07:34:41 RRSAgent has joined #dap 07:34:41 logging to http://www.w3.org/2010/11/04-dap-irc 07:34:43 trackbot, start meeting 07:34:43 RRSAgent, make logs world 07:34:44 Zakim has joined #dap 07:34:45 Zakim, this will be DAP 07:34:45 I do not see a conference matching that name scheduled within the next hour, trackbot 07:34:46 Meeting: Device APIs and Policy Working Group Teleconference 07:34:47 Date: 04 November 2010 07:34:51 RRSAgent, make logs world 07:34:55 Zakim, this will be DAP 07:34:55 I do not see a conference matching that name scheduled within the next hour, trackbot 07:34:57 Meeting: Device APIs and Policy Working Group Teleconference 07:34:59 Date: 04 November 2010 07:35:02 Present+ Marco_Marengo 07:35:16 present+ Ingmar_Kliche 07:35:18 Present+ Dominique_Hazael-Massieu 07:35:21 s/eu/eux 07:35:33 Chair: Frederick_Hirsch, Robin_Berjon 07:35:47 Agenda: http://www.w3.org/2009/dap/wiki/TPAC10Agenda 07:36:03 ScribeNick: marengo 07:36:03 Chair: Frederick_Hirsch, Robin_Berjon 07:36:08 richt has joined #dap 07:36:35 Present+ Frederick_Hirsch, Robin_Berjon 07:37:29 jgiraud has joined #dap 07:37:40 dom has changed the topic to: Agenda: http://www.w3.org/2009/dap/wiki/TPAC10Agenda 07:37:56 Meeting: TPAC 2010 F2F Meeting - Day 1 07:37:57 darobin has joined #dap 07:38:11 Present+ Rich_Tibbett 07:38:20 maoteo has joined #dap 07:38:20 cmarc has joined #dap 07:38:21 Kangchan has joined #dap 07:38:25 Present+ Robin 07:38:32 youenn has joined #dap 07:38:40 Zakim, who's the werewolf? 07:38:40 I don't understand your question, darobin. 07:38:49 nwidell has joined #dap 07:38:51 Present+ Cecile_Marc 07:38:55 Present+ Maria_Oteo 07:40:15 YounSung has joined #dap 07:40:25 richt has joined #dap 07:40:28 Present+ Niklas_Widell 07:40:45 Topic: Welcome, agenda review, scribe selection, logistics, announcements 07:40:57 Present+ YounSung_Chu 07:40:58 present+ Laszlo_Gombos 07:41:30 scribing - ingmar for 2nd session, laszlo tomorrow morning, 07:41:59 Present+ Kangchan_Lee 07:42:01 Suresh has joined #dap 07:42:18 fjh: [reviews the agenda] 07:42:20 Present+ Suresh_Chitturi 07:43:14 Johnson has joined #dap 07:44:03 AnssiK has joined #dap 07:44:16 Present+ Anssi_Kostiainen 07:44:56 Present+ Jerome_giraud 07:45:27 youenn has joined #dap 07:46:02 jun has joined #dap 07:46:39 add to day 2 agenda - discussion of device element 07:46:49 remove WAC from day 2 agenda, covered on day 1 07:47:01 aizu has joined #dap 07:47:27 Present+ Ilkka_Oksanen 07:47:48 possibly discuss additional API such as Tasks 07:48:18 Topic: Introductions 07:48:26 wuj has joined #dap 07:48:41 (round table of introductions) 07:49:38 hendry has joined #dap 07:50:02 additiional agenda item - f2f planning 07:50:57 youenn has joined #dap 07:51:05 Wuk has joined #DAP 07:53:27 +Present Kai Hendry 07:53:35 +Present youenn fablet 07:53:43 Present+ Kai Hendry 07:53:48 Present+ youenn fablet 07:53:53 anne has joined #dap 07:53:56 s/+Present/Present+/g 07:54:05 Present+ anne 07:54:23 s/ anne/ Anne_Van_Kesteren 07:54:24 Topic: Minutes approval 07:54:26 Approve 20 October minutes 07:54:27 http://lists.w3.org/Archives/Public/public-device-apis/2010Oct/att-0055/minutes-2010-10-20.html 07:54:34 RESOLUTION: minutes from 20 oct are approved 07:54:42 Topic: Editorial Updates 07:54:51 File APIs published 07:54:59 FPWD of Directories & Systems: http://www.w3.org/TR/2010/WD-file-system-api-20101026/ 07:54:59 WD of File API: http://www.w3.org/TR/2010/WD-FileAPI-20101026/ 07:54:59 WD of Writer: http://www.w3.org/TR/2010/WD-file-writer-api-20101026/ 07:55:05 darobin: there have been updates to the File APis 07:55:18 ... this is a good time to have a look at it 07:55:20 s/Anne_Van_Kesteren/Anne_van_Kesteren/ 07:55:23 ... as LC is close 07:56:53 kensaku has joined #dap 07:57:16 callie has joined #DAP 07:57:49 http://dev.w3.org/2006/webapi/FileAPI/#creating-revoking 07:58:18 Claes has joined #dap 07:58:21 To get URLs out of Blob/Stream we will keep methods that give you a URL as a string but we are going to try to move them from Window so the global object is polluted less. 07:58:49 In addition to that IDL attributes that accept a DOMString which is a URL might get changed into accepting a DOMURL or some such so you can assign Blob/Stream directly to them. 07:58:51 Present+ Claes_NIlsson 07:58:52 -> http://www.w3.org/2007/10/htmldiff?doc1=http%3A%2F%2Fwww.w3.org%2FTR%2F2009%2FWD-FileAPI-20091117%2F&doc2=http%3A%2F%2Fwww.w3.org%2FTR%2F2010%2FWD-FileAPI-20101026%2F Diff between the latest version published of FileAPI (Reader) 07:58:54 darobin: presents a new WG, Web Events 07:59:01 Web Events WG, http://www.w3.org/News/2010#entry-8944 07:59:07 img.src = createObjectURL(blob); 07:59:57 yeah, that works AnssiK (but the object will be moved elsewhere) 08:00:02 http://www.w3.org/2010/webevents/charter/Overview.html 08:00:03 http://www.w3.org/2010/webevents/ 08:00:11 ...or it will work when createObjectURL accepts a blob object 08:00:13 Topic: Permissions 08:00:31 proposed RESOLUTION: Incorporate work from Notifications WG into DAP if acceptable to Notifications WG 08:01:08 fjh: permissions work in the Notifications WG, we asked if it is acceptable to move other work there 08:01:13 richt: sure, the age old debate of not pollution the global namespace (the DAP WG was initially concerned of polluting navigator ;) 08:01:51 seungjae has joined #dap 08:02:22 ... some of the people involved there are not in dap, how to avoid controversy? 08:02:42 http://dev.w3.org/2009/dap/api-perms/ 08:03:12 s/richt:/richt,/ 08:03:49 richt: Mozilla rocks 08:04:07 s/richt: Mozilla rocks// 08:04:29 http://dev.w3.org/2006/webapi/WebNotifications/publish/FeaturePermissions.html 08:06:06 RESOLUTION: Incorporate the feature permissions draft from Notifications WG into DAP 08:06:22 q+ 08:06:42 ACTION: Robin to invite John Gregg to edit Feature Permissions API document in DAP 08:06:43 Created ACTION-293 - Invite John Gregg to edit Feature Permissions API document in DAP [on Robin Berjon - due 2010-11-11]. 08:07:18 ack Suresh 08:07:20 q? 08:08:55 q+ 08:08:58 ?? need for some kind of user opt-in from the ua, the user interacts with the bar, user can check which things are allowed or not 08:09:10 features requiring opt-in from user, permissions request method calls callback if permission granted, permissions operate via infobar or dialog or other mechanisms 08:09:40 Present+ Johnson_W 08:09:50 ... controversy about the usefulness of opt-in bars, as user tends to say yes 08:09:59 anne: geolocation bar is viewed as a failure, either click yes, or ignore 08:10:08 .. user are likely to be flooded by questions 08:10:49 .. global decisions might work better 08:11:03 Present+ Wuk_Kim 08:11:18 zakim, who is here? 08:11:18 sorry, fjh, I don't know what conference this is 08:11:19 On IRC I see seungjae, Claes, callie, kensaku, anne, Wuk, youenn, hendry, wuj, aizu, jun, AnssiK, Johnson, Suresh, richt, YounSung, nwidell, Kangchan, cmarc, maoteo, darobin, 08:11:22 ... jgiraud, Zakim, RRSAgent, lgombos_w, fjh, ingmar, marengo, myakura, wmaslowski, lgombos, trackbot, ilkka, dom 08:11:23 zakim, this is dap 08:11:29 sorry, fjh, I do not see a conference named 'dap' in progress or scheduled at this time 08:11:34 shepazu has joined #dap 08:11:45 darobin: does it make sense to request permissions for mutiple things at once 08:11:51 wonsuk has joined #dap 08:11:54 danielcoloma has joined #dap 08:12:03 q? 08:12:06 ack richt 08:12:15 Present+ Daniel_Coloma 08:12:17 drogersuk has joined #dap 08:12:29 richt: have you considered 'default-allow' policy 08:12:41 .. and users can revoke permissions instead of granting 08:13:23 q+ 08:13:43 fjh: ok to present decisions as part of the workflow, but it must be clear that privacy is taken into account 08:14:08 [David Rogers informs me that he and other from WAC will join us hopefully soon] 08:14:30 q? 08:15:30 q+ to ask more about UI 08:15:48 ack suresh 08:16:01 q+ to ask about consensus on checkPermissions() 08:16:30 Suresh: that seems to be indipendent from our work, how is it related? 08:16:43 richt: I don't necessarily agree with bringing a generic permissions interface in to DAP. 08:17:28 dom: with this API developers can better organize their code 08:17:28 ...when we start overloading a few permission strings it gets either a.) messy or b.) annoying and user's just click 'allow' all the time. Hence we have failed. 08:17:42 anne: as they know in advance if they can use a certain feature 08:17:50 ...I prefer intergrating permissions in to the user's workflow. ala Contacts. 08:19:02 junliao has joined #dap 08:19:24 s/user's/users 08:19:49 Suresh has joined #dap 08:20:04 [ Permissions in the context of Moz Open Web App platform: "Use of the capabilities field of the manifest for integration with browser-based permission APIs, including camera, microphone, geolocation, storage, file access, and cross-domain network access": https://apps.mozillalabs.com/web_or_native.html ] 08:20:32 q? 08:20:35 ack flh 08:20:38 ack fjh 08:20:38 fjh, you wanted to ask more about UI 08:20:38 ack fjh 08:20:43 ack dom 08:20:43 dom, you wanted to ask about consensus on checkPermissions() 08:21:48 q+ 08:22:16 BoChen has joined #dap 08:22:50 ack AnssiK 08:22:54 richt: doing permissions in dap doesn't mean we need an API for permission 08:23:14 .. in a browser, it should be part of the workflow 08:24:19 fjh: we don't want to be intrusive, yet we have to consider privacy 08:24:56 .. browser extensions could be helpful to test the impact on users 08:27:19 homata has joined #dap 08:27:23 file picker supportive of privacy 08:28:51 fjh: with file pickers, does the user understant he's making a privacy decision (does he think about reuse, ...) 