[DRAFT] Device APIs and Policy Working Group Charter

This document is the draft new charter for the current Device APIs and Policy Working Group that was submitted for review to the W3C Advisory Commitee. Please see the final new charter .

The mission of the Device APIs ~~and Policy~~ Working Group is to create client-side APIs that enable the development of Web Applications ~~and Web Widgets~~ that interact with ~~devices~~ device hardware, services and applications such as ~~Calendar, Contacts, Camera, etc. Additionally, the group will produce a framework for the expression of security policies that govern access to security-critical APIs (such as~~ the ~~APIs listed previously).~~ camera, microphone, system sensors, native address books, calendars and native messaging applications.

End date	~~31 July 2011~~ 2013-06-30
Confidentiality	Proceedings are Public
Chairs	Robin Berjon, Frederick Hirsch
Team Contact (FTE %: ~~30)~~ 20)	Dominique ~~Hazaël-Massieux, Thomas Roessler~~ Hazaël-Massieux
Usual Meeting Schedule	Teleconferences: 1 per week Face-to-face: 3-4 per year (only as needed)

Goals

~~In December 2008, the W3C held a workshop on Security for Access to~~ The Device APIs ~~from the~~ Working Group aims at producing Web ~~. The goal~~ client-side APIs that facilitate deeper integration of ~~this workshop was~~ Web applications into advanced capabilities of their host devices.

These capabilities include access to ~~gather~~ a camera, microphone, address book, calendar, or system information such as network connection and ~~experiences in~~ battery level.

Adding these advanced features to the ~~device API space,~~ Web environment empowers Web developers to ~~start building community consensus about possible standardization work within W3C,~~ create richer and ~~to gather requirements to guide such work.~~ more context-aware Web applications.

~~Workshop participants discussed~~ Given the ~~need for standardization of technologies that would be required to provide access to security~~ sensitive ~~APIs from a web developer's perspective, the form these technologies should take, and the viability and practicalities of standardizing this work within W3C. At the end~~ nature of ~~this workshop,~~ the ~~participants discussed several potential topics for new standardization work (see~~ data and sensors to which these APIs grant access, the ~~Workshop Report for more details). The following high priority topics identified in this workshop are addressed in this charter: Declaration of~~ Working Group also aims at crafting APIs ~~such as Contacts - The mechanisms~~ that are both secure and privacy-enabling by ~~which a widget or~~ design, based on the current Web ~~Application can declare a dependency (with possible~~ browser security consequences) on an API API Patterns - What should be similar across many APIs, e.g. API design, error handling etc. Concrete APIs - Specific APIs that should be standardized Policy Description - An XML (or other) formalism describing a model. This entails reusing existing browser-based security ~~policy for concrete APIs.~~ metaphors where they apply and looking into innovative security and privacy mechanisms where they don’t.

Scope

The scope of this Working Group is this creation of API specifications for a ~~device's~~ device’s services that can be exposed to ~~Widgets and~~ Web ~~Applications.~~ applications . Devices in this context include desktop computers, laptop computers, mobile ~~internet~~ Internet devices (MIDs), cellular phones, etc. The scope also includes defining a framework for the expression of security policies that govern access of Web Applications and Widgets to security-critical APIs. To achieve this goal, the group will need to deal with the following items: policy expression proper, identification of APIs and identification of Web Applications TVs, cameras and Widgets. Among the principles that guide the policy framework are: Before developing a new policy expression language, existing languages (such as XACML) should be reviewed for suitability; The resulting policy model must be consistent with the existing same origin policies (as documented in the HTML5 specification), in the sense that a deployment of the policy model in Web browsers must be possible; The work should not be specific to either mobile or desktop environments, but may take differences between the environments into account Where practical, the API specifications should use the Web IDL formalism. other connected devices.

Priority will be given to developing simple and consensual APIs, leaving more complex features to future versions.

This Working ~~Group's~~ Group’s deliverables must address issues of accessibility , internationalization , mobility , ~~and~~ security and privacy .

Additionally, comprehensive test suites will be developed for each specification to ensure interoperability, and the group will create interoperability reports. The group will also maintain errata as required for the continued relevance and usefulness of the specifications it produces.

