12 Aug 2009


See also: IRC log


Thomas Roessler, Rigo Wenning, Giles Hogben, Ashok Malhotra, Alissa Cooper, Hannes Tschofenig, Lalana Kagal
Marco Casassa-Mont




<tlr> ScribeNick: tlr

<scribe> Agenda: http://www.w3.org/Policy/pling/wiki/2009-08-12

action item review


<rigo> http://www.w3.org/2009/07/08-pling-minutes.html#action01] --PENDING

<scribe> ACTION: [PENDING] RI &RW to followup with MA WG actions [recorded in http://www.w3.org/2009/08/12-pling-minutes.html#action01]

<scribe> Scribe: Thomas

Device API Working Group




rigo: general ideas around policy binding; would like to present these to the TAG
... try to get to general policy hook requirement

ashok: one paragraph? Will be happy for TAG to start thinking about it

<scribe> ACTION: rigo to send paragraph about policy binding to Ashok [recorded in http://www.w3.org/2009/08/12-pling-minutes.html#action02]

<rigo> scribenick: rigo

TLR presenting DAP

basic charter to create client side APIs that do interesting stuff, escaping from browser sandbox

scribe: especially for mobile sector
... e.g. do stuff with camera or microphone on mobile phones
... got input from Nokia

<tlr> http://bondi.omtp.org/1.0/apis/index.html

scribe: and from OMTP that have presented their BONDI APIs
... one of the concerns is security and policy aspects
... mobile in particular, security and privacy
... policy part of BONDI and from Nokia, what a policy framework could look like

<tlr> http://www.w3.org/2008/security-ws/papers/SecurityPolicyNokia.pdf

scribe: WG currently coming together, not meeting regularly yet, starting regular meetings in september
... reviewing the current APIs, policy will be the most difficult field
... also different notion of identity, arch question of what identity of widget
... expect this to take lot of energy

<tlr> http://www.w3.org/TR/2009/WD-widgets-access-20090804/

<lkagal> Sorry, I'm late.

scribe: widget access request spec is taken into account
... has to fit into the security model
... also related spec under dev that deals with URI schemes for widgets, fitting into origin framework
... that's the environment. Security related questions will be interesting. Other question is what is deployable on the web
... a lot of things can be easily specified, but not deployable or not used even if deployed.
... people should review nokia position paper and the OMTP contributions BONDI APIs.

RW: hook for policy, should be done here or in DAP.

tlr: well formed input will be taken seriously, but has to be prepared. Preparation should take place in PLING

GH: are major OS creators involved?

tlr: google, nokia, but don't know about symbian
... inviting other players to join

NESSI and Nexof-RA, Software & Services Standardization

rigo: GRID as Web Services reloaded? Different connotation in Europe
... entire unit @ commission occupied

rigo: GRID unit now moving into Cloud computing
... Cloud as complex interaction hidden behind API
... perhaps related to DAP

[ DAP is about JavaScript APIs that access client capabilities, so... ]

rigo: metadata problem -- input, output known, but what does it do?
... semantics lacking standardization
... agree on how to name the things
... device capability ontology

<inserted> tlr

<inserted> ScribeNick: tlr

rigo: NESSI is European technology platform
... roof for all kinds of European research projects
... supported by Nexof-RA project
... policy and privacy metadata
... have worked on some of this in WS2, SAWSDL
... as a heads-up, want to direct them to PLING

hannes: this is a frequent topic
... WSDL is basically an XML schema
... doesn't tell you about semantics
... haven't yet seen any promising approach
... that would allow you not to have to go through standardization, but define semantics
... so you can define new services using ontologies, and the like
... what am I missing?

rigo: SAWSDL


<Ashok_Malhotra> WSDL just tells you what the message formats are

rigo: in several of the meetings at the commission, heard lots of presentations using WSM* from DERI Innsbruck
... but mapped back to SAWSDL

Semantic Annotations for WSDL and XML Schema

ashok: you've been speaking of this for a long time
... what's the uptake?

rigo: will take a long time, then take up
... saw prototypes where they've done this
... haven't seen serious industrial uptake
... business models around separate ontologies
... will need description for cloud

ashok: yes!

rigo: use case will become more significant
... no need for ad-hoc discovery at this point
... but will need this for sensor networks and the like
... anyway, this is just a heads-up
... will try to funnel them here
... 12-14 EU projects in the area
... large constituency
... # of projects translates into 80M research funding

giles: I saw this presented in 2002! It's been a long time.

