Re: Geolocation Last Call

The TAG very much appreciates the invitation to review the Geolocation API 
Specification Last Call Working Draft [1].  On our teleconference today 
(minutes not yet available), the TAG discussed your request for a review. 
The TAG is very interested in your work, but given the difficulties of 
summer scheduling, it will not be possible for us to do a formal review 
during the official July review period.

At least one area of concern has been raised and briefly discussed by the 
TAG.   From [2]:

----
4 Security and privacy considerations

The API defined in this specification can be used to retrieve the 
geographic location of a hosting device. In almost all cases, this 
information also discloses the location of the user of the device, thereby 
potentially compromising the user's privacy. A conforming implementation 
of this specification must provide a mechanism that protects the user's 
privacy and this mechanism should ensure that no location information is 
made available without the user's express permission. 
----

Although we have taken no formal position at this time, I have been asked 
to convey to you a portential concern that the above text does not go far 
enough.  Protecting users' privacy and providing them with appropriate 
control is obviously important, and there is some worry that the current 
formulation puts too much responsibility on individual implementors.  So, 
we suggest that you give this area further thought.

The TAG will hold a few teleconferences over the summer, but we will not 
get back to a regular schedule and full attendence until the fall.  So, we 
would also appreciate guidance as to whether more detailed reviews 
undertaken in late summer or in early fall would still be useful to you. 

Also:  please keep in mind that, given the wide range of W3C and other 
efforts with which we are involved, it is not practical to ask TAG members 
to subscribe to lists like public-geolocation.  So, we would be grateful 
if you would hold further discussion of this concern on our public 
www-tag@w3.org list, cc:'ing your list or not as you prefer.

Thank you very much.

Noah

P.S. Tracker, I believe this email discharges TAG ACTION-290, status of 
which I am changing to PENDING REVIEW

[1] http://www.w3.org/TR/2009/WD-geolocation-API-20090707/
[2] http://www.w3.org/TR/2009/WD-geolocation-API-20090707/#security

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------








Angel Machín <angel.machin@gmail.com>
Sent by: chairs-request@w3.org
07/08/2009 08:58 AM
 
        To:     janina@rednote.net, art.barstow@nokia.com, 
chaals@opera.com, Mary_Ellen_Zurko@notesdev.ibm.com, tlr@w3.org, 
dom@w3.org, dsr@w3.org, chris@w3.org, daniel.appelquist@vodafone.com, 
dahl@conversational-technologies.com, rbarnes@bbn.com, acooper@cdt.org, 
bondi@omtp.org, jferrai@us.ibm.com, Lars Erik Bolstad 
<lbolstad@opera.com>, Matt Womer <mdw@w3.org>, chairs@w3.org
        cc:     (bcc: Noah Mendelsohn/Cambridge/IBM)
        Subject:        Geolocation Last Call


Hello Chairs,

On behalf of Lars Erik Bolstad, the other co-chair of this WG, and I:

The Geolocation Working Group has published the Geolocation API
Specification as a Last Call Working Draft on 7 July 2009:
                 http://www.w3.org/TR/geolocation-API/

Feedback on this document would be appreciated through 31 July 2009
via mail to public-geolocation@w3.org.

In particular we are requesting review from the Web Application WG,
Device APIs, Web Security Context, Ubiquitous Web Applications, Mobile
Web Best Practices, Hypertext Coordination, Protocols and Formats
Working Group and also GEOPRIV, BONDI and OpenAJAX Alliance.

The Group made the decision to go to Last Call:
                 
http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/0161.html

No patent disclosures have been made for this specification.

Thanks,

Angel Machin
Geolocation WG co-Chair

Received on Thursday, 23 July 2009 21:56:41 UTC