08:28:55 Zakim, ignore richt 08:28:55 I don't understand 'ignore richt', dom 08:29:50 [ re (also ) integration and impls https://bugzilla.mozilla.org/show_bug.cgi?id=451674 and https://bugs.webkit.org/show_bug.cgi?id=43572 ] 08:29:51 is the bridge open? 08:30:09 Zakim, this will be DAP 08:30:09 I do not see a conference matching that name scheduled within the next hour, dom 08:30:37 anne: users don't read dialogs, tend to ignore 08:31:30 Zakim, this will be DI 08:31:30 ok, dom, I see DI_(TPAC)3:00AM already started 08:32:18 timeless_xchat has joined #dap 08:32:19 Zakim, call Rhone_1 08:32:19 ok, dom; the call is being made 08:32:21 +Rhone_1 08:32:54 Zakim, who's on the call? 08:32:54 On the phone I see Susana, Rhone_1 08:33:07 Zakim, Susana is really Daniel_Coloma 08:33:07 +Daniel_Coloma; got it 08:33:22 Present+ Daniel_Coloma 08:38:04 lgombos: offers to be editor of the permissions 08:38:15 jun has joined #dap 08:38:23 http://lists.w3.org/Archives/Public/public-device-apis/2010Oct/0058.html 08:39:23 nwidell: permissions for messaging apis. concerned by "open" subscribe permissions: apps can listen to every incoming message 08:39:33 Present+ Bryan_Sullivan 08:40:04 Summary of Permissions API decision: we publish it with warnings that there is no consensus around requestPermission, we ask johng if he wants to edit, lgombos is volunteer as editor from this WG 08:40:37 nwidell: security-wise, filters on subscriptions could be enough 08:40:39 bryan has joined #dap 08:40:44 q+ 08:41:06 Present+ Bryan_Sullivan 08:41:21 niklas: messaging does not seem to fit with permissions model 08:41:27 ack AnssiK 08:41:29 q+ 08:42:29 q+ 08:42:45 dom: messaging is a good use case for parametrized permissiong, to avoid allowing apps to send messages to anyone 08:42:58 s/permissiong/permissioning 08:43:05 q? 08:43:38 Present+ David_Rogers 08:45:07 ack danielcoloma 08:46:03 tlr has joined #dap 08:46:14 q+ 08:46:56 daniel: suggest we need parameters for permissions 08:47:08 drogersuk has joined #dap 08:47:22 ack bryan 08:47:24 I was wondering if we already tried "MessagingManager implements EventTarget" type of an approach at one point and how that works with permissions -- and it appears that was already discussed (I will look for pointers) 08:47:26 Permissions for messaging should include easy-to-understand concepts such as "Allow this app to send messages to any of my contacts, but no one else" (prevent malware propagation while making it easy for the user to provide a global permission). 08:47:42 yongil_jang has joined #dap 08:48:30 (sending message to all my contatcs is actually the best malware propagation techniique, it seems to me) 08:49:04 q? 08:49:07 ack nwidell 08:50:03 q+ 08:50:04 nwidell: for receiving, you need to support filters 08:50:06 my point is that if we want to make the most of a trusted environment, it should be possible to use parameters in permissions 08:50:24 http://dev.w3.org/2008/video/mediaann/mediaont-1.0/mediaont-1.0.vm-04-Oct.html 08:50:27 e.g. I always allow sending messages to a set of destination numbers because I have a flat rate for them, without prompts 08:50:40 Proposal from Veronique: http://dev.w3.org/2008/video/mediaann/mediaont-1.0/mediaont-1.0.vm-04-Oct.html 08:50:42 danielcoloma, that's likely, but I think we need a very clear model of user interactions between starting to look into parametrizations 08:50:56 bryan: permissions (eg for sending) might be session-based 08:51:31 q? 08:51:35 ack richt 08:51:44 http://lists.w3.org/Archives/Public/public-device-apis/2010Nov/0004.html 08:51:46 dom, have you had a look at the e-mail from Maria: http://lists.w3.org/Archives/Public/public-device-apis/2010Nov/0000.html 08:52:02 not yet I'm afraid 08:52:21 existing ontology which is working on after made dispositions: http://dev.w3.org/2008/video/mediaann/mediaont-1.0/mediaont-1.0.html 08:52:35 http://lists.w3.org/Archives/Public/public-device-apis/2010Nov/0000.html 08:53:11 diff version between existing one and Veronique's proposal: http://tinyurl.com/3y398st 08:53:22 wonsuk, I think you're posting your links in the wrong channel 08:58:15 fjh: editors of the messaging API should read maria's proposal before the messaging session 08:59:03 Suresh: if we agree on the functionality that we're supporting, finding agreement on permissions should be easier 08:59:19 fjh: (messaging session is planned for tomorrow) 08:59:39 sending and new message subscription are in scope for v1 for messaging per London F2F discussion 09:00:11 please review Maria's proposal related to messaging before tomorrow's messaging discussion, http://lists.w3.org/Archives/Public/public-device-apis/2010Nov/0000.html 09:02:31 dom: #1 question is whether messaging API will be available outside of trusted environment 09:03:14 q+ 09:03:35 e.g. widgets as trusted environment, 09:03:46 ack AnssiK 09:04:28 we should make it clear in the spec abstract whether the spec is for "in-browser usage" or "trusted environments" 09:04:43 ISSUE: Does the messaging API fit outside of contained environments? 09:04:43 Created ISSUE-103 - Does the messaging API fit outside of contained environments? ; please complete additional details at http://www.w3.org/2009/dap/track/issues/103/edit . 09:05:01 "widgets" and "open web" - everyone i believe know widgets are indeed trusted 09:05:02 ISSUE: Find a better name for "trusted environments" 09:05:02 Created ISSUE-104 - Find a better name for "trusted environments" ; please complete additional details at http://www.w3.org/2009/dap/track/issues/104/edit . 09:07:04 model is trusted environment, via widgets or via trusted computing platform or .etc 09:07:13 "curated environment" 09:09:10 LauraA has joined #dap 09:09:43 jmarting has joined #dap 09:10:14 q+ 09:10:49 q+ 09:10:55 drogersuk: the container could be a browser, what's different is the mediation in accessing the APIs 09:11:09 ack Suresh 09:11:12 q+ to ask about mailto versus javascript 09:11:14 q+ 09:11:16 Present+ Jesus_Martin 09:11:21 andreip has joined #dap 09:11:26 zakim, who is here? 09:11:26 On the phone I see Daniel_Coloma, Rhone_1 09:11:27 On IRC I see andreip, jmarting, LauraA, yongil_jang, drogersuk, tlr, bryan, jun, homata, BoChen, Suresh, junliao, danielcoloma, wonsuk, seungjae, Claes, callie, kensaku, anne, Wuk, 09:11:31 ... youenn, hendry, wuj, aizu, AnssiK, Johnson, richt, YounSung, nwidell, Kangchan, cmarc, maoteo, darobin, jgiraud, Zakim, RRSAgent, lgombos_w, fjh, ingmar, marengo, myakura, 09:11:33 ... wmaslowski, lgombos, trackbot, ilkka, dom 09:12:22 dom: if the widget loads an iframe from the web, can the iframe access the "contained enviroment"-only apis? 09:12:40 shepazu has joined #dap 09:12:47 ack richt 09:12:51 q+ dom 09:13:06 +[Vodaphone] 09:13:25 richt: againts the distinction between "web" and "curated environment" 09:13:59 q+ 09:14:02 ack fjh 09:14:02 fjh, you wanted to ask about mailto versus javascript 09:14:06 +1 Web APIs 09:14:09 q+ 09:14:09 q+ to propose that we actually remain fuzzy and say "this API is not expected to be used in general outside of pre-established trust relationships, such as in widgets" 09:14:10 zakim, +[Vodaphone] is LauraA 09:14:11 sorry, LauraA, I do not recognize a party named '+[Vodaphone]' 09:14:20 zakim, [Vodafone] is LauraA 09:14:20 sorry, tlr, I do not recognize a party named '[Vodafone]' 09:14:24 +1 for Web APIs too 09:14:28 zakim, [Vodaphone] is LauraA 09:14:28 +LauraA; got it 09:15:23 fjh: use case. a website wants to send a mail/sms -> why should it use the messaging API instead of mailto:, smsto:? 09:16:14 we have discussed this one year ago (early version of spec contained text on this) 09:17:00 q? 09:17:04 ack bryan 09:17:08 ack bryan 09:17:34 q- 09:17:39 bryan: widgets = packaging model for web applications. the api should be the same. the security model should be the same 09:17:50 I agree with Bryan - the API and security model should be consistent across environments 09:17:59 +1 to bryan 09:18:05 +1 to bryan 09:19:09 q+ to ask about policy 09:19:15 ack drogersuk 09:19:19 ack nwidell 09:19:34 timeless_xchat has joined #dap 09:19:54 ack fjh 09:19:54 fjh, you wanted to ask about policy 09:20:45 q+ 09:20:45 noah has joined #dap 09:21:51 +??P5 09:22:07 zakim, I am ??P5 09:22:07 +tlr; got it 09:22:08 zakim, mute me 09:22:08 tlr should now be muted 09:23:00 igarashi has joined #dap 09:23:09 drogersuk: even in a browser environment, mediation is needed 09:23:11 q+ 09:23:48 PROPOSED RESOLUTION: we only work on API functionalities that we know how to offer in the classical browser environment 09:24:32 +1 to resolution 09:24:39 what does "that we know how to offer in the classical browser environment" mean? 09:24:44 q? 09:24:49 +1 to resolution (speaking personally and not for Robineko) 09:25:05 "that we know how to offer in the classical browser environment" = "that work on the web" 09:25:12 timeless_mbp has joined #dap 09:25:30 "classical browser environment" == "that work with the default user-agent policy" 09:25:32 (richt, probably; but I think we should be explicit to make sure people understand what this means) 09:25:55 Present+ timeless 09:26:21 can the "default user-agent policy" be vendor-specific? 09:26:24 Present+ Rigo_Wenning 09:26:31 q? 09:26:41 q+ richt 09:26:58 ack Suresh 09:27:07 RRSAgent, make minutes 09:27:07 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html timeless 09:28:08 *** timecheck *** 09:28:21 q+ 09:29:00 Suresh: by focusing on classical web enviroment only we could be very limited in offering new functionalities 09:29:20 .. that means only a few people will use it 09:30:23 fjh: it would be useful to discuss this with TAG 09:30:37 We're only limited if no responsibility is taken for mediating the access that API has (controlled by the user) 09:32:05 I could see myself having more trust in "well known" web pages than some widget, no matter how well reviewed (by some mediator) that widget would be 09:32:45 hates the word 'mediating'. 