Success Criteria

To advance to Proposed Recommendation, each specification is expected to have two independent implementations of ~~each feature~~ all features defined in the ~~specification.~~ specification, including implementation on a constrained device (e.g. mobile phone, TV).

APIs that cannot be demonstrated to be implementable securely within the default browser context will not be released. This does not preclude these APIs to support use cases of installable Web applications.

Out of Scope

The ~~management~~ definition of a policy framework that would allow using the defined APIs into a different security ~~policies (e.g. by remote entities)~~ environment than the default browser context is out of the scope of for this group.

Deliverables

Recommendation-Track Deliverables

The working group will deliver ~~at least~~ the following specifications:

~~a set of Personal Information Management (PIM) APIs that includes:~~

Calendar ~~API~~ API, an API to access a calendar service (e.g. to add an entry, to edit an entry, to delete an ~~entry, etc.)~~ entry)
Tasks ~~API~~ API, an API to access a personal task management / organizer service (e.g. to add, edit, delete a ~~task, etc.)~~ task)
Contacts ~~API~~ API, an API to access a contacts or address book service (e.g. to add an entry, to edit an entry, to delete an ~~entry, etc.)~~ entry)
~~Camera API~~ Capture API, an API to manage a ~~device's~~ device’s camera and microphone, e.g. to take a picture or record a sound
Messaging ~~API~~ API, an API to ~~access a message service (e.g. to~~ create ~~a message, to~~ and send a ~~message, to delete a message, etc.).~~ message. The API is agnostic to the underlying messaging service (e.g. e-mail, SMS, ~~MMS, etc.).~~ MMS).

~~System Information and Events API an~~

An API to ~~access various system services e.g. battery level,~~ discover the current network ~~status, etc.~~ characteristics

~~FileSystem API, an~~

An API to ~~access the file system and perform basic operations (Create, Read, Update, Delete) and more complex operations (e.g. mount, unmount) - this~~ react to a device power status
An API ~~should be developed in coordination with the Web Applications Working Group File Upload specification~~ to retrieve data generically from sensors
~~Application Launcher API, an~~ An API that allows web applications to ~~discover, identify~~ register themselves as handlers/providers based on data string identifiers and ~~launch the platform's native applications Application Configuration API,~~ an API that enables other web applications to ~~manage application settings~~ discover these handlers/providers and user preferences User Interaction API, a set of APIs that gives a widget or website far better control of how it manifests itself on different platforms. This would include minimise/maximise functions, window size, alerting mechanisms etc. Communication Log API, an API gain permission to ~~access information about past communication events, such as sent emails, SMS, MMS, call events.~~ interact with them.
Gallery API, an API to manage the local media file storage

~~Security Policy Framework,~~

An API to ~~express security policies that govern access of Web Applications and widgets~~ manage vibration
An API to ~~security-critical APIs, including work on Identification of APIs~~ manage systems beeps

~~Identification of Web Applications and Widgets~~

An API to manage application menus

~~Definition~~

An API to read the current audio volume level of a ~~policy description language for security policies~~ device

~~Expression of security policies that govern access of Web Applications~~

An API for requesting and ~~Widgets~~ managing user permissions to ~~security-critical APIs~~ use device features
An API to discover devices and services on the same device, on the local network, or directly connected, e.g. by USB and Bluetooth.
Privacy Mechanism for Device APIs

Where practical, the API specifications should use the Web IDL formalism.

The Working Group may also enter into joint Task Forces with other groups (in particular with the Web Applications Working Group), to collaborate on specifications that cross group boundaries.

Other Deliverables

A comprehensive test suite for all features of a specification is necessary to ensure the ~~specification's~~ specification’s robustness, consistency, and implementability, and to promote interoperability between User Agents. Therefore, each specification must have a companion test suite, which should be completed by the end of the Last Call phase, and must be completed, with an implementation report, before transition from Candidate Recommendation to Proposed Recommendation. Additional tests may be added to the test suite at any stage of the Recommendation track, and the maintenance of a implementation report is encouraged.

The Working Group ~~will~~ may also document in a Working Group Note the useful design patterns shared by the APIs it is developing.

