# Device APIs and Policy Working Group Teleconference ## 12 May 2010 [Agenda][3] See also: [IRC log][4] ## Attendees Present fjh, Thomas, +1.202.436.aaaa, +358.504.86aacc, +1.301.581.aadd, LauraA, +1.202.637.aaee, jmorris, ilkka, +035850486aaff, enewland, alissa, AnssiK, Ingmar_Kliche, paddy, Bryan_Sullivan, richt, Frederick_Hirsch, Thomas_Roessler, Alissa_Cooper, Ilkka_Oksanen, John_Morris, Anssi_Kostiainen, Dzung_Tran, Paddy_Byers, Soonho_Lee, Richard_Tibbett Regrets Claes_Nilsson, Jun_Liao, Marco_Marengo, Robin_Berjon, Dom Chair Frederick_Hirsch Scribe jmorris ## Contents * [Topics][5] 1. [Administrative][6] 2. [Minutes Approval][7] 3. [Policy framework][8] 4. [Policy requirements][9] 5. [Privacy][10] 6. [Sysinfo][11] 7. [contacts, calendar][12] * [Summary of Action Items][13] * * * Date: 12 May 2010 ### Administrative ScribeNick: jmorris fjh: agenda review ### Minutes Approval 5 May 2010 [http://lists.w3.org/Archives/Public/public-device- apis/2010May/att-0014/minutes-2010-05-05.html][14] **RESOLUTION: 5 May 2010 Minutes approved** ### Policy framework [http://dev.w3.org/2009/dap/policy/][15] fjh: we have general agreement on trust domains being done explicitly ... asking paddy on agreement with this paddy: yes ... target in nokia model is the trust domain ... we separate out trust domain from rest of document ... some cases we have to work through fjh: lots of benefit about being explicit about trust domains ... being explicit will enable simplification ... like to suggest formal resolution ... proposing resolution: We will use explicit trust domains in the policy framework paddy: notes that XACML policy expressions can be refactored ... for useful cases, one can mechanically convert one expression from another LauraA: we would name a policy set for a trust domain and within domain ... we can have individual policies? paddy: to be able to express the same things ... ... in BONDI you can have multiple targets ... you must be able to define the same thing in different trust domains ... all of the things you can do with a BONDI policy, you must also be able to do for a trust domain ... principle of separating def. of target and def. of rules is possible ... when you write trust domains, you have to have the same functionality as with BONDI fjh: this may be an 80/20 situation, where you do not meet this ... good to identify the 20 percent paddy: Agree we should look at use cases bryan: clarification on wording ... don't you mean the ability to define explicit trust domains fjh: there must be a trust domain bryan: might the absence of an explicit domain imply an implicit trust default domain fjh: we might be able to accommodate this ... we might be able to pre-define some trust domains ... if you don't know what trust domain, then "untrusted" bryan: we are not defining trust domains themselves ... we are defining ability to define t.d.s ... not talking about "home" "work" ... we are not just trying to define a set paddy: goal is to separate target from rules proposed RESOLUTION: make trust domain model an explicit and separate part of policy framework paddy: we also may identify some well known trust domains **RESOLUTION: WG will make trust domain model an explicit and separate part of policy framework** fjh: referring to earlier comment by LauraA ... suggest we take schema material in separate document +1 LauraA: some of sections suggested to go under framework already have features of profiling suggest separation, see [http://lists.w3.org/Archives/Public/public- device-apis/2010May/0052.html][16] LauraA: not 100% clean separation between those two schemes ... 