09:33:09 We should make a goal of security/privacy "by design" in APIs, place where possible and effective, choice in the user's hands, and accommodate choices that include delegation of security/privacy controls to a trusted third party, e.g. the browser vendor, employer, service provider, etc. This is essential for the flexibility to address key use cases such as protection of children. The method of delegation may include policy-based permissions frameworks 09:33:09 such as defined in BONDI and to be deployed under WAC. 09:33:21 ack bryan 09:33:26 q- 09:33:28 q+ rigo 09:33:43 @nwidell precisely my point 09:33:51 securiy and privacy by design is important to our work 09:34:27 (DAP takes a 30m break) 09:34:53 (resuming at 11:00) 09:35:19 -tlr 09:35:26 -Daniel_Coloma 09:36:13 -LauraA 09:37:08 igarashi has joined #dap 09:37:19 igarashi has joined #dap 09:38:08 yongil_jang has left #dap 09:39:32 igarashi has joined #dap 09:43:36 parkjy has joined #dap 09:47:28 junliao has joined #dap 09:49:12 noah has joined #dap 09:52:43 zakim, who is here? 09:52:43 On the phone I see Rhone_1 09:52:44 On IRC I see noah, junliao, parkjy, timeless, shepazu, jmarting, LauraA, drogersuk, tlr, jun, homata, BoChen, Suresh, danielcoloma, wonsuk, seungjae, Claes, kensaku, anne, Wuk, 09:52:49 ... youenn, hendry, wuj, AnssiK, Johnson, richt, YounSung, Kangchan, cmarc, maoteo, darobin, jgiraud, Zakim, RRSAgent, lgombos_w, fjh, ingmar, myakura, wmaslowski, lgombos, 09:52:51 ... trackbot, ilkka, dom 09:54:07 rrsagent, generate minutes 09:54:07 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html fjh 09:56:11 +LauraA 09:57:58 marengo has joined #dap 10:01:19 yongil_jang has joined #dap 10:04:53 scribe: ingmar 10:04:58 scribenick: ingmar 10:05:51 noah has joined #dap 10:05:52 bryan has joined #dap 10:06:22 Present: Noah Mendelsohn 10:06:57 aizu has joined #dap 10:07:01 TOPIC: 7) Security, Privacy and Policy Roadmap Discussion, Extensibility points (includes TAG) 10:07:10 s/Present:/Present+/ 10:07:41 callie has joined #DAP 10:08:15 RRSAgent, draft minutes 10:08:15 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html dom 10:08:54 fjh: where we are at the privacy discussion: our group is called "Device API AND Policy", defining JavaScript-APIs to access the device 10:09:20 ... we are discussing different environments, such as widgets and the open web 10:10:00 ... if you have to write a policy, where does it come from when we focus on the web case for a moment 10:10:07 DKA has joined #dap 10:10:26 present +DKA 10:10:28 nwidell has joined #dap 10:10:45 ... privacy is difficult, some issues need to be handled at the client, such as minimization 10:11:33 s/present +/present+ / 10:11:44 present+Jing Wu 10:12:15 ... also discussed to convei user consent to the server (PPP) 10:12:50 q? 10:13:08 ... another discussion is about the model, should we focus on the open web? 10:13:23 [I think we have already started addressing privacy in our work] 10:13:40 ... re privacy, how much impact could we have on the server side 10:13:47 jorlow has joined #dap 10:14:10 ... it is not clear whether privacy will be implemented 10:14:40 s/privacy will be implemented/the current privacy proposals have buy-in from implementors/ 10:15:27 q? 10:15:28 q+ 10:16:00 q- 10:16:16 q- 10:16:48 andreip has joined #dap 10:17:02 fjh: re privacy, we walked through all the APIs on whether what is really necessary in terms of simplification and minimization 10:17:19 q+ to ask about lessons learned from Geolocation wg (at and post London workshop) 10:17:23 q? 10:17:39 jun has joined #dap 10:17:55 ... in terms of user consent, we try to use the model to get implicit permission by using pickers 10:18:43 ... but it is sometimes difficult to know on whether the user knows about the implications 10:19:06 darobin: 10:19:09 soonho has joined #dap 10:19:39 ... user can select multiple contacts and define on particular fields 10:19:50 s/define/decide 10:19:54 q+ 10:21:32 http://dev.w3.org/2009/dap/privacy-rulesets/ 10:21:49 noah: 10:23:23 DKA: question re the priv workshop in London: what learnings have been taken into the DAP work? 10:25:36 fjh: we learned that implementers only implement something if there is a clear value 10:25:51 q+ 10:26:59 (the privacy rulesets have the set of issues that have been identified) 10:27:14 s/rulesets/rulesets draft/ 10:30:28 noah: should we keep in touch on that on a regular basis, let say every few month? 10:30:32 Wuk has joined #DAP 10:30:49 I believe there is a clear divide in the group on 'Device APIs and Privacy' and 'Policy' on the other. I would like to decouple these initiatives within W3C. 10:31:15 q- 10:31:25 q- 10:32:23 dom: re minimization, means that the APIs are designed that you only get back what you requested 10:34:56 I'm hoping there will be time to get to extensibility later in this session. 10:37:17 rigo: when it comes to sharing addresses of your friends you are in a different role (service provider) 10:37:39 q? 10:38:49 q+ 10:39:36 rigo made an interesting point where when you give access to your friend's contact, you aren't neccessarily getting the consent of your friend to do that, so access control is not enough 10:39:38 ack rigo 10:40:28 rigo: talks about the geopriv proposal, asks about TAGs position 10:40:45 @hendry - human decision though 10:41:37 DKA: thinks that geopriv is off the table meanwhile 10:42:01 ... we should more talk about the CDT proposal 10:42:08 Privacy is context specific. We cannot define context 10:42:43 q+ to explain my interests in extensibility 10:43:07 So we can only design access control but not implement "Privacy by design"? 10:43:19 A balance of usability and user choice need to be considered in establishing permissions for applications. Giving the user the ability to choose (or responsibility to use) fine-grained control does not necessarily result in good choices, as the user can be overwhelmed with the need to choose (and thus say OK whatever), or miss/misinterpret the permissions that they are actually giving. Putting the design responsibility for this into the browser 10:43:19 vendor's hands and thus limiting our APIs to what they can figure out how to design from a UI perspective, has resulted in the splitting of the APIs into "read" vs "write" or "send" vs "receive" specs with different development timelines, largely because the browser vendors have responded that they don't have an existing paradigm of representing certain operations, e.g. updating a contact. The policy-based approach is an attempt to resolve those 10:43:20 limitations, and enable the user to choose a trusted delegate which can establish a more seamless/unobtrusive and ultimately reliable set of permissions to expose to applications. Much of DAP's discussion on these has represented these as two opposite poles of this topic, but I think that is an unnecessary and unhelpful simplification of the DAP "policy" design options. 10:43:45 tlr has joined #dap 10:43:59 q? 10:44:08 ack bryan 10:44:52 policy needs device apis but device apis don't need policy. Therefore decoupling it would make a lot of sense and help us bring the (other) browser vendors in to the group. 10:45:18 ...instead we use the concept of Privacy by Design in the Device APIs with things like data minimization 10:45:19 noah: the TAG is not about UI design, we can not judge this 10:45:20 device apis do need user protection though 10:45:30 by policy or other means 10:45:47 drogers, we use a concept of Privacy by Design. 10:46:36 ...with the user at the centre of the decision making process. 10:47:03 drogersuk: the TAG can help to incorporate browser vendors, we need a dialog 10:47:40 fjh: we would like to have TAGs input on extensibility 10:48:48 noah: DAP is defining JS-APIs, there are interesting questions about extensibility, especially re privacy 10:48:54 Bryan has a good point about usability and user choice...it seems to be an issue that we often face in the group. 10:49:07 YounSung has joined #dap 10:49:09 ... one way to look at extensibility is adding functions to the API 10:49:14 arve has joined #dap 10:50:34 ... there is a "must understand" model in defining messages 10:50:41 ... this could be used for APIs 10:51:57 fjh: API versioning is another option 10:51:58 SGondo has joined #dap 10:52:57 annsik: is there some prior art where extensibility has been done right? 10:53:37 q? 10:54:09 noah: not aware of something in the security and privacy area 10:54:14 q- 10:54:45 http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/ 10:54:53 q+ 10:55:12 ack noah 10:55:12 noah, you wanted to explain my interests in extensibility 10:55:29 DKA: the minimization topic could be amplified by the TAG 10:55:54 q+ 10:56:00 ack Suresh 10:56:23 q+ 10:56:24 AnssiK: HTML is the best example I could think of wrt extensibility 10:56:47 [as input for guidelines on APIs, we have started noting some patterns in http://www.w3.org/2009/dap/wiki/ApiCheckList ] 10:59:02 s/annsik/AnssiK/ 10:59:48 Kangchan has joined #dap 11:00:24 The TAG should help clarify from the Web architecture perspective that resources include features of the host device (not just some networked service that has a location indentifiable via URIs), and that resources can be accessed via multiple interface paradigms, e.g. REST/HTTP, Javascript objects, or HTML tags. 11:00:26 ack bryan 11:00:40 s/Anssik:/Anssik,/ 11:01:24 ack richt 11:01:27 q+ to respond to bryan 11:02:00 richt: why are the browser vendors not here? The TAG can certainly help to involve them. 11:02:02 hidetaka has joined #dap 11:02:54 ... there is a fundamental disagreement in the group between "APIs and Privacy" and "Policy" 11:03:35 q+ rigo 11:03:40 richt: we should split the two discussions, possibly considering rechartering 11:04:05 +1 for addressing the issue of browser vendors (except Opera) not in this WG 11:05:39 we have to address this issue. I don't want DAP to be a talking shop and I think it's fair to suggest that Opera cannot (and will not) carry the industry without participation and support from other vendors. 11:07:53 richt, fwiw, I've wondered about your proposal before; I guess I would be willing to push that discussion once we have some insurance splitting would have an actual effort on browser vendors 11:08:23 I would really like to get back to the morning discussion and maybe define a API architecure to exactly understand how APIs fit between policy, privacy, user interaction/consent, the differences between web/widget model 11:09:05 +1 Suresh; I don't know if we should try to squeeze that into a pre-lunch discussion or put it in the schedule for this pm 11:09:15 I would like the TAG to bring the other browser vendors to the table. I disagree with breaking the group into different areas. They are closely linked - sensitive real-world APIs and security / privacy. This is the first time we are touching real, physical things 11:09:15 We see to be mixing up everything all the time unless i'm the only confused! 11:09:49 drogersuk, the TAG can't do a thing about bringing browser vendors; we as a group need to convince them 11:10:04 (which includes listening to their concerns) 11:10:37 junliao has joined #dap 11:10:38 Noah said that the TAG would facilitate the dialogue. That's what I mean 11:10:41 dom, I'm not taking part and have never taken part in the policy discussions in this group. Other vendors simply don't show up to show their position. That needs to change and the splitting discussion could go a long way to address that. 11:11:10 we've had the splitting discussion before.... 11:11:11 @richt - you will, you will :-) 11:11:36 of course, if all we define is APIs that are websafe, how much policy is left to discuss? 11:11:54 10 glazman points for darobin 11:12:22 The TAG on why declarative languages are good: http://www.w3.org/2001/tag/doc/leastPower.html 11:12:40 Zakim, who's on the phone? 