The DAP Perspective
An Action-Packed Adventure
W3C Privacy Workshop, London
DAP — Device APIs and Policy
or Death to All Privacy?
the largest and most thorough assault on users' privacy ever undertaken by a single working group.
The Hit List
Giving arbitrary web pages (and widgets) access to a user's:
- personal information
- personal space
- personal communication
- personal system
Saving the Day
The Good Guys
- Privacy and security by design
- Policy framework for access to security-critical APIs
- Privacy framework and considerations for all APIs
Are You Paranoid Enough?
- Code embedding
- Connected runtime
How We Roll
- No Bolt On: Privacy is like security, by design
- Asynchronous security and privacy entry points
- Data minimisation
- Integration with common UI paradigms
Various Approaches Beyond Design
- Policy access control language
- Privacy ruleset integration
- User-mediated resource provider acquisition (Powerbox)
And We Shall Rule The Galaxy
- Refine and review use cases
- Find the simplest, webbiest approach to privacy
- We can use your help!