- From: <noah_mendelsohn@us.ibm.com>
- Date: Thu, 23 Jul 2009 17:58:15 -0400
- To: public-geolocation@w3.org
- Cc: Angel Machín <angel.machin@gmail.com>, www-tag@w3.org
The TAG very much appreciates the invitation to review the Geolocation API
Specification Last Call Working Draft [1]. On our teleconference today
(minutes not yet available), the TAG discussed your request for a review.
The TAG is very interested in your work, but given the difficulties of
summer scheduling, it will not be possible for us to do a formal review
during the official July review period.
At least one area of concern has been raised and briefly discussed by the
TAG. From [2]:
----
4 Security and privacy considerations
The API defined in this specification can be used to retrieve the
geographic location of a hosting device. In almost all cases, this
information also discloses the location of the user of the device, thereby
potentially compromising the user's privacy. A conforming implementation
of this specification must provide a mechanism that protects the user's
privacy and this mechanism should ensure that no location information is
made available without the user's express permission.
----
Although we have taken no formal position at this time, I have been asked
to convey to you a portential concern that the above text does not go far
enough. Protecting users' privacy and providing them with appropriate
control is obviously important, and there is some worry that the current
formulation puts too much responsibility on individual implementors. So,
we suggest that you give this area further thought.
The TAG will hold a few teleconferences over the summer, but we will not
get back to a regular schedule and full attendence until the fall. So, we
would also appreciate guidance as to whether more detailed reviews
undertaken in late summer or in early fall would still be useful to you.
Also: please keep in mind that, given the wide range of W3C and other
efforts with which we are involved, it is not practical to ask TAG members
to subscribe to lists like public-geolocation. So, we would be grateful
if you would hold further discussion of this concern on our public
www-tag@w3.org list, cc:'ing your list or not as you prefer.
Thank you very much.
Noah
P.S. Tracker, I believe this email discharges TAG ACTION-290, status of
which I am changing to PENDING REVIEW
[1] http://www.w3.org/TR/2009/WD-geolocation-API-20090707/
[2] http://www.w3.org/TR/2009/WD-geolocation-API-20090707/#security
--------------------------------------
Noah Mendelsohn
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------
Angel Machín <angel.machin@gmail.com>
Sent by: chairs-request@w3.org
07/08/2009 08:58 AM
To: janina@rednote.net, art.barstow@nokia.com,
chaals@opera.com, Mary_Ellen_Zurko@notesdev.ibm.com, tlr@w3.org,
dom@w3.org, dsr@w3.org, chris@w3.org, daniel.appelquist@vodafone.com,
dahl@conversational-technologies.com, rbarnes@bbn.com, acooper@cdt.org,
bondi@omtp.org, jferrai@us.ibm.com, Lars Erik Bolstad
<lbolstad@opera.com>, Matt Womer <mdw@w3.org>, chairs@w3.org
cc: (bcc: Noah Mendelsohn/Cambridge/IBM)
Subject: Geolocation Last Call
Hello Chairs,
On behalf of Lars Erik Bolstad, the other co-chair of this WG, and I:
The Geolocation Working Group has published the Geolocation API
Specification as a Last Call Working Draft on 7 July 2009:
http://www.w3.org/TR/geolocation-API/
Feedback on this document would be appreciated through 31 July 2009
via mail to public-geolocation@w3.org.
In particular we are requesting review from the Web Application WG,
Device APIs, Web Security Context, Ubiquitous Web Applications, Mobile
Web Best Practices, Hypertext Coordination, Protocols and Formats
Working Group and also GEOPRIV, BONDI and OpenAJAX Alliance.
The Group made the decision to go to Last Call:
http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/0161.html
No patent disclosures have been made for this specification.
Thanks,
Angel Machin
Geolocation WG co-Chair
Received on Thursday, 23 July 2009 21:56:41 UTC