11:12:40 On the phone I see Rhone_1, LauraA 11:14:37 -LauraA 11:17:11 rrsagent, generate minutes 11:17:11 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html fjh 11:17:28 wonsuk has left #dap 11:20:10 SGondo has joined #dap 11:22:47 SGondo has joined #dap 11:26:06 AnssiK has joined #dap 11:57:49 timeless_mbp has joined #dap 12:02:01 myakura has joined #dap 12:24:53 jun has joined #dap 12:31:58 kensaku has joined #dap 12:36:50 fjh has joined #dap 12:38:54 marengo has joined #dap 12:39:32 -Rhone_1 12:39:33 DI_(TPAC)3:00AM has ended 12:39:35 Attendees were Rhone_1, Daniel_Coloma, LauraA, tlr 12:40:22 jorlow has joined #dap 12:40:53 andreip has joined #dap 12:41:18 myakura has joined #dap 12:41:37 andreip has left #dap 12:41:47 andreip has joined #dap 12:43:46 lgombos_ has joined #dap 12:44:44 timeless_mbp has joined #dap 12:46:54 wonsuk has joined #dap 12:48:21 yongil_jang has joined #dap 12:51:04 pauld has joined #dap 12:53:44 SGondo has joined #dap 12:53:46 AnssiK has joined #dap 12:54:46 timeless_mbp has joined #dap 12:54:48 Kangchan has joined #dap 12:56:06 freedom has joined #dap 12:57:50 shepazu has joined #dap 12:58:23 drogersuk has joined #dap 12:58:31 YounSung has joined #dap 12:58:37 Scribe: timeless 12:59:54 soonho has joined #dap 13:00:32 freedom has joined #dap 13:00:54 dsr has joined #dap 13:01:04 present +dsr 13:01:10 junliao has joined #dap 13:01:10 nwidell has joined #dap 13:01:10 kensaku has joined #dap 13:01:11 aizu has joined #dap 13:01:12 francois has joined #dap 13:01:13 Suresh has joined #dap 13:01:14 bochen has joined #dap 13:01:32 Jun Liao from China Unicom 13:01:41 TOPIC: WAC 13:01:41 Dong-Young_Lee has joined #dap 13:01:52 Presnt+ Dong-Young_Lee 13:01:53 cmarc has joined #dap 13:01:53 David Rogers introducing WAC update 13:01:55 Present+ Jun_Liao 13:02:02 [dsr = Dave Raggett/W3C Team] 13:02:07 Present+ Dong-Young_Lee 13:02:11 jmarting has joined #dap 13:02:22 RRSAgent, make minutes 13:02:22 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html timeless 13:02:24 anne has joined #dap 13:02:26 s/ +dsr/+ Dave_Raggett/ 13:02:52 freedom_ has joined #dap 13:02:56 Claes has joined #dap 13:03:14 Wuk has joined #DAP 13:03:45 (slides will be available later) 13:04:52 zakim, who is here? 13:04:52 apparently DI_(TPAC)3:00AM has ended, fjh 13:04:53 On IRC I see Wuk, Claes, freedom, anne, jmarting, cmarc, Dong-Young_Lee, bochen, Suresh, francois, aizu, kensaku, nwidell, junliao, dsr, soonho, YounSung, drogersuk, shepazu, 13:04:57 ... Kangchan, timeless, AnssiK, SGondo, pauld, yongil_jang, wonsuk, lgombos_, andreip, jorlow, marengo, fjh, jun, arve, LauraA, danielcoloma, hendry, richt, Zakim, RRSAgent, 13:05:00 ... ingmar, wmaslowski, lgombos, trackbot, ilkka, dom 13:05:04 noah has joined #dap 13:05:08 zakim, this will be DI 13:05:08 fjh, Team_(mediaann)09:00Z is already associated with an irc channel; use 'move DI to here' if you mean to reassociate the channel 13:05:19 Zakim, this is DI 13:05:19 dom, Team_(mediaann)09:00Z is already associated with an irc channel; use 'move DI to here' if you mean to reassociate the channel 13:05:25 Zakim, move DI to here 13:05:26 ok, dom; that matches Team_(mediaann)09:00Z 13:05:41 callie has joined #DAP 13:05:45 zakim, this is DI_(TPAC) 13:05:45 dom, I see DI_(TPAC)3:00AM in the schedule but not yet started. Perhaps you mean "this will be DI_(TPAC)". 13:05:50 zakim, this will be DI_(TPAC) 13:05:50 ok, dom; I see DI_(TPAC)3:00AM scheduled to start 365 minutes ago 13:06:48 youenn has joined #dap 13:06:51 jgiraud has joined #dap 13:07:39 homata has joined #dap 13:07:48 bryan has joined #dap 13:08:07 Present+ Bryan_Sullivan; 13:08:13 DI_(TPAC)3:00AM has now started 13:08:17 WAC: http://www.wholesaleappcommunity.com/default.aspx 13:08:53 can you please open the bridge? 13:08:58 Present+ Bo_Chen 13:09:13 tlr has joined #dap 13:09:20 maoteo has joined #dap 13:09:27 Zakim, call Rhone_1 13:09:27 ok, dom; the call is being made 13:09:27 zakim, call rhone_1 13:09:29 ok, fjh; the call is being made 13:09:56 Present+ Maria_Oteo 13:10:15 Present+ Daniel_Coloma 13:10:25 hidetaka has joined #dap 13:11:05 timeless_mbp has joined #dap 13:12:29 Public spec URL: http://public.wholesaleappcommunity.com/redmine 13:13:46 -> http://public.wholesaleappcommunity.com/redmine/embedded/wac2pubrev/ WAC Waikiki Developer Release Specification 13:14:16 bryan: app launcher has been reduced in the current release to URI schemes ... 13:14:24 ... and a specification of how to launch the browser 13:14:33 ... which from the widget perspective is not always clear in everyone's mind 13:14:48 ... the ability to launch an arbitrary application has been reserved for a future release 13:14:52 Present+ Niklas_Widell 13:15:03 Present+ Koan-Sin_Tan 13:15:15 darobin has joined #dap 13:15:27 Present+ Claes_NIlsson 13:15:37 darobin: are you suggesting we provide such an api later (as opposed to sooner)? 13:15:37 jiyong_park has joined #dap 13:16:07 bryan: the app launcher proposal has additional use cases which are not satisfied by simple URI schemes 13:16:09 s/are you suggesting we provide such an api later (as opposed to sooner)?/from a WAC perspective, do you think we should follow a similar approach to AppLauncher in DAP?/ 13:16:32 DR: ... one other area... 13:16:47 ... we have our default policy, which explains how we think certain prompting should be allowed/not allowed 13:17:01 Johnson has joined #dap 13:17:02 ... we'll upload our example policy to our web site 13:17:16 ... it can be tweaked... 13:17:22 Present+ Hiroyuki_Aizu 13:17:25 ... we'll have a standard default policy that people can take 13:17:32 ... and we'll have a child aware parental policy 13:17:42 ... which will lock down Geolocation and maybe camera 13:17:44 Present+ Johnson_W 13:17:48 ... it's fairly new 13:17:57 ... something for parents to use to somehow protect their children 13:18:06 ... any questions? 13:18:14 wuj has joined #dap 13:18:15 fjh: you mentioned two things that were changed? 13:18:19 ... application launcher and? 13:18:23 DR: gallery 13:18:34 ... it was deemed to be a subset of file api, so it was folded into that 13:18:41 seungjae has joined #dap 13:18:50 ... The file system api is a subset of the real file system, it's basically virtual mounts 13:19:09 danielcoloma: Part of these roots include Video, Images and Sounds 13:19:16 ... those covered the use cases for Gallery 13:19:28 Suresh: you use terms like untrusted 13:19:32 ... which we discussed earlier 13:19:49 ... what is the characterization, how do you use them in WAC? 13:20:10 DR: as in mobile devices, there is a provision to map onto Digital Signatures as in Widgets 13:20:51 ... The publisher ID is verifiable ("class 2") 13:21:15 ... getting a WAC seal of approval enables more api access 13:21:25 Suresh: can you relate this with the discussions from earlier? 13:21:32 ... does open web fall into one of these categories? 13:21:43 DR: the example i wanted to highlight is the Browser vs. Widget model 13:21:47 ... if we do use Geolocation 13:22:01 ... the mozilla mobile application, Fennec 13:22:25 ... when a site prompts and is confirmed 5 times, the affirmation becomes permanent 13:22:33 ... and it isn't prompted for again 13:22:46 ... There isn't much difference between that model and ... 13:23:00 ... You still need to get the user to make some kind of decision. 13:23:13 [I note that WAC specs cover accelerometer, which has also been discussed in W3C geloc lists] 13:23:15 ... And there might just be terminology differences 13:23:26 ... Wakiki ? 13:23:53 ... When we started doing BONDI. We envisioned that Charities or AV vendors might want to implement Policies and trust 13:24:09 ... The reason we provided a default policy, was that we felt some implementers wouldn't know what to start with 13:24:28 ... Unlike a firewall where things break surprisingly 13:24:38 ... Our APIs return a response indicating policy rejection 13:24:51 ... Our target is Barcelona (Mobile World Congress) 13:25:15 ... We recognize that developers are the heart of this. Without listening to developers, there will be no applications in the app stores 13:25:25 ... So it's necessary to help seed things 13:25:44 ... People may sneer at SDKs, but the majority of people can't write applications with just Notepad++ 13:25:53 ... We want to make writing applications as easy as possible 13:26:00 ... We want to work very closely with W3C 13:26:15 ... We've already made a clear statement that we endorse W3C specifications 13:26:20 ... We'd like to have regular meetings 13:26:27 [ DR is reading a slide ] 13:26:43 [ Slide 17 ] 13:27:12 DR: Questions? 13:27:36 Claes: When it comes to the type of application you intend to provide with WAC 13:27:44 ... are you intend to do some differentiation because ... 13:27:56 q+ to ask about relation between WAC accelerometer spec and Geoloc device orientation event spec 13:27:57 ... one argument for WAC is that you can make applications that are platform independent 13:28:11 ... but you still have to compete with [Apple] AppStore and 13:28:17 ... Android Market 13:28:26 DR: so you're asking "what's the killer app for WAC?" 13:28:31 ... but that's not your question 13:28:36 ... The value is the long term 13:28:53 ... People who are using iPhones are a tiny proportion of all mobile users in the world 13:29:05 ... We have a vendor in the Philippines 13:29:14 ... They were using SMS for applications 13:29:23 ack dsr 13:29:23 dsr, you wanted to ask about relation between WAC accelerometer spec and Geoloc device orientation event spec 13:29:29 ... So it's kind of like moving from DOS to Windows 13:29:38 SGondo has joined #dap 13:29:38 ... This stack makes it very easy to go to HTML5 13:29:51 ... The native application space could be very easily embraced in WAC 13:29:59 ... We're open to them, and it's under study 13:30:14 dsr: The relationship between WAC and W3C specs..? 13:30:30 ... I saw Accelerometer which is under study in Geolocation 13:30:43 DR: danielcoloma did you want to talk about Accelerometer in W3C 13:30:50 http://dev.w3.org/geo/api/spec-source-orientation.html 13:31:01 danielcoloma: We don't believe the W3C draft is stable enough 13:31:12 fjh: so you're saying you will use it when it's stable? 