ACTION-190 Right disclaimer for API document from Soohong Daniel Park on 2009-12-01 (public-media-annotation@w3.org from December 2009)

From: Soohong Daniel Park <soohong.park@samsung.com>
Date: Tue, 01 Dec 2009 19:56:03 +0900
To: public-media-annotation@w3.org
Message-id: <004601ca7274$e061a970$a124fc50$%park@samsung.com>

Folks, 

This is an initial text for ACTION-190, and some of comments accordingly.
Thanks Wonsuk for helping out.

==============================
Security Considerations
[Editorial note]
It is required to be considered in the perspectives of developer, user and
content's provider. This will be revised with more security issues.
This section is informative.
This specification defines a client-side API to access metadata information
related to media resources on the Web. These APIs will provide the methods
for getting and setting metadata information which can be in one of
different formats, either as separate document or embedded in media
resources. So far concerning the setting method, there could be security
consideration issues.
There are related activity and technical documents in W3C such as Device API
Policy Requirements [1] in DAP WG, Open Digital Rights Language (ODRL)
Version 1.1 [2], The Platform for Privacy Preferences 1.1 (P3P1.1)
Specification [3] and PLING Wiki [4].
[1] Device API Policy Requirements in DAP WG
http://dev.w3.org/2009/dap/policy-reqs/
[2] Open Digital Rights Language (ODRL) Version 1.1
http://www.w3.org/TR/odrl/
[3] The Platform for Privacy Preferences 1.1 (P3P1.1) Specification
http://www.w3.org/TR/P3P11/
[4] PLING Wiki
http://www.w3.org/Policy/pling/
==============================

Even if I've posted an initial text, here is a question for that section:

For MWAG, I do not think they need to consider it. Since the contents and
metadata in MAWG are hosted in the Web, for example Youtube, Pandora and
etc. These sites if they implement the MAWG API on their platform, they will
handle the security issue by their own, which is a cross domain topic in the
web development. If Youtbe, Pandora does not implement MAWG API, but other
3rd party libraries implemented, the 3rd party developer surely will utilize
the host sites' security solution to implement the API.

Am I missing anything ?



------
Soohong Daniel Park
Samsung Electronics, DMC R&D
http://sites.google.com/site/natpt00

Received on Tuesday, 1 December 2009 11:27:22 UTC