See also: IRC log
<tlr> ScribeNick: tlr
<scribe> Agenda: http://www.w3.org/Policy/pling/wiki/2009-08-12
<rigo> http://www.w3.org/2009/07/08-pling-minutes.html#action01] --PENDING
<scribe> ACTION: [PENDING] RI &RW to followup with MA WG actions [recorded in http://www.w3.org/2009/08/12-pling-minutes.html#action01]
<scribe> Scribe: Thomas
rigo: general ideas around policy
binding; would like to present these to the TAG
... try to get to general policy hook requirement
ashok: one paragraph? Will be happy for TAG to start thinking about it
<scribe> ACTION: rigo to send paragraph about policy binding to Ashok [recorded in http://www.w3.org/2009/08/12-pling-minutes.html#action02]
<rigo> scribenick: rigo
TLR presenting DAP
basic charter to create client side APIs that do interesting stuff, escaping from browser sandbox
scribe: especially for mobile
... e.g. do stuff with camera or microphone on mobile phones
... got input from Nokia
scribe: and from OMTP that have
presented their BONDI APIs
... one of the concerns is security and policy aspects
... mobile in particular, security and privacy
... policy part of BONDI and from Nokia, what a policy framework could look like
scribe: WG currently coming
together, not meeting regularly yet, starting regular meetings
... reviewing the current APIs, policy will be the most difficult field
... also different notion of identity, arch question of what identity of widget
... expect this to take lot of energy
<lkagal> Sorry, I'm late.
scribe: widget access request
spec is taken into account
... has to fit into the security model
... also related spec under dev that deals with URI schemes for widgets, fitting into origin framework
... that's the environment. Security related questions will be interesting. Other question is what is deployable on the web
... a lot of things can be easily specified, but not deployable or not used even if deployed.
... people should review nokia position paper and the OMTP contributions BONDI APIs.
RW: hook for policy, should be done here or in DAP.
tlr: well formed input will be taken seriously, but has to be prepared. Preparation should take place in PLING
GH: are major OS creators involved?
tlr: google, nokia, but don't
know about symbian
... inviting other players to join
rigo: GRID as Web
Services reloaded? Different connotation in Europe
... entire unit @ commission occupied
rigo: GRID unit now moving into
... Cloud as complex interaction hidden behind API
... perhaps related to DAP
rigo: metadata problem -- input,
output known, but what does it do?
... semantics lacking standardization
... agree on how to name the things
... device capability ontology
<inserted> ScribeNick: tlr
rigo: NESSI is European
... roof for all kinds of European research projects
... supported by Nexof-RA project
... policy and privacy metadata
... have worked on some of this in WS2, SAWSDL
... as a heads-up, want to direct them to PLING
hannes: this is a frequent
... WSDL is basically an XML schema
... doesn't tell you about semantics
... haven't yet seen any promising approach
... that would allow you not to have to go through standardization, but define semantics
... so you can define new services using ontologies, and the like
... what am I missing?
<Ashok_Malhotra> WSDL just tells you what the message formats are
rigo: in several of the meetings
at the commission, heard lots of presentations using WSM* from
... but mapped back to SAWSDL
Semantic Annotations for WSDL and XML Schema
ashok: you've been speaking of
this for a long time
... what's the uptake?
rigo: will take a long time, then
... saw prototypes where they've done this
... haven't seen serious industrial uptake
... business models around separate ontologies
... will need description for cloud
rigo: use case will become more
... no need for ad-hoc discovery at this point
... but will need this for sensor networks and the like
... anyway, this is just a heads-up
... will try to funnel them here
... 12-14 EU projects in the area
... large constituency
... # of projects translates into 80M research funding
giles: I saw this presented in 2002! It's been a long time.
<Giles> No - I saw this presented in ISWC 2002
rigo: wonder whether we face same
as in security area
... lack of deployment there ...
<Giles> (Semantic Web for WSDL)
rigo: need to see the social context
rigo: goes to the geolocation
... the geolocation spec has some guidance, but doesn't want policy
... API, but further consideration should be taken elsewhere
... how to attach policy information?
... suggestion would be a PLING note on how to achieve awareness
... think about EU directive 2002/58
... ui must make user aware whenever geo location is exchanged
... one-time permission that's currently targeted
... will lead to clash in Europe
... is this a good idea to have this best practices document? interest in contributing?
alissa: what do you think the
impact would be?
... anybody going to read it, use it, reference it, or similar to experience in geolocation WG
... got impression that even if something was out there, it would be ignored
rigo: best practice makes it harder to just say "oh, we conform to W3C standards, it's all fine"
<lkagal> FYI, Some work on privacy awareness in social networks http://dig.csail.mit.edu/2009/Papers/ISWC/rmp-ws/paper.pdf
alissa: trade-off between trying to encourage implementers to be better vs trying to preserve well-rounded approach
<Giles> Mobile phones get cyborg vision - interesting use-case - http://news.bbc.co.uk/2/hi/technology/8193951.stm
rigo: In this overall context, raised to geolocation folks that geopriv use case runs into a weird social problem
rigo: geopriv has location info
element with usage rules attached
... if you use location info, you have to follow the usage rules
rigo: frequent engineering
... customer takes general conditions into supermarket?
... think it makes sense in the emergency calling situation, but not on Web in general
... economic and social power to impose rules?
hannes: that comparison sounds
like an engineering thinking problem
... if you don't have any choices, then it doesn't make sense to provide any information that provides different alternatives
... if company does not want to give choices, then policy object attached to protocol data doesn't help
... in the Internet, you have different shops -- you'd pick the one that fits needs best
... that's precisely why you want to describe the shop's policy
alissa: the way that the Web
paradigm has worked
... is that none of the choices are satisfactory
... not enough incentives
... geopriv wants to reserve that
... have users express what their preferences would be
... might get rejected
... use policy preferences as wedge to begin turn paradigm around
... so choices are more in line with what users prefer
... as far as geopriv use cases go
... emergency service case is exception
... because in that case policy is mostly irrelevant
hannes: didn't try to replicate
... these are access control policies
... in certain cases, allow distribution of information, in certain cases, don't allow
... almost like creative commons
... no enforcement
... malicious actors can do whatever
rigo: what I hear is similar to what the art 29 wp said to P3P
alissa: burden on service
provider to define policy
... with geopriv, that incentive is on user
... user has every incentive
... appreciate pain people have gone through
... "look, you still violated my policy"
... on location indication, there's a law
... if you can point at a violation, then you have a hook for enforcement
... unless service provider can't read policy
hannes: that's why we want to have this as part of the standard
rigo: management complexity?
tlr: so, what if the location provider just asks the user?
alissa: I think that's a game
... if you have the strong defaults anyway, the value diminishes
... note different situation in the US
<Giles> no I wanted to express agreement with Thomas
tlr: so, people just need to click one more "ok" button?
alissa: that's still preferable to clicking "ok" with no say over what the policy is at all
giles: rather than approaching
from the angle of people setting policy, one thing that might
work better is to look at it as privacy preferences in social
... that seems to have stronger incentives
... set privacy preferences in a single place?
tlr: like fireeagle?
... user has several different social applications
... users are lazy, set preferences in a single place
... and that's the policy you're talking about
... set once, apply everywhere might work
rigo: question is who sets that
... if within framework you're given options
... that's a place where the geopriv model makes sense
giles: don't want to set preferences again
hannes: we're running out of time; would like to continue the discussion
rigo: umh, we're out of time for
... mailing list?
hannes: dive deeper on separate
... lots of latency to e-mail discussion
<Giles> got to go...
rigo: let's go for focused discussion