13:31:21 danielcoloma: The target is MWC2011 13:31:32 ... which is before the W3C spec would be ready 13:31:41 [ so they needed their own in the interim ] 13:31:51 Geloc DeviceOrientation spec http://dev.w3.org/geo/api/spec-source-orientation.html 13:31:52 Topic: Continuation of Permissions Discussion 13:32:18 versus http://public.wholesaleappcommunity.com/redmine/embedded/wac2pubrev/deviceapis/accelerometer.html 13:32:57 q? 13:33:36 Suresh: if you take the presentation from WAC 13:33:43 ... and put in the mix of discussions in this group 13:33:48 ... there's a lot of overlap 13:34:03 ... I think we need to start with some sort of architecture. what falls in what. 13:34:09 ... which parts can be separated out 13:34:14 ... Security has various things, signing 13:34:19 q+ 13:34:26 ... Versus getting permission to do some thing 13:34:27 q? 13:34:47 igarashi has joined #dap 13:34:51 suresh asks for clear architecture picture, and clear requirements 13:35:11 Suresh: on the one hand, we're asked to bake Security and Privacy into the API 13:35:21 ... In WAC, they have some kind of default policy 13:35:26 ... you prompt the user, or you don't prompt 13:35:43 ... In our case, we have an example with Geolocation where the suggestion is prompt the user 13:35:57 ... What are we trying to achieve in putting security into the APIs? 13:36:09 darobin: The goal is to not create security/privacy issues 13:36:14 ... when running in the Same Origin model 13:36:25 ... What it implies is integrating with a user understandable workflow 13:36:35 ... You click on something, and get a contact picker 13:36:44 ... People aren't fooled when they click on a file upload button 13:36:54 ... They understand that they're giving file info to the web site 13:37:13 ... Similarly, with Geolocation, whenever there's a security boundary, you make it asynchronous 13:37:24 ... It might talk to a permission server, or call someone up 13:37:25 q+ 13:37:42 ... If we go to a model, where the only API specs we release work with a model 13:37:48 s/model/approach/ 13:38:07 ... preferably where there's a model that doesn't result in 7 infobars 13:38:40 ... For new features, it means we might mean we need to delay things 13:38:51 ... until we know how to expose it in a safe manner 13:39:20 Suresh: you mentioned a workflow the user could understand 13:39:35 ... the user has to pick what it wants 13:39:48 darobin: we define an interface such that you can build a UI that we think is correct 13:40:02 ... If you want to build a different model, or you want to say screw the security model 13:40:09 ... I want to return all the contacts 13:40:12 ... that's fine. 13:40:20 ... Taking the contacts example 13:40:30 ... If you want to allow for selecting an item, that's ok. 13:40:45 ... But if you want to provide a way to allow a widget to allow access to all contacts, that's ok. 13:40:53 DAP has createt this draft that is defining 3 basic use cases: http://dev.w3.org/2009/dap/policy-reqs/#normative-references 13:40:56 Suresh: someone could use our contacts API to do both of those 13:41:00 darobin: that's our point 13:41:12 ... it works in Browser or a more powerful Widget 13:41:24 ... The exact same code would work in both places 13:41:30 Suresh: taking this model, you could do it safely 13:41:35 ... Save and Delete are not safe 13:41:56 [ darobin described how to select one, or select * - for selecting contacts ] 13:42:06 Suresh: you could have checkboxes to do save/delete 13:42:09 darobin: it's possible. 13:42:24 ... the issue with Delete is the problem of how to define a metaphor 13:42:35 ... because there's no matching metaphor in the browser interface for deleting something 13:42:42 Suresh: the browser could throw up a dialog 13:42:57 darobin: the browser does for deleting cookies, but that isn't from the web page 13:43:09 ... we can find this, those things are harder to do 13:43:23 ... you could prioritize Reading, and 6 months later make a Writing API 13:43:32 Suresh: no matter how you solve permissions / user prompts 13:43:48 ... you need those apis to do the reading/writing 13:44:12 ... there's an api no matter which ui paradigm you take 13:44:25 q? 13:44:31 q+ richt 13:44:37 ack Claes 13:44:50 Claes: we have been working on a document 13:44:59 ... Device API access control use cases 13:45:08 ... that states 3 basic use cases for Access Control 13:45:15 ... we made some conclusions when we made that document 13:45:20 ... i'm not sure if we're going to discuss that 13:45:31 darobin: the idea is to finish it 13:45:37 Claes: i think it's quite simple 13:45:45 ... all apis must be usable in an untrusted environment 13:45:53 ... and in addition, if i have a trusted authority 13:46:05 ... we should provide a way for it to work without as much user interaction 13:46:20 darobin: In a non chair view, 13:46:25 q? 13:46:32 ack bryan 13:46:49 bryan: that we need to find a model that works makes perfect sense 13:46:59 ... managing file systems... 13:47:06 ... I think people understand those things 13:47:20 ... The important things is that when a user allows for things to occur 13:47:26 ... is an important decision 13:47:35 ... When the user says "yeah, i trust you" 13:47:42 ... the point is that it's persistent 13:47:49 ... that could happen before they launch the widget 13:47:52 ... or application 13:48:02 ... but the user doesn't have to make the decisions in real time 13:48:07 ... because that could break the application 13:48:19 darobin: I'll go one step furhter 13:48:22 Kai has joined #dap 13:48:24 s/furhter/further/ 13:48:33 ... we need to be even more flexible than that 13:48:44 ... We need to enable smarter implementations 13:48:52 .... we might have a trust delegation 13:49:01 ... or prompt 13:49:13 q- 13:49:27 ... The ideal model would be flexible enough to handle different implementations 13:49:29 API orthogonal to security and privacy model 13:49:33 ack richt 13:49:39 richt: there's basically different levels for paradigms 13:49:46 ... but there are a lot of apis available out there 13:49:50 ... taking the file system apis 13:49:54 ... [in webapps] 13:50:00 ... you could have a service level contact book 13:50:00 s/API/darobin: API/ 13:50:03 hidetaka_ has joined #dap 13:50:08 ... you could use IndexDB 13:50:16 ... you could synchronize with the contacts book 13:50:21 ... when it comes to the API design 13:50:27 ... I think it makes sense to look at use 13:50:31 ... instead of management 13:50:41 ... The idea is to look out how people will use the API is what's important 13:50:45 ... in contacts it's getting 13:50:48 ... in calendar it's saving 13:51:14 Suresh: I think the usage, we get into usability 13:51:22 ... are we the experts to solve that 13:51:27 richt: it's an ongoing dicussion 13:51:35 ... there are different levels to address that 13:51:43 q? 13:52:42 [ scribe lost dom's statements ] 13:52:46 dom: this is introductory discusson on whether we want to work on APIs that require a different security model than the browser model 13:52:57 darobin: as dom stated: do we ever want to release a specification of an api 13:53:13 ... for which we don't know how to create a safe implementation in the browser 13:53:32 Suresh: I think we need to create something safe. And it has to be useful 13:53:44 ... In both environments, you could have different default states 13:53:54 ... I get a feeling that we're being more concerned than we should be 13:54:02 ... In the process, we're having a very minimal api 13:54:12 darobin: I don't think we're going with minimal api 13:54:18 ... we're shipping what we're confident we can ship 13:54:30 ... When we ship X, we're saying we know how to implement X 13:54:44 ... And we can do Y later, when we know how to do it 13:54:52 ... It's about not delaying releasing X 13:54:59 ... while we figure out Y 13:55:24 Suresh: We talk about environment where widget environment is more trusted 13:55:36 darobin: I don't think we want our documents to reflect a distinction 13:55:48 ... we should make apis that work in both environments 13:55:54 ... [ Widgets and Open Web ] 13:55:58 q+ 13:56:01 q? 13:56:05 ... We can make things that work in both environments 13:56:28 Suresh: People are used to interacting with device 13:56:40 q+ to talk about not two different environments but rather a large number including a default one 13:56:43 ... in that environment, we could expose more functionality 13:56:55 ... But in browser, we might expose less functionality 13:57:19 ... We seem to be limiting our UI toward what might be on the Web 13:57:31 darobin: the kind of architecture under discussion allows us to do both 13:57:34 ... it's just more work 13:57:46 ... because we need to find ways to expose these things that are safe in the default environment 13:58:17 q+ to mention the browser security model might become an important feature 13:58:19 darobin: If we need to make everything work in both worlds with the same functionality, it is harder to do safely 13:58:29 We need to bridge to the browser with common APIs but acknowledge that the APIs need security to be used. That, in our environment (mobile, widgets) is a policy framework. It could still work with something else that does this in the browser 13:58:30 ... It might delay things, but I think it's the more powerful path 13:59:04 Suresh: a lot of where we're getting stuck is the UI paradigm 13:59:17 richt: I don't believe we can separate the layers 13:59:25 ack drogersuk 13:59:28 jorlow has joined #dap 13:59:39 jorlow_ has joined #dap 13:59:53 drogersuk: we have a consensus 13:59:57 ... that we need common APIs 14:00:05 ... and we understand that these APIs are sensitive 14:00:12 is your point, drogersuk, that policy framework is an implementation decision and aspect? 