- From: <noah_mendelsohn@us.ibm.com>
- Date: Thu, 23 Jul 2009 17:58:15 -0400
- To: public-geolocation@w3.org
- Cc: Angel Machín <angel.machin@gmail.com>, www-tag@w3.org
The TAG very much appreciates the invitation to review the Geolocation API Specification Last Call Working Draft [1]. On our teleconference today (minutes not yet available), the TAG discussed your request for a review. The TAG is very interested in your work, but given the difficulties of summer scheduling, it will not be possible for us to do a formal review during the official July review period. At least one area of concern has been raised and briefly discussed by the TAG. From [2]: ---- 4 Security and privacy considerations The API defined in this specification can be used to retrieve the geographic location of a hosting device. In almost all cases, this information also discloses the location of the user of the device, thereby potentially compromising the user's privacy. A conforming implementation of this specification must provide a mechanism that protects the user's privacy and this mechanism should ensure that no location information is made available without the user's express permission. ---- Although we have taken no formal position at this time, I have been asked to convey to you a portential concern that the above text does not go far enough. Protecting users' privacy and providing them with appropriate control is obviously important, and there is some worry that the current formulation puts too much responsibility on individual implementors. So, we suggest that you give this area further thought. The TAG will hold a few teleconferences over the summer, but we will not get back to a regular schedule and full attendence until the fall. So, we would also appreciate guidance as to whether more detailed reviews undertaken in late summer or in early fall would still be useful to you. Also: please keep in mind that, given the wide range of W3C and other efforts with which we are involved, it is not practical to ask TAG members to subscribe to lists like public-geolocation. So, we would be grateful if you would hold further discussion of this concern on our public www-tag@w3.org list, cc:'ing your list or not as you prefer. Thank you very much. Noah P.S. Tracker, I believe this email discharges TAG ACTION-290, status of which I am changing to PENDING REVIEW [1] http://www.w3.org/TR/2009/WD-geolocation-API-20090707/ [2] http://www.w3.org/TR/2009/WD-geolocation-API-20090707/#security -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 -------------------------------------- Angel Machín <angel.machin@gmail.com> Sent by: chairs-request@w3.org 07/08/2009 08:58 AM To: janina@rednote.net, art.barstow@nokia.com, chaals@opera.com, Mary_Ellen_Zurko@notesdev.ibm.com, tlr@w3.org, dom@w3.org, dsr@w3.org, chris@w3.org, daniel.appelquist@vodafone.com, dahl@conversational-technologies.com, rbarnes@bbn.com, acooper@cdt.org, bondi@omtp.org, jferrai@us.ibm.com, Lars Erik Bolstad <lbolstad@opera.com>, Matt Womer <mdw@w3.org>, chairs@w3.org cc: (bcc: Noah Mendelsohn/Cambridge/IBM) Subject: Geolocation Last Call Hello Chairs, On behalf of Lars Erik Bolstad, the other co-chair of this WG, and I: The Geolocation Working Group has published the Geolocation API Specification as a Last Call Working Draft on 7 July 2009: http://www.w3.org/TR/geolocation-API/ Feedback on this document would be appreciated through 31 July 2009 via mail to public-geolocation@w3.org. In particular we are requesting review from the Web Application WG, Device APIs, Web Security Context, Ubiquitous Web Applications, Mobile Web Best Practices, Hypertext Coordination, Protocols and Formats Working Group and also GEOPRIV, BONDI and OpenAJAX Alliance. The Group made the decision to go to Last Call: http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/0161.html No patent disclosures have been made for this specification. Thanks, Angel Machin Geolocation WG co-Chair
Received on Thursday, 23 July 2009 21:56:41 UTC