3.3 to 3.5 for example are already part of naming of GML? language fjh: there is some overlap but want to take a pass on separating model paddy: the source of the bondi document had the model in two separate parts ... there is a dictionary that is shared fjh: can you do more editorial work? LauraA: okay but good if someone can help possible **ACTION:** LauraA to work on framework document to inject more separation LauraA: your e-mail to simplify flows ... is fjh's suggestion to take nokia's flows and simplify fjh: where can we simply if possible ... we have a model with lots of features, but can we simplify ... we will get more adoption if simpler ... if you nokia one send message to list for seek on help on particular sections if Laura needs help on a specific section or subject I can take the request by email and will provide some text scribe: may have existing action ACTION-152? ACTION-152 -- Laura Arribas to edit policy framework, reviewing BONDI material and editorial update -- due 2010-05-05 -- OPEN [http://www.w3.org/2009/dap/track/actions/152][17] LauraA: I can keep working on ACTION-152 fjh: we can work on the list on this [http://lists.w3.org/Archives/Public/public-device- apis/2010May/0038.html][18] fjh: claus also had a message ... he is saying that there is work to be done paddy: my take on that is that we need to be sure to have the right set of attributes to define the widget or whatever ACTION-45? ACTION-45 -- David Rogers to provide use case with threat model scenarios -- due 2010-03-16 -- OPEN [http://www.w3.org/2009/dap/track/actions/45][19] ACTION-104? ACTION-104 -- David Rogers to add use case related to ISSUE-37 -- due 2010-03-17 -- OPEN [http://www.w3.org/2009/dap/track/actions/104][20] ACTION-145? ACTION-145 -- Bryan Sullivan to provide an architectural flow for Policy Reqs -- due 2010-03-25 -- OPEN [http://www.w3.org/2009/dap/track/actions/145][21] fjh: looking at actions ### Policy requirements ACTION-166? ACTION-166 -- Frederick Hirsch to review policy requirements and propose changes -- due 2010-05-05 -- OPEN [http://www.w3.org/2009/dap/track/actions/166][22] fjh: I will look at them this week ACTION-167? ACTION-167 -- Dominique Hazaƫl-Massieux to make a concrete proposal for policy framework based on his comments [http://lists.w3.org/Archives/Public/public-device-apis/2010Apr/0030.html][23] -- due 2010-05-19 -- OPEN [http://www.w3.org/2009/dap/track/actions/167][24] ### Privacy fjh: I noticed paper re P3P trying to come up with labels alissa: it is cited in ruleset document pointer? fjh: nothing more on privacy right now? alissa: still waiting for ruleset attributes are mutually exclusive ... robin has this question [http://cups.cs.cmu.edu/soups/2009/proceedings/a4-kelley.pdf][25] alissa: conversation on list re mutual exclusivity ... waiting for response ### Sysinfo [http://lists.w3.org/Archives/Public/public-device- apis/2010May/0015.html][26] fjh: next week we will decide on call whether to go to last call ... bunch of issues ... mohammed had comments, max dealt with them ... jonas had comment [http://lists.w3.org/Archives/Public/public-device- apis/2010May/0029.html][27] fjh: naming issue got resolved ... we need to be sure we are ready for last call [http://lists.w3.org/Archives/Public/public-device- apis/2010May/0026.html][28] fjh: maxf resolved timeless issues [http://lists.w3.org/Archives/Public/public-device- apis/2010May/0017.html][29] fjh: one issue to discuss: jonas how data is to be used ... we need to respond ... this is open [http://lists.w3.org/Archives/Public/public-device- apis/2010May/0039.html][30] fjh: second open issue is what is motivation to having some much data ... this is a minimization things, we are trying to deal with this ... we might want to fix the privacy stuff up some ACTION-58? ACTION-58 -- Bryan Sullivan to make a concrete proposal with a vocabulary-based approach to system & events, with a few examples (e.g. battery level) -- due 2009-11-11 -- OPEN [http://www.w3.org/2009/dap/track/actions/58][31] ACTION-116? ACTION-116 -- Bryan Sullivan to provide input on DCO mapping for SysInfo -- due 2010-03-24 -- OPEN [http://www.w3.org/2009/dap/track/actions/116][32] fjh: we need to really get it ready action-58: bryan notes sysinfo api facilitates this now ACTION-58 Make a concrete proposal with a vocabulary-based approach to system & events, with a few examples (e.g. battery level) notes added bryan: this