14:00:20 ... the key question lies around, us saying that if you use this api, you have to use security 14:00:31 ... In our environment, in the widget world, we say you use policy 14:00:48 fjh, I like your characterization of david's point 14:00:55 ... In the browser that could be some other kind of security 14:01:02 ... the point is that there is security for this kind of API 14:01:22 drogersuk: (answering fjh) yes 14:01:36 darobin: it's an obligation, but how you do it is an implementation choice 14:01:41 ... but before we design an api 14:01:52 ... we need to make sure it's possible to make it secure in the default web environment 14:02:06 q? 14:02:08 ack me 14:02:08 darobin, you wanted to talk about not two different environments but rather a large number including a default one 14:02:10 ack dom 14:02:12 dom, you wanted to mention the browser security model might become an important feature 14:02:24 dom: building in security is costly 14:02:28 ... but it's a feature 14:02:38 ... there was a story recently about Facebook 14:02:45 ... where it got phone numbers 14:02:49 ... without asking the user 14:03:07 ... I agree that we're making it more difficult to have access to features 14:03:13 ... which seem natural in a controlled environment 14:03:21 ... but I think we need to look at more than the cost 14:03:29 ... to make sure we understand the benefit to the user 14:03:46 Suresh: I'm afraid of us taking 2-3 years to come out with something that won't be useful 14:04:09 q+ 14:04:31 from before: We need to bridge to the browser with common APIs but acknowledge that the APIs need security to be used. That, in our environment (mobile, widgets) is a policy framework. It could still work with something else that does this in the browser 14:04:37 RRSAgent, make minutes 14:04:37 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html timeless 14:04:46 proposed RESOLUTION: the sense of the WG is to require security without mandating the mechanism apart from requiring safe use in a browser context 14:04:48 ack nwidell 14:04:53 PROPOSED RESOLUTION: we should focus on API features that can be implemented safely in the default browser policy model 14:05:29 nwidell: You could have an API which has a messy UI implementation 14:05:32 agree with fjh's proposal 14:05:32 q? 14:05:39 ... if it's useful, people will try to work to resolve the UI situation over time 14:05:57 dom: but what you're describing ought to happen before standardization, not after 14:06:08 ... I think the risk is that you if you try to standardize something like that 14:06:14 ... it won't have a long duration 14:06:59 ... I'm not sure that trying to push something early 14:07:07 nwidell: it was to avoid having two APIs 14:08:20 dom, I agree with everything you say...at the least, +1 to your proposal :) 14:08:43 dom: if someone wants to propose an api featuer 14:08:47 s/featuer/feature/ 14:08:59 ... they need to explain how they expect it to work in a browser environment 14:09:06 Suresh: can that be with policy? 14:09:08 darobin: no 14:09:26 Suresh: I'm not sure what you mean browser, do you mean desktop? 14:09:29 darobin: no, it could be mobile 14:09:40 Suresh: I'm coming from a device vendor 14:09:42 rigo has joined #dap 14:09:47 ... we have a focus on controlling the environment 14:09:53 q+ 14:09:54 darobin: Suresh, if you don't think it's safe 14:10:00 ... desktop won't think it's safe either 14:10:08 ack rigo 14:10:16 rigo: for this policy environment 14:10:37 ... one of the ideas is to make it easily consumable 14:10:43 ... the problem is making an api consumable 14:10:48 ... the problem with an api control point 14:10:54 darobin: if you see something unsafe in a mobile browser, it's almost certainly unsafe in a desktop environment too — there is no strong distinction 14:10:58 ... is that you don't have enough information coming through the api 14:11:04 ... to enable informed consent 14:11:10 q+ to note we left out privacy from resolution 14:11:18 ... because you don't have enough information to warn the user if it's safe or dangerous 14:11:27 ... the suggestion is that we somewhat express the semantics 14:11:33 ... that give you the possibility to convey more information 14:11:39 ... from the one requesting the information 14:11:46 ... to the one giving the information 14:12:01 ... so that we enable the app to provide assertions 14:12:12 ... so the UA can provide a meaningful question 14:12:24 ... so the user can make an informed decision 14:12:32 ... There was a proposal at the October (?) session 14:12:38 ... with a JSON mechanism 14:12:47 ... which would provide a richer exchange 14:12:49 q+ 14:12:53 ack fjh 14:12:53 fjh, you wanted to note we left out privacy from resolution 14:12:55 q+ 14:13:04 fjh: i don't disagree with that 14:13:11 ... I think the resolution was scoped narrowly 14:13:30 ... I think we need @@ ... @@ in the browser 14:13:36 .... I think the privacy issue still stands 14:13:49 ... but I think that's a different issue 14:13:54 ... than a policy framework 14:14:02 ... which might not provide what we want 14:14:04 q? 14:14:07 q? 14:14:11 ack me 14:14:11 I note that "safely" doesn't clearly distinguish between security and privacy! 14:14:12 ack timeless 14:14:24 I just heard something which reminds me 14:14:28 ... of something from a while ago 14:14:53 "sicherheit" - safety and security 14:14:58 why is it valuable to conflate security and privacy? 14:15:21 let P3P sleep in peace :) 14:15:24 fjh: the group understand the scribe's concern 14:15:25 q+ 14:15:35 ack drogersuk 14:15:41 drogersuk: on Privacy and Security 14:15:47 ... they are separate but intertwined 14:16:01 ... I did propose what rigo proposed to BONDI 14:16:05 ... for example Location 14:16:09 ... If you look at android 14:16:23 ... you find the number of applications that ask for location 14:16:25 ... is quite high 14:16:31 so timeless, let's have an argument in the break. I can even explain you how P3P enforcement worked 14:16:39 ... and malicious applications will ask for the highest precision 14:16:52 darobin: how you implement it, and how you support trust 14:17:12 drogersuk: What I'm saing is that in other environments, it isn't working 14:17:23 darobin: I'm disagreeing with going in a direction away from a resolution 14:17:29 s/ask for location/ask for fine-grain location information/ 14:17:38 PROPOSED RESOLUTION: we should focus on API features that can be implemented safely in the default browser policy model 14:17:40 q? 14:17:48 ack bryan 14:18:13 @timeless - correction: fine grained location permissions request 14:18:47 q+ 14:18:54 bryan: is that like Geolocation? 14:19:05 darobin: yes, but we're aware it's suboptimial 14:19:12 bryan: is everything Same Origin 14:19:29 PROPOSED RESOLUTION: the sense of the WG is to require security without mandating the mechanism apart from requiring safe use in a browser context 14:20:18 fjh: our real decision is to not require building a policy framework into the browser 14:20:29 wuj has joined #dap 14:20:43 drogersuk: my concern with dom's proposal 14:20:50 ... is that it seems to constrain the number of APIs 14:21:03 PROPOSED RESOLUTION: The WG will deliver APIs that do not mandate a specific security model but function safely in all contexts, especially the default browser security context 14:21:03 darobin: the important part from dom's proposal is that we have to prioritize 14:21:13 ... APIs, based on what's important 14:21:18 PROPOSED RESOLUTION: We prioritise API functionality for which we have security solutions 14:21:25 bryan: fjh's proposal about not mandating the mechanism 14:21:30 ... add that to dom's.... 14:22:14 fjh: i don't like the first one because for browsers it can't be policy framework 14:22:34 darobin: as i described earlier for contacts 14:22:41 ... if you're in the browser, you might get a find contacts 14:22:46 s/first one/second one 14:23:00 ... but in a Widget you might get everything automatically from search:* 14:23:03 PROPOSED RESOLUTION: The WG will deliver APIs that do not mandate a specific security model but ensure the safety and security of the user in all contexts, especially the default browser security context 14:23:04 s/be policy/necessarily be a policy 14:23:18 darobin: i can live with that 14:23:30 fjh: any objections to drogersuk 's proposal? 14:23:37 darobin: you actually read stuff before agreeing?! 14:23:52 bblfish has joined #dap 14:24:03 hi 14:24:08 nwidell: haven't we resolved this before? 14:24:20 s/hi// 14:24:27 s/hi// 14:24:44 I still think we should continue working on security alongside the APIs 14:25:03 Dong-Young_Lee: what's the problem of mandating a policy framework? 14:25:11 fjh: the policy framework is something specific 14:25:20 ... which raises questions of who writes the framework 14:25:26 ... and how does that work on the web 14:25:44 darobin: and there's the bit of no one wants to write or maintain it for the web 14:25:57 q+ 14:26:05 Dong-Young_Lee: so we delay our work, until some mechanism until a mechanism other than the policy model? 14:26:10 ack drogersuk 14:26:14 drogersuk: we have a duty to work on ... 14:26:31 ... something so we can support multiple security models 14:26:37 ... one for mobile 14:26:49 ... e.g. Google came to the table with PowerBox 14:27:00 ... More to do with implementation than specification 14:27:09 dom: any objections to the proposed resolution? 14:27:26 lgombos: so if this is very sensitive in a default browser environment 14:27:35 ... do we have to call that out in the specification 14:27:43 ... do we make it optional for browsers? 14:27:48 darobin: if there's something that's sensitive and dangerous 14:27:55 ... and we don't have a solution for it in browsers? 14:28:05 ... then we don't spec it until we have a solution 14:28:15 drogersuk: there's also a group that tlr is working on 14:28:29 PROPOSED RESOLUTION: The WG will deliver APIs that do not mandate a specific security model but ensure the safety and security of the user in all contexts, especially the default browser security context 14:28:59 . The group will continue to work on security. 14:29:11 darobin: yes, with that 14:29:32 RESOLUTION: The WG will deliver APIs that do not mandate a specific security model but ensure the safety and security of the user in all contexts, especially the default browser security context. The group will continue to work on security. 