<Giles> No - I saw this presented in ISWC 2002

rigo: wonder whether we face same as in security area
... lack of deployment there ...

<Giles> (Semantic Web for WSDL)

rigo: need to see the social context

Best practices for privacy awareness

rigo: goes to the geolocation discussion
... the geolocation spec has some guidance, but doesn't want policy
... API, but further consideration should be taken elsewhere
... how to attach policy information?
... suggestion would be a PLING note on how to achieve awareness
... think about EU directive 2002/58
... ui must make user aware whenever geo location is exchanged
... one-time permission that's currently targeted
... will lead to clash in Europe
... is this a good idea to have this best practices document? interest in contributing?

alissa: what do you think the impact would be?
... anybody going to read it, use it, reference it, or similar to experience in geolocation WG
... got impression that even if something was out there, it would be ignored

rigo: best practice makes it harder to just say "oh, we conform to W3C standards, it's all fine"

<lkagal> FYI, Some work on privacy awareness in social networks http://dig.csail.mit.edu/2009/Papers/ISWC/rmp-ws/paper.pdf

alissa: trade-off between trying to encourage implementers to be better vs trying to preserve well-rounded approach

<Giles> Mobile phones get cyborg vision - interesting use-case - http://news.bbc.co.uk/2/hi/technology/8193951.stm

rigo: In this overall context, raised to geolocation folks that geopriv use case runs into a weird social problem

the geopriv use case

rigo: geopriv has location info element with usage rules attached
... if you use location info, you have to follow the usage rules

alissa: ack

rigo: frequent engineering mistake
... customer takes general conditions into supermarket?
... think it makes sense in the emergency calling situation, but not on Web in general
... economic and social power to impose rules?

hannes: that comparison sounds like an engineering thinking problem
... if you don't have any choices, then it doesn't make sense to provide any information that provides different alternatives
... if company does not want to give choices, then policy object attached to protocol data doesn't help
... in the Internet, you have different shops -- you'd pick the one that fits needs best
... that's precisely why you want to describe the shop's policy

alissa: the way that the Web paradigm has worked
... is that none of the choices are satisfactory
... not enough incentives
... geopriv wants to reserve that
... have users express what their preferences would be
... might get rejected
... use policy preferences as wedge to begin turn paradigm around
... so choices are more in line with what users prefer
... as far as geopriv use cases go
... emergency service case is exception
... because in that case policy is mostly irrelevant

hannes: didn't try to replicate P3P's work
... these are access control policies
... in certain cases, allow distribution of information, in certain cases, don't allow
... almost like creative commons
... no enforcement
... malicious actors can do whatever

rigo: what I hear is similar to what the art 29 wp said to P3P

alissa: burden on service provider to define policy
... with geopriv, that incentive is on user
... user has every incentive
... appreciate pain people have gone through
... "look, you still violated my policy"
... on location indication, there's a law
... if you can point at a violation, then you have a hook for enforcement
... unless service provider can't read policy

hannes: that's why we want to have this as part of the standard

rigo: management complexity?

<Giles> +1

tlr: so, what if the location provider just asks the user?

alissa: I think that's a game changer
... if you have the strong defaults anyway, the value diminishes
... note different situation in the US

<Giles> no I wanted to express agreement with Thomas

tlr: so, people just need to click one more "ok" button?

alissa: that's still preferable to clicking "ok" with no say over what the policy is at all

giles: rather than approaching from the angle of people setting policy, one thing that might work better is to look at it as privacy preferences in social networks
... that seems to have stronger incentives
... set privacy preferences in a single place?

tlr: like fireeagle?

giles: yes
... user has several different social applications
... users are lazy, set preferences in a single place
... and that's the policy you're talking about
... set once, apply everywhere might work

rigo: question is who sets that first step
... if within framework you're given options
... that's a place where the geopriv model makes sense

giles: don't want to set preferences again

hannes: we're running out of time; would like to continue the discussion

rigo: umh, we're out of time for 3 minutes
... mailing list?

hannes: dive deeper on separate call?
... lots of latency to e-mail discussion

<Giles> got to go...

rigo: let's go for focused discussion


Summary of Action Items

[NEW] ACTION: rigo to send paragraph about policy binding to Ashok [recorded in http://www.w3.org/2009/08/12-pling-minutes.html#action02]
[PENDING] ACTION: RI &RW to followup with MA WG actions [recorded in http://www.w3.org/2009/08/12-pling-minutes.html#action01]
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009/08/12 13:19:44 $