has been addressed action-58 closed ACTION-58 Make a concrete proposal with a vocabulary-based approach to system & events, with a few examples (e.g. battery level) closed fjh: looking at ACTION-116 bryan: this is done action-116 closed ACTION-116 Provide input on DCO mapping for SysInfo closed bryan: mapping on explicit options in API action-162? ACTION-162 -- Robin Berjon to make SysInfo ready for pub -- due 2010-04-21 -- OPEN [http://www.w3.org/2009/dap/track/actions/162][33] alissa: I proposed temporary language for all APIs re privacy framework action-169? ACTION-169 -- Frederick Hirsch to insert temporary privacy language into the APIs. -- due 2010-05-05 -- OPEN [http://www.w3.org/2009/dap/track/actions/169][34] alissa: this might help jonas fjh: uncomfortable to blast away existing text ... so it would good for individual editors to add this text ... richard, maybe can you work on this ... alissa sent language to the list [http://lists.w3.org/Archives/Public/public-device- apis/2010Apr/0086.html][35] fjh: real issue is making sure that maxf's conclusion on these threads is complete ... we are close on last call ... that is all on Sysinfo **ACTION:** fjh to confirm status of sysinfo comment handling with max, and add privacy text [recorded in [http://www.w3.org/2010/05/12-dap- minutes.html#action01][36]] Created ACTION-172 - Confirm status of sysinfo comment handling with max, and add privacy text [on Frederick Hirsch - due 2010-05-19]. fjh: other topics?? messaging? ### contacts, calendar on the list richt: I am still catching up and will go to list fjh: anything we should discuss now? richt: parameter passing discussion? fjh: do not want to decide without robin ... might be better on list ... wrapping up ... all editors - please look at privacy text ## Summary of Action Items **[NEW]** **ACTION:** fjh to confirm status of sysinfo comment handling with max, and add privacy text [recorded in [http://www.w3.org/2010/05/12-dap- minutes.html#action01][36]] [End of minutes] * * * Minutes formatted by David Booth's [scribe.perl][37] version 1.135 ([CVS log][38]) $Date: 2009-03-02 03:52:20 $ [1]: http://www.w3.org/Icons/w3c_home [2]: http://www.w3.org/ [3]: http://lists.w3.org/Archives/Public/public-device- apis/2010May/0044.html [4]: http://www.w3.org/2010/05/12-dap-irc [5]: #agenda [6]: #item01 [7]: #item02 [8]: #item03 [9]: #item04 [10]: #item05 [11]: #item06 [12]: #item07 [13]: #ActionSummary [14]: http://lists.w3.org/Archives/Public/public-device- apis/2010May/att-0014/minutes-2010-05-05.html [15]: http://dev.w3.org/2009/dap/policy/ [16]: http://lists.w3.org/Archives/Public/public-device- apis/2010May/0052.html [17]: http://www.w3.org/2009/dap/track/actions/152 [18]: http://lists.w3.org/Archives/Public/public-device- apis/2010May/0038.html [19]: http://www.w3.org/2009/dap/track/actions/45 [20]: http://www.w3.org/2009/dap/track/actions/104 [21]: http://www.w3.org/2009/dap/track/actions/145 [22]: http://www.w3.org/2009/dap/track/actions/166 [23]: http://lists.w3.org/Archives/Public/public-device- apis/2010Apr/0030.html [24]: http://www.w3.org/2009/dap/track/actions/167 [25]: http://cups.cs.cmu.edu/soups/2009/proceedings/a4-kelley.pdf [26]: http://lists.w3.org/Archives/Public/public-device- apis/2010May/0015.html [27]: http://lists.w3.org/Archives/Public/public-device- apis/2010May/0029.html [28]: http://lists.w3.org/Archives/Public/public-device- apis/2010May/0026.html [29]: http://lists.w3.org/Archives/Public/public-device- apis/2010May/0017.html [30]: http://lists.w3.org/Archives/Public/public-device- apis/2010May/0039.html [31]: http://www.w3.org/2009/dap/track/actions/58 [32]: http://www.w3.org/2009/dap/track/actions/116 [33]: http://www.w3.org/2009/dap/track/actions/162 [34]: http://www.w3.org/2009/dap/track/actions/169 [35]: http://lists.w3.org/Archives/Public/public-device- apis/2010Apr/0086.html [36]: http://www.w3.org/2010/05/12-dap-minutes.html#action01 [37]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [38]: http://dev.w3.org/cvsweb/2002/scribe/