14:30:15 RRSAgent, draft minutes 14:30:15 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html dom 14:30:18 PROPOSED RESOLUTION: We prioritise API functionality for which we have security solutions 14:30:48 RESOLUTION: We prioritise API functionality for which we have security solutions 14:30:57 [ break ] 14:31:12 [ return @ 4pm ] 14:35:41 andreip has joined #dap 14:39:50 jorlow has joined #dap 14:43:26 tlr has joined #dap 14:44:25 tlr has joined #dap 14:47:47 nwidell has joined #dap 15:00:27 freedom has joined #dap 15:01:58 marengo has joined #dap 15:03:02 bblfish has joined #dap 15:04:37 homata has joined #dap 15:05:35 jmarting has joined #dap 15:06:04 youenn has joined #dap 15:06:41 aizu has joined #dap 15:06:49 hidetaka has joined #dap 15:08:43 scribe: dsr 15:08:57 we resume after a coffee break 15:09:26 Robin: suggest we keep going with the agenda. [link?] 15:09:31 Here's the proposal to simplify the Sys Info API: http://lists.w3.org/Archives/Public/public-device-apis/2010Oct/0076.html 15:09:37 adam has joined #dap 15:10:21 The draft is kind of big. At the same time the Android browser has a different way to describe the network connection type. 15:10:30 Topic: SysInfo 15:10:32 http://www.w3.org/mid/23BEF3D8-2957-4D6F-99EE-61EF1479C97B@berjon.com 15:10:32 http://lists.w3.org/Archives/Public/public-device-apis/2010Oct/0059.html (Illka) 15:10:32 http://lists.w3.org/Archives/Public/public-device-apis/2010Oct/0076.html (Rich) 15:10:44 +1 to alignment wirh browser :) 15:11:06 This presents us with a choice, we could align with what is happening in the browser or continue with the current proposal in the draft (see above) 15:11:20 francois has joined #dap 15:11:44 marengo has joined #dap 15:12:18 zakim, who is here? 15:12:18 On the phone I see no one 15:12:19 On IRC I see marengo, francois, adam, hidetaka, aizu, youenn, jmarting, homata, bblfish, freedom, tlr, jorlow, andreip, wuj, rigo, Kai, igarashi, Johnson, darobin, timeless, 15:12:24 ... maoteo, bryan, jgiraud, Wuk, Claes, anne, cmarc, bochen, Suresh, kensaku, junliao, dsr, soonho, YounSung, shepazu, Kangchan, AnssiK, wonsuk, lgombos_, fjh, jun, LauraA, hendry, 15:12:26 ... richt, Zakim, RRSAgent, ingmar, wmaslowski, lgombos, trackbot, ilkka, dom 15:12:46 Rich talks us through his proposal for a simplication (email to DAP WG list) 15:12:47 (I didn't get a chance to reply to Rich's message on the list, but I mostly +1 his proposal) 15:13:11 on 29 Oct (SysInfo API vs Generic Sensors API) 15:13:45 kkim has joined #dap 15:13:47 This is from the Android browser 15:13:56 q+ 15:14:24 q+ to ask about event handlers, and if they're needed 15:14:42 robin notes a mistake in the proposed WebIDL where type is shown as a method rather than an attribute 15:14:50 [uri? for his email] 15:15:10 http://lists.w3.org/Archives/Public/public-device-apis/2010Oct/0076.html 15:15:28 nwidell has joined #dap 15:15:52 Bryan: this moves us to an object oriented approach as opposed to a vocabulary oriented approach which could create problems for future extensibility. 15:16:50 Robin: to clarify we would keep the SysInfo mechanism for extensibility but introduce the simpler interface in parallel. 15:17:57 could you infer you were on a corporate network? 15:18:11 Bryan: you could infer that someone is at home from the details of their network connection info, this is a privacy concern. 15:18:29 Robin: the information available is limited e.g. on 3G or WiFi 15:20:10 Suresh recaps background leading up to where we are now. We should take this decision in the context of all the SysInfo params. 15:20:51 Dom: the fact that the simple approach already has some traction should be taken into account, but it is only one of several proposals. 15:20:57 Is it correct to say that all information provided in the proposal from Rich will still be provided using the current SysInfo API draft? 15:21:17 q? 15:21:26 ack bryan 15:21:43 ack AnssiK 15:21:43 AnssiK, you wanted to ask about event handlers, and if they're needed 15:21:47 May be we should add event handlers to avoid the need for polling? 15:21:56 q+ fjh to confirm alternative 15:22:30 manyoung has joined #dap 15:22:30 ack fjh 15:22:30 fjh, you wanted to confirm alternative 15:23:19 implement EventTarget, add connectionchange event type 15:23:19 Is the proposal to remove some information from SysInfo where it is available from the Android interface? 15:24:04 q+ hendry 15:24:32 ack hendry 15:24:37 Suresh: some properties can be synchronous, but others could necessitate polling or asynchronous, let's keep some synchronous properties where practical. 15:24:56 Dong-Young has joined #dap 15:25:07 q+ 15:25:33 Rich: what do we want to do next? 15:26:22 Bryan: this is currently only supported by Android and not other browsers. Do we want to do this, and don't we need to get Google's consent? 15:26:22 q+ to ask about vpn's 15:26:46 Google is in this WG and signed up to its IPR policy. 15:27:55 hendry: type just caches last seen connection type; Android browser fires online when the type changes 15:27:57 ack me 15:27:57 timeless, you wanted to ask about vpn's 15:28:11 Robin: numerical constants are bad for developers, and named methods/properties are preferable. 15:28:54 Josh: worried about information leakage e.g. website learning about my VPN. 15:29:39 rrsagent, generate minutes 15:29:39 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html fjh 15:29:58 Rich: this is why we need a spec to clarify that that can't occur. 15:30:40 q+ 15:30:46 Robin: if you are on 2G you might want to avoid using web fonts for performance reasons. 15:30:46 Present+ Dong-Young_Lee 15:30:55 s/Presnt+ Dong-Young_Lee// 15:31:20 Present+Manyoung_Cho 15:31:31 Josh: download rate is critical for my user experience, not the details of the network connection. 15:31:40 s/David Rogers introducing WAC update/David Rogers introducing WAC update, WAC 1.0 is here: http://www.wholesaleappcommunity.com/\// 15:32:43 s/(slides will be available later)/WAC Waikiki (public draft) is here (feedback is actively encouraged): http://public.wholesaleappcommunity.com/\/ (slides will be available later)/ 15:32:50 rrsagent, generate minutes 15:32:50 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html fjh 15:32:57 q+ 15:32:58 Josh: giving people an API that encourages sloppy practices, when developers could use code to adapt to the network speed directly. 15:34:12 Dom: this might be difficult in practice. 15:34:17 .. it seems tha the android implementation has an eventing mechanism - The online event is fired when the networkType changes. 15:34:21 s/tha/that/ 15:34:48 q? 15:35:38 q- 15:35:45 SGondo has joined #dap 15:35:55 Kai has joined #dap 15:36:07 [I recommend not bundling the new proposals together] 15:36:13 Robin summarizes. 15:36:15 ack bryan 15:36:59 Bryan: we already have this use case, so it doesn't argue strongly for the Android interface. 15:37:46 Josh: the browser doesn't have control over which network connection packets flow (apart from Symbian). 15:37:49 Bryan: also, our proposal can deal with several connections; this one doesn't 15:39:29 Bryan repeats concern over privacy. 15:40:11 q+ to note that IP addresses generally disclose network topology (Cable, DSL, T1, Cellular, WiFi hotspot) 15:40:14 Bryan: we have a security solution for our existing API, but not for this new proposal. 15:41:00 bblfish has joined #dap 15:41:02 Rich proposes to draft a spec based upon the Android solution. 15:41:06 q+ 15:41:38 Robin: if we have a detailed proposal then we will be in a stronger position to review its security. 15:42:07 Henry: I would rather have network speed rather than its specific type. 15:42:55 Josh: it is important to test the performance in the kinds of data the app needs, e.g. latency/jitter on video 15:42:58 ack timeless 15:42:58 timeless, you wanted to note that IP addresses generally disclose network topology (Cable, DSL, T1, Cellular, WiFi hotspot) 15:43:00 ack illka 15:43:04 ack ilkka 15:43:26 q+ timeless 15:43:31 Ilka: network characteristics can change dramatically over time. 15:43:44 q? 15:44:05 s/Ilka:/Ilkka:/ 15:44:15 + 15:44:18 q+ 15:44:28 ACTION: Rich to create an editors draft for new proposed network connection API 15:44:28 Sorry, couldn't find user - Rich 15:44:33 ACTION: Richard to create an editors draft for new proposed network connection API 15:44:33 Created ACTION-294 - Create an editors draft for new proposed network connection API [on Richard Tibbett - due 2010-11-11]. 15:44:33 ack bryan 15:44:38 ack me 15:45:29 Josh: IP addresses generally disclose network info, e.g. which type you are using. 15:46:12 Bryan: disagree (details lost) 15:46:23 ack suresh 15:46:50 Suresh: would like to see this approach applied broadly. 15:46:59 Dom: safe and useful. 15:47:23 Topic: Contacts API 15:47:23 IP addresses provided by mobile networks cannot be mapped to a particular location - they are public IP addresses assigned to the data center that the mobile device is connected to, and which may be hundreds of miles away. This is how mobile networks are architected. 15:47:49 q? 15:48:09 Henry: I could spend 2 minutes describing link with WebId 15:48:16 Robin: go ahead 15:49:01 [ see e.g. http://esw.w3.org/WebID ] 15:49:06 q+ 15:50:17 Rich: HTML5 gives us keygen mechanism which could be useful. 15:50:40 Dom: this is an API not a format. 15:51:04 tlr has joined #dap 15:51:07 Henry: ah thanks for the clarification. 15:51:26 Henry will communicate offline with Rich. 15:51:57 Rich: work on the contacts API has been a fun ride ;) 15:52:11 manyoung has left #dap 15:52:32 Sorting is hard. Similar discussion in Web Apps WG earlier this week. 15:52:57 Question I was going to ask (on the queue) for Henry: how are the private keys protected for WebID? Are there any specific requirements for where these keys are kept and how protected? 15:52:59 q- 15:53:18 Robin: leave it to JavaScript. (Unicode string sorting) 15:53:24 +1 15:53:50 Rich: Appendix B.1. 15:54:29 this example has been there for a long time 15:54:35 -> http://dev.w3.org/2009/dap/contacts/ Contacts API editors draft 15:54:55 B.2 is a way to invoke API synchronously. 15:55:25 works similar to window.open 15:55:37 [I'm thinking the button binding should probably be the only way to access the contacts API] 15:55:59 untrusted code results in pop-up blocker kicking into effect. 15:56:03 q+ 15:56:29 trusted if as a result of a user action, e.g. button press 15:56:43 [my main concern is that with the button text being able to say anything, this can be used for social engineering] 15:56:48 q+ 15:56:52 q+ 15:57:04 q+ 15:57:38 body.addEventListener('click', doEvil, false); 15:57:41 q? 15:57:47 ack dom 15:57:51 would avoid that 15:57:55 Dom: prefer the requirement for direct user action, but concerned about social engineering where users are "tricked" into doing something 15:58:20 degrades to , which is an issue 15:58:21 bryan: private key are kept in keychain in browser 15:58:51 Rich: web developers circumvent official controls for a variety of reasons 15:59:02 http://valums.com/ajax-upload/ 15:59:56 drogersuk has joined #dap 16:00:00 Clicking on an image acting as a button results in the file selection dialogue appearing 16:00:10 SGondo has joined #dap 16:00:37 tlr has joined #dap 16:00:49 Robin: advantage of non-user initiated version is that it results in (missed) 16:01:22 s/(missed)/it can re more easily re-used in the "trusted environment"/ 16:01:27 http://www.w3.org/TR/DOM-Level-3-Events/#trusted-events 16:02:14 s/can re/can be/ 16:03:15 Rich: we need to describe the connection to DOM3 trusted events 16:03:31 ack AnssiK 16:03:36 Robin: any objections to making it normative 16:03:51 Kai has joined #dap 16:04:01 q+ 16:04:28 Ilkka: concerned about developer's tricking users 16:04:45 s/Ilkka/Anssi 16:05:42 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html tlr 16:05:47 Some discussion about event bubbling and trust model 16:06:23 manyoung has joined #dap 16:06:30 ack lgombos_ 16:06:43 Josh talks through the details of click jacking... 