjh: Privacy information for user would help she to make a decsion

<fjh> My suggestion is that when user selects provider, could take privacy
into account when making that decision

<jmorris> [dom, alissa is now a member of the WG, if it is possible to shift
action-98 to her. But it can stay with me if it is simpler]

<dom> [thx, jmorris, ACTION-98 is now assigned to alissa]

<tlr> [P3P had automated negotiation in early versions, but abolished that
later on]

Mark: No feedback that a Provider obeys the policy

Who is peaking?

speaking

<darobin> jmorris

<fjh> concern from mark - user not confuse privacy policy statement with
enforcement

<fjh> concern from mark - policy might not be useful, like EULA

<fjh> similar to NYT article concern

<fjh> mark asks about use of P3P here?

<fjh> mark notes standard markings rather than reading text

<fjh> +1

jmorris: Multiple choice structure would help

<dom> [Web Security Context Working Group][24]

Can we pull in something from this WG?

<fjh> tlr notes tyler edited requirements note that might have some useful
information

tlr: Standardizing UI practices is extremely hard

alissa: Might something between no policy expression at all and a strict
policy

<fjh> jmorris notes there is a limited set of privacy policy points that are
very important

<fjh> location - redistribution, retention

<fjh> **ACTION:** jmorris to share information on key important privacy policy
aspects relevant to DAP [recorded in [http://www.w3.org/2010/03/03-dap-
minutes.html#action05][25]]

<trackbot> Created ACTION-100 - Share information on key important privacy
policy aspects relevant to DAP [on John Morris - due 2010-03-10].

UMP long thread....

<fjh> UMP, [http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0016.html][26]

<fjh> mark notes that CORS uses UMP as a mode of operation

Mark: Key thing is that the request to the provider must be a UMP message

fjh: Has an issue with dependencies

<fjh> robin notes could use subset of UMP, avoiding risks

Robin: We do not need the whole UMP spec, a subset ok

<fjh> OpenProvider Proposal for A/V Capture

<fjh> [http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0021.html][27]

richt: Powerbox falls down between the web app and the Provider

OpenProvider an E2E data exchange structure from the Provider to the Web App

Allow the OpenProvider to do user interaction

Essentially a basic container with extension nodes

Richt will spec this up during coming week

<fjh> mark asks if this is a replacement for mime type and class in powerbox

<fjh> richt notes this is complementary to powerbox

OpenProvider is based on OpenSearch

that makes it possible to install search providers in browsers

<fjh> richt notes that javascript api then links to browser opensearch
extensibility mechanism

OpenProvider uses JS APIs to be able to transfer parameters

fjh asks how this integrates into the Powerbox model

Richt: explained by Robin's walkthrough (section?)

<fjh> richt notes that integration with Powerbox along line of data exchange
as provided in Robin's walkthrough

<fjh> mark asks about layering on top of powerbox spec

Mark: Can OpenProvider be layered ontop of Powerbox?

<darobin> [I would like to point out that my walkthrough liberally filled out
holes in bits of PB that I couldn't figure out — it's not representative of
the original]

Richt: will spec this up and we can have a discussion

Mark: Powerbox is very simple and therefore proposing a layered decison

<Zakim> fjh, you wanted to ask about policy and WebIDL

<dom> [Bryan's comments on OpenProvider][28]

bsulliva: Proxy (Bondi PEP) similar as a mediator between the web app and the
resource

<dom> [Proxy provider, from Mark][29]

Richt: Agress with Mark, OpenProvider brings more complexity but thinks it is
useful

<fjh> **ACTION:** richt to have more detailed proposal regarding OpenProvider,
discussing relationship to Powerbox [recorded in [http://www.w3.org/2010/03/03
-dap-minutes.html#action06][30]]

<trackbot> Sorry, couldn't find user - richt

<dom> **ACTION:** richard to have more detailed proposal regarding
OpenProvider, discussing [recorded in [http://www.w3.org/2010/03/03-dap-
minutes.html#action07][31]]

<trackbot> Created ACTION-101 - Have more detailed proposal regarding
OpenProvider, discussing [on Richard Tibbett - due 2010-03-10].

fjh: Help with privacy and policy at F2F requested. Submit suggestions on list

bsulliva: UWA wiki evolving aligment of properties

<dom> [UWA Wiki][32]

<darobin> hmpf

<darobin> well, anything else to bring up in APIs?

