Re: lightly edited TAG input to DAP WG per 8 Oct and tell Noah from noah_mendelsohn@us.ibm.com on 2009-12-03 (www-tag@w3.org from December 2009)

From: <noah_mendelsohn@us.ibm.com>
Date: Thu, 3 Dec 2009 10:57:29 -0500
To: Larry Masinter <masinter@adobe.com>
Cc: "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <OF6EFDDC73.BF59E65A-ON85257681.0056C9C7-85257681.0057ABE8@lotus.com>

Thank you, Larry, for preparing these edits.  As you know, I have 
ACTION-318, which is to actually transmit to the DAP working group (given 
the discussion at the F2F, I am planning also to cc: the Geolocation 
folks.  The text I propose to send is the following.  For the most part, 
it is identical to yours, but the following changes have been made:

* I've made the change suggested by Jonathan

* I reintroduced the mention of "extension mechanisms", which has been 
important to me throughout.  It was in the earlier drafts, and I don't 
think we had any discussion suggesting it should be removed.

* I've changed the style of link references to [X] as is our custom.

I don't think this strictly requires formal review from the TAG, but I'll 
leave it until later this afternoon in case anyone wants to ask me to hold 
off.  I do think this has had enough review, and we should move ahead 
without further delay. 

===============Proposed Final Text===============
To: public-device-apis@w3.org  
Cc: public-geolocation@w3.org 

The W3C Policy Languages Interest Group maintains a Wiki [1] which 
contains real world cases where personal information has been compromised 
due to 
inadequate policy or poor/nonexistent enforcement. One of these cases 
describes how Virgin Mobile used photos that it found on Flickr in a 
national advertising program.  The photos appeared on large billboards, 
much to the surprise of the owner and the subject. 
 
In the public mind, issues related to the management and protection of 
user information in Web Applications, Device access over the Web and 
Services provided over the Web loom large and must be addressed.  The TAG, 
therefore, urges WGs working in these areas to include in their 
architecture the ability to communicate policy information so that it can 
be used to determine correct access to and retention of user data and 
resources. Addressing these concerns should be a requirement, although the 
details of how they are addressed may vary by application. For example, a 
working group might provide mechanisms for including policy information in 
API calls in a flexible manner, perhaps by using some more generalized 
extensibility mechanism.
 
There has been some dialog in this area.  The IETF GeoPriv WG has 
requested [2] the W3C Geolocation WG to add additional support for user 
privacy. There is a discussion thread on this subject on the Geolocation 
Mailing list [3].

Thank you very much.

Noah Mendelsohn
For the W3C Technical Architecture Group

[1] http://www.w3.org/Policy/pling/wiki/InterestingCases
[2] 
http://lists.w3.org/Archives/Public/public-geolocation/2009Aug/0006.html
[3] 
http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/thread.html#msg98 


==============================
--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------

Received on Thursday, 3 December 2009 15:58:24 UTC