16:07:31 q? 16:07:33 you can probably game the user to double click and hit enter 16:07:35 ack nwidell 16:08:02 but if you add a lag between filling in contacts (etc.) and if you default to cancel instead of submit in the dialog, you're probably ok 16:08:13 nwidell: in this case does the fact that the events are trusted matter that much? 16:08:52 richt: editorial, can you use green instead of red for {}s ? :) 16:09:20 Rich: this is how file upload works today 16:09:36 noah has joined #dap 16:09:51 q+ 16:11:03 Rich projects a click jacking example where the submit button has opacity zero. 16:11:13 q? 16:11:26 q+ 16:11:26 ack bryan 16:11:36 q+ !!! :) 16:11:42 q- !!! 16:11:45 q+ 16:12:16 Bryan: question - once I've picked a contact, does that mean I have perpetual access to that contact, or at least for the rest of the browser session? 16:12:42 you should probably have access for the life of the script. 16:12:49 is this access to the data or to the object? 16:12:54 Dom: to the data 16:12:55 but right now you get a snapshot of the data 16:13:28 q? 16:13:35 bryan: suggests creating a test case for this case to make sure it is the case 16:13:41 RESOLUTION: Contacts data is a snapshot, not a live mirror of the contacts DB info 16:13:50 ack lgombos 16:14:31 lgombos: does this interface open the contact info directly? 16:14:38 q+ 16:15:20 Robin: non-normatively we say a notification bar is shown first to alert the user to the action. 16:15:25 Zakim, close the queue 16:15:25 ok, darobin, the speaker queue is closed 16:16:15 some discussion on filtering of contacts via filter param in API 16:17:41 usability considerations and comparison with current implementations of geoloc. 16:18:41 Dom: the API does influence the UI 16:18:42 q+ to ask about privacy without any ui requirement? 16:18:46 francois has joined #dap 16:18:56 q- 16:19:02 Robin: we're not UI experts and want to give the designers freedom to do a good job 16:19:32 Kai has joined #dap 16:19:39 freedom has joined #dap 16:19:47 Robin: we don't assume that privacy and security are done through the UI. There could be other approaches [ delegation models? ] 16:19:49 ack lgombos_ 16:21:01 concern that privacy will get lost in the gap between various optionalities 16:21:25 David: the app doesn't need to know the personal info, but we don't (now) have the technology to deal with this. 16:21:36 however Dom argues that privacy is a competitive advantage of implementations 16:21:40 Rich: data minimization ... 16:22:15 ack Suresh 16:22:57 Suresh: on your examples you state "sharing" but do so in a way that could be misleading. 16:23:50 some more details which I can deal with offline. 16:24:39 Robin: we will have a broader discussion tomorrow. 16:24:55 http://www.w3.org/2009/dap/wiki/TPAC10Agenda#10.29_Metaphors_for_write-back_and_deletion 16:24:59 ack Suresh 16:25:05 ack me 16:25:08 Provide a way for the user to provide an adhoc or dummy card for privacy reasons (to avoid being refused admittance by sites which require the API to return data). 16:25:11 jorlow has joined #dap 16:26:01 The leading section under the Contact interface still omits OMA CAB, which is inconsistent with our earlier discussion.... 16:26:10 [ DSR wonders about requirements for signed contacts ] 16:27:04 timless suggest requiring the ability to return dummy contacts 16:27:04 s/timless/timeless/ 16:27:24 dom pushes back that that's UI innovation best left to implementers 16:27:33 q? 16:28:01 David: the facebook issue, I will deny you access to this site UNLESS.... 16:28:20 Rich: we can't do much about that in technical specs 16:28:36 manyoung has left #dap 16:29:55 ACTION: David Rogers to outline social engineering threat, API entry hurdles to websites 16:29:55 Created ACTION-295 - Rogers to outline social engineering threat, API entry hurdles to websites [on David Rogers - due 2010-11-11]. 16:30:03 Robin provides a summary of the proposed next steps 16:30:29 manyoung has joined #dap 16:30:52 PROPOSED RESOLUTION: Document the infobar+trusted click dual model as an issue (with the idea that we might retain only one if it's better) and publish a heartbeat 16:31:04 Robin: the hope is that it's the last heartbeat before LC 16:31:06 s/heartbeat/WD/ 16:31:25 s/heartbeat/WD/ 16:31:44 RRSAgent, make minutes 16:31:44 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html timeless 16:32:40 Suresh: is having two models an issue? 16:32:51 Robin: yes, more work for implementors 16:33:10 But the two models use the same component (ie 16:33:19 (i.e. contact picker) 16:33:24 Dom: we could leave this to CR and see what is implemented. 16:33:35 (and call it feature as risk if needed) 16:33:41 ... because it's clearly implementation feedback 16:33:48 s/as/at/ 16:33:48 agreed. 16:33:57 s/it's clearly/it clearly requires/ 16:34:10 nwidell has joined #dap 16:34:24 PROPOSED RESOLUTION: Accept changes, document dual infobar+trusted events as feature at risk, and publish a heartbeat WD 16:34:42 RESOLUTION: Accept changes, document dual infobar+trusted events as feature at risk, and publish a heartbeat WD 16:34:44 Accepted as written 16:36:04 ... the room is hot and stuffy and it is 5:35pm, what can we usefully do now ... 16:36:58 Topic: Galery (stored media interactions) 16:38:16 Dom talks through use case with a lot of files in the gallery 16:38:34 +1 to the value of gallery as a metadata search engine for media files 16:39:23 We probably need more discussion on use cases before deciding on the technical details. 16:40:08 Suresh: having just the metadata might restrict the UI 16:40:36 [ thumbnails for audio, video and photos? ] 16:41:06 the UI on the left is already a gallery: http://dev.w3.org/2009/dap/camera/capture-api-file-picker-concept.png 16:41:16 Nokia contribution covered file picker use case. 16:41:21 Zakim, open the queue 16:41:21 ok, darobin, the speaker queue is open 16:41:39 Bryan: very high priority for us 16:41:54 the functionality is high priority, not the API, right? 16:41:55 ACTION: Dom to send use cases for gallery API 16:41:55 Created ACTION-296 - Send use cases for gallery API [on Dominique Hazaël-Massieux - due 2010-11-11]. 16:42:28 RRSAgent, draft minutes 16:42:28 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html darobin 16:42:49 so if the functionality is available elsewhere then we don't need a Gallery API (e.g. if we can use File API + File System API + a richer File Picker (with gallery capability) then we're good right?) 16:43:03 callie has joined #dap 16:43:06 Topic: TimezonedDate 16:43:18 http://dev.w3.org/2009/dap/calendar/TimezonedDate.html 16:43:48 Rich: I wrote it and haven't touched it since then, needs refinement 16:44:36 Rich wants to provide a new proposal. 16:44:39 q+ 16:45:15 floating time, fixed time, timezones changing all over the place. Better to apply timezone and format preferences to UTC values 16:46:05 [ do all devices really know daylight savings transitions in all countries? ] 16:46:43 dsr: no. 16:48:42 Dom cites example of flights where timezones change definition during trip 16:48:53 adam has joined #dap 16:49:44 Robin: example of call starting in boston timezone and ending when I need to collect my daughter from daycare in my local timezone 16:50:40 (I suggest TZDate instead of TimezonedDate FWIW) 16:51:34 Robin: I need a to UTC date method to simplify my code. 16:51:36 dom +1 16:52:27 yes, reduces camel casing errors 16:52:43 bblfish has joined #dap 16:53:30 Rich edits the TZDate object definition on the fly 16:53:38 richt: Constructor(Date, timezoneID) 16:53:56 Suresh: why not inherit from ECMAScript Date object? 16:54:18 Josh: when that object changes you get screwed 16:54:27 timeless, depends how you interpret the Date object if e.g. it has a -04:00 offset and a timezoneId of 'Asia/Ulaanbataar' what is the time !? 16:54:56 Constructor(year, month, day, hours, minutes, seconds, timezoneID) 16:55:01 ..works much better... 16:55:08 richt: serialize to number first and then add timezoneid 16:56:38 DSR suggests noting the importance of having accurate and current DST info 16:58:19 Platform developers need to be good, web developers don't want to get burned 16:59:06 ISSUE-81? 16:59:06 ISSUE-81 -- How to represent dates? ES has Date but with no TZ information; using strings is less than ideal; do we have to create a Web Dates specification? -- pending review 16:59:06 http://www.w3.org/2009/dap/track/issues/81 16:59:43 ISSUE-81: http://dev.w3.org/2009/dap/calendar/TimezonedDate.html proposal that will need to be reworked to avoid extending a host object 16:59:44 ISSUE-81 How to represent dates? ES has Date but with no TZ information; using strings is less than ideal; do we have to create a Web Dates specification? notes added 17:00:02 when that object changes you get screwed 17:00:07 ISSUE-81: since extending a host object is a bad idea in case the original object evolves (and would aslo implies stringification nightmares) 17:00:07 ISSUE-81 How to represent dates? ES has Date but with no TZ information; using strings is less than ideal; do we have to create a Web Dates specification? notes added 17:00:33 "that object", being the API of that Host/Host language object 17:02:32 wonsuk has left #dap 17:03:02 Suresh and Rich discuss Date object and timezone, could timezone be added as attribute to the Date object? 17:03:20 Rich: Date serializes to local time leading to problems. 17:03:25 https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/Date/toJSON Date().toJSON is a "new" property, I believe from ECMAScript5 17:05:10 SGondo has joined #dap 17:05:29 ACTION: Robin to draft up TZDate 17:05:29 Created ACTION-297 - Draft up TZDate [on Robin Berjon - due 2010-11-11]. 17:05:44 Robin asks for volunteers to take over TZDate spec, but ends up doing so himself 17:06:37 rrsagent, generate minutes 17:06:37 I have made the request to generate http://www.w3.org/2010/11/04-dap-minutes.html fjh 17:06:55 kkim has left #dap 17:08:47 manyoung has left #dap 17:08:57 SGondo has joined #dap 17:13:49 adam has left #dap 17:37:45 AnssiK has joined #dap 17:40:21 drogersuk has joined #dap 17:55:07 fjh has joined #dap 17:58:07 homata has joined #dap 18:01:17 kensaku has joined #dap 18:48:01 AnssiK has joined #dap 19:32:17 timeless_mbp has joined #dap 20:43:14 richt has joined #dap 21:02:35 bblfish has joined #dap 21:50:44 AnssiK has joined #dap 22:29:26 bblfish has joined #dap 22:37:55 bblfish1 has joined #dap 22:55:31 DI_(TPAC)3:00AM has ended 22:55:33 Attendees were 22:58:48 Kai has joined #dap 22:59:06 Kai has left #dap 23:12:44 fjh has joined #dap 23:59:49 hidetaka has joined #dap