<darobin> I was asking if people would help out with trying out existing
examples in REST/PB

<fjh> please complete actions before f2f [http://lists.w3.org/Archives/Public
/public-device-apis/2010Mar/][33] 0024.html

<dom> ACTION-96?

<trackbot> ACTION-96 -- Robin Berjon to rewrite existing examples as PowerBox
-- due 2010-03-03 -- OPEN

<trackbot> [http://www.w3.org/2009/dap/track/actions/96][34]

<darobin> ah well

<darobin> so I'll be doing some of that, but if people want to help out, I'll
be happy to take the help :)

<darobin> that's all — anything else in APIs?

<darobin> well if there's no AOB — let's all go to bed!

Sorry for spelling errors, trying to type fast :-)

<fjh> adjourned

## Summary of Action Items

**[NEW]** **ACTION:** alissa to provide draft text for requirements document
summarizing 4 privacy aspects and other suggested changes to privacy material
[recorded in [http://www.w3.org/2010/03/03-dap-minutes.html#action02][18]]

**[NEW]** **ACTION:** claes to provide more detailed proposal aligned with
powerbox proposal [recorded in [http://www.w3.org/2010/03/03-dap-
minutes.html#action04][22]]

**[NEW]** **ACTION:** Dom to reserve Zakim for Prague F2F [recorded in
[http://www.w3.org/2010/03/03-dap-minutes.html#action01][13]]

**[NEW]** **ACTION:** jmorris to share information on key important privacy
policy aspects relevant to DAP [recorded in [http://www.w3.org/2010/03/03-dap-
minutes.html#action05][25]]

**[NEW]** **ACTION:** John to provide draft text for requirements document
summarizing 4 privacy aspects and other suggested changes to privacy material
[recorded in [http://www.w3.org/2010/03/03-dap-minutes.html#action03][19]]

**[NEW]** **ACTION:** richard to have more detailed proposal regarding
OpenProvider, discussing [recorded in [http://www.w3.org/2010/03/03-dap-
minutes.html#action07][31]]

**[NEW]** **ACTION:** richt to have more detailed proposal regarding
OpenProvider, discussing relationship to Powerbox [recorded in
[http://www.w3.org/2010/03/03-dap-minutes.html#action06][30]]


[End of minutes]

* * *

Minutes formatted by David Booth's [scribe.perl][35] version 1.135 ([CVS
log][36])

$Date: 2009-03-02 03:52:20 $

   [1]: http://www.w3.org/Icons/w3c_home

   [2]: http://www.w3.org/

   [3]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0025.html

   [4]: http://www.w3.org/2010/03/03-dap-irc

   [5]: #agenda

   [6]: #item01

   [7]: #item02

   [8]: #item03

   [9]: #item04

   [10]: #ActionSummary

   [11]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0043.html

   [12]: http://www.w3.org/2002/09/wbs/43696/prague-2010/

   [13]: http://www.w3.org/2010/03/03-dap-minutes.html#action01

   [14]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Feb/att-0161/minutes-2010-02-24.html

   [15]: http://dev.w3.org/2009/dap/policy-reqs/#privacy-considerations

   [16]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Feb/0174.html

   [17]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0027.html

   [18]: http://www.w3.org/2010/03/03-dap-minutes.html#action02

   [19]: http://www.w3.org/2010/03/03-dap-minutes.html#action03

   [20]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0017.html

   [21]: http://lists.w3.org/Archives/Public/www-archive/2010Mar/att-0004
/SEMC_-_Local_REST_APIs.pdf

   [22]: http://www.w3.org/2010/03/03-dap-minutes.html#action04

   [23]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0023.html

   [24]: http://www.w3.org/2006/WSC/

   [25]: http://www.w3.org/2010/03/03-dap-minutes.html#action05

   [26]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0016.html

   [27]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0021.html

   [28]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0032.html

   [29]: http://lists.w3.org/Archives/Public/public-device-
apis/2010Mar/0041.html

   [30]: http://www.w3.org/2010/03/03-dap-minutes.html#action06

   [31]: http://www.w3.org/2010/03/03-dap-minutes.html#action07

   [32]: http://www.w3.org/2007/uwa/wiki/Main_Page

   [33]: http://lists.w3.org/Archives/Public/public-device-apis/2010Mar/

   [34]: http://www.w3.org/2009/dap/track/actions/96

   [35]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm

   [36]: http://dev.w3.org/cvsweb/2002/scribe/