- From: Harry Halpin <hhalpin@ibiblio.org>
- Date: Wed, 27 Jan 2010 17:45:56 +0000
- To: public-xg-socialweb@w3.org
More from Thomas on how the privacy issue crops up even further, now with Contact APIs. Are contacts like a filesystem? ---------- Forwarded message ---------- From: Thomas Roessler <tlr@w3.org> Date: Wed, Jan 27, 2010 at 3:55 PM Subject: Re: A comment on Security and Privacy Implications for Contact APIs To: noah_mendelsohn@us.ibm.com Cc: Thomas Roessler <tlr@w3.org>, public-device-apis@w3.org, www-tag@w3.org On 27 Jan 2010, at 16:14, noah_mendelsohn@us.ibm.com wrote: > For the above reasons, it seems to me that an appropriate mechanism for > the contacts API will likely involve an ability not just to ask for > permission, but to clarify the subset of the contacts for which access is > being granted. It may also be necessary to separate access for purposes > of searching vs. access for purposes of display, transmission or > republication. It strikes me that an address book in some ways behaves similarly to a file system: Just like my file system includes some data that I'm happy to make accessible to some web sites, my address book will include things like a company's hotline. And then there is the mobile phone number (or the complete dump of a company's LDAP directory) that, if disclosed, will get me into real trouble. This suggests that building the API so it deals with some specific subset (and generally doesn't make decisions about the *entire* address book) is really important.
Received on Wednesday, 27 January 2010 17:46:29 UTC