The Working Group is also planning to work on Best Practices for Privacy-sensitive Web applications, as well as documenting Privacy Use Cases and Requirements in Working Group Notes.

Other non-normative documents may be created such as:

Primers
Requirements and use case document for ~~specifications - these documents should also address non-mobile scenarios.~~ specifications.
Non-normative group notes

Given sufficient resources, this Working Group should review other working ~~groups'~~ groups’ deliverables that are identified as being relevant to the Working ~~Group's~~ Group’s mission.

Milestones

Note: The actual production of some of the deliverables may follow a different timeline. The group ~~will document~~ documents any schedule changes on the group home page .

~~2009Q3~~ 2011Q3: ~~The~~ Working Group ~~reviews~~ starts work under new charter and ~~compares existing starting points~~ calls for ~~the various deliverables, and establishes a detailed roadmap.~~ proposals for new deliverables
~~2009Q4-2010Q1~~ 2011Q4: ~~Deliverables with~~ Contacts API becomes a Candidate Recommendation; All deliverables have assigned editors ~~progress along Recommendation track.~~
~~2010Q2-2010Q3~~ 2012Q1: HTML Media Capture, Battery and Network APIs becomes Candidate Recommendations
2012Q2: All deliverables ~~are on Recommendation track.~~ have reached First Public Working Draft status
~~2011Q2~~ 2012Q4: All deliverables have reached Last Call status
2013Q2: All deliverables have reached Proposed Recommendation.

Dependencies

W3C Groups

This Working ~~Group's~~ Group’s specifications ~~will~~ depend upon some specifications being developed by other Working Groups for example the Web Applications Working ~~Group's~~ Group’s Web IDL specification.

This Working Group is not aware of any dependencies other Working ~~Groups'~~ Groups’ specifications have on this Working ~~Group's~~ Group’s specifications.

Liaisons

This Working Group expects to maintain contacts with at least the following groups and Activities within W3C (in alphabetical order):

Geolocation Working Group: The Geolocation Working Group is chartered to develop the Geolocation API ~~Specification. During Workshop discussions, this specification was frequently cited as~~ Specifications, of a ~~prototypical example for~~ similar kind to the ~~kinds of security and privacy considerations that are expected in future device APIs.~~ ones developed by this group.
HTML Working Group: The HTML Working ~~Group's~~ Group’s deliverables cover the security model implemented in Web Browsers; this security model imposes limitations on what an extended model for Web Applications ~~and widgets~~ can achieve.
Mobile Web Initiative To help identify use cases and requirements for Web Applications on mobile devices and to help ensure that this Working Group's deliverables address those use cases and requirements Policy Languages Interest Group (PLING) PLING is chartered as a forum for community building around policy languages, and might be able to provide useful expertise. This Interest Group might be a useful forum for further discussion of policy management strategies. Web Accessibility Initiative Protocols and Formats Working Group: To ensure this Working ~~Group's~~ Group’s deliverables support accessibility requirements, particularly with regard to interoperability with assistive technologies, and inclusion in deliverables of guidance for implementing the ~~group's~~ group’s deliverables in ways that support accessibility requirements.
Web Applications Working Group: This group defines relevant specifications including Web IDL , and File ~~Upload~~ API .
~~Ubiquitous~~ Web ~~Applications~~ Notification Working Group: This group defines ~~relevant specifications, including~~ an API to use the device’s notification system to alert the user of applications-triggered events; this API shares many requirements of the APIs developed by the Device APIs group in terms of security and privacy.
~~Delivery Context Client Interfaces (DCCI)~~ Web and TV Interest Group .: This group provides use cases and requirements for using Web technologies on TV and thus important input on some of the APIs developed by the Device APIs Working Group
The Web Real Time Communications Working Group ~~expects~~: This group provides way to ~~follow~~ use the ~~following W3C Recommendations, Guidelines and Notes and, if necessary,~~ video stream from on-board media capture devices (camera, microphones) which needs to ~~liaise~~ be compatible with what the ~~communities behind the following documents: Architecture of the World Wide Web, Volume I~~ Device APIs Working Group offers
The HTML Speech Incubator Group ~~Internationalization Technical Reports~~: This Incubator Group looks at analysing input from the user via on-board microphones and ~~Notes QA Framework: Specification Guidelines~~ thus is a potential user of the APIs developed by the Device APIs group

External Groups

The following is a tentative list of external bodies the Working Group should collaborate with:

~~ECMA~~ Ecma International Technical Committee 39 (TC39): This is the group responsible for ~~ECMAScript~~ EcmaScript standardization, and related ~~ECMAScript~~ EcmaScript features like E4X. As this Working Group ~~will be~~ is developing ~~ECMAScript~~ EcmaScript APIs, it should collaborate with TC39.
~~JCP The Java Community Process has developed comparable APIs for the Java runtime.~~ IETF: The IETF has created specifications that are related to some of the APIs in this ~~WG's~~ WG’s scope.
OASIS OASIS' Extensible Access Control Markup Language (XACML) is a likely starting point for work on policy description. If the language is used, relevant requirements and experiences should be fed back to the XACML technical committee. OMTP WAC: ~~OMTP's BONDI initiative aims~~ The WAC (wholesale applications community) specifications aim to define key interfaces that enable the mobile web platform to access sensitive functions on the mobile, within a security framework that protects the user from malicious actions. ~~OMTP~~ WAC can provide input to requirements and technologies for this Working Group, as well as review and endorse deliverables.
OpenAjax Alliance: The OpenAjax Alliance has done initial work to identify guidelines for the design of mobile device APIs.

Participation

To be successful, this Working Group is expected to have 10 or more active participants for its duration, and to have the participation of the industry leaders in fields relevant to the specifications it produces.

The Chair(s) and specification Editors are expected to contribute one to two days per week towards the Working Group. There is no minimum requirement for other participants. However, it should be noted that as defined by the Process Document , group participants need to attend most meetings, be familiar with documents and minutes of past meeting, and follow the relevant mailing lists to be considered in good standing; this is likely to require at least half a day a week.

This Working Group will also allocate the necessary resources for building Test Suites for each specification.

This Working Group welcomes participation from non-Members. The group encourages questions and comments on its public mailing list, public-device-apis@w3.org , which is publicly archived and for which there is no formal requirement for participation. The group also welcomes non-Members to contribute technical submissions for consideration, with the agreement from each participant to Royalty-Free licensing of those submissions under the W3C Patent Policy.

Communication

The Working ~~Group's~~ Group’s Teleconferences ~~will~~ focus on discussion of particular specifications, and ~~will be~~ are conducted on an as-needed basis. At least one teleconference per week is expected.

Most of the technical work of the group ~~will be~~ is done through discussions on the public-device-apis@w3.org , the ~~group's~~ group’s public mailing list. ~~Editors'~~ Editors’ drafts and their editing history ~~will be~~ is available from a public W3C web site. The ~~group's~~ group’s action and issue tracking data ~~will~~ is also be public, as ~~will~~ are the ~~Member-approved~~ participants-approved minutes from all teleconferences and meetings.

The group ~~will use~~ uses a Member-confidential mailing list for administrative purposes and, at the discretion of the Chairs and ~~members~~ participants of the group, for ~~member-only~~ Member-only discussions in special cases when a particular ~~member~~ participant requests such a discussion.

Information about the group (for example, details about deliverables, issues, actions, status, participants) ~~will be~~ is available from the Device APIs ~~and Policy~~ Working Group home page.

Decision Policy

As explained in the Process Document ( section 3.3 ), this group ~~will seek~~ seeks to make decisions when there is consensus. When the Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should record a decision (possibly after a formal vote) and any objections, and move on.

This charter is written in accordance with Section 3.4, Votes of the W3C Process Document and includes no voting procedures beyond what the Process Document requires.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation .

About this Charter

This charter for this Working Group has been created according to section 6.2 of the Process Document . In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.

See also the previous charter for this group.

Dominique Hazael-Massieux , < dom@w3.org >, Thomas Roessler, < tlr@w3.org >, Team Contacts, based on ~~a draft by Art Barstow, Nokia~~ the previous DAP Working Group’s charter