RE: ACTION-52 Look at markup options for expressing implicit user consent from SULLIVAN, BRYAN L (ATTCINW) on 2009-11-18 (public-device-apis@w3.org from November 2009)

From: SULLIVAN, BRYAN L (ATTCINW) <BS3131@att.com>
Date: Wed, 18 Nov 2009 07:32:41 -0800
To: "Frederick Hirsch" <frederick.hirsch@nokia.com>, "ext Max Froumentin" <maxfro@opera.com>
Cc: <public-device-apis@w3.org>
Message-ID: <8080D5B5C113E940BA8A461A91BFFFCD0FC53B82@BD01MSXMB015.US.Cingular.Net>

An "access control policy" approach is the easier way to define semantics (something is either allowed, or not, under a limited set of conditions).

In the absence of an access control policy the API's themselves will need to define the semantics as you say "in conjunction with the API definition in DAP". The tricky thing will be to keep this consistent with HTML5 where there is a clear overlap, and to take cues on design from HTML5 where there isn't. 

But if we have a completely new area of functionality under discussion (no clear relation to HTML5 or its API's) we should avoid over-specifying the semantics. 

Best regards,
Bryan Sullivan | AT&T
-----Original Message-----
From: public-device-apis-request@w3.org [mailto:public-device-apis-request@w3.org] On Behalf Of Frederick Hirsch
Sent: Wednesday, November 18, 2009 6:47 AM
To: ext Max Froumentin
Cc: Frederick Hirsch; public-device-apis@w3.org
Subject: Re: ACTION-52 Look at markup options for expressing implicit user consent

Thanks Max.

Are the semantics of the input element with all of these types  
currently defined? If not, where would this be defined, in HTML5  
standardization or elsewhere?

For example, where would the semantics of the HTML <input  
type="camera"> be defined? Is this to be defined in conjunction with  
the API definition in DAP?

Regarding the technical approach, how much varying detail will we need  
in the API definitions regarding write assumptions, granularity of  
access control?

For example,  I assume for files the assumption is to depend on the  
file system access control mechanisms (though I don't quite understand  
how that works for a user without a local account, though it could be  
Unix "other").

What about other write accesses, e.g. gallery? In this case access  
might be limited to certain directories on the SIM, or local file  
system, for example, or a USB card, or external hard drive etc

In summary, we might need to be careful defining the semantics of the  
input type for write in the various cases and I'm looking to  
understand how this would work, especially from those who understand  
how this can be done without access control policy.

regards, Frederick

Frederick Hirsch
Nokia

On Nov 17, 2009, at 7:17 AM, ext Max Froumentin wrote:

> ACTION-52 Look at markup options for expressing implicit user consent
> (like <input type="file" />)
>
> Summary: for each API in the charter I wrote down initial thoughts on
> how to implement a "consent by initiative" privacy strategy, similar  
> to
> HTML's file upload.
>
> Using the <input> element to let the user allow the browser to access
> local data provides a good way to implement a "consent-by-initiative"
> policy, which works better than "consent-by-dialog" methods which the
> user tends to dismiss without reafding. If the user explicitely asks  
> the
> page to access the device's private data, a dialog is not needed.
>
> The existing example of thaf is File upload in HTML Forms: <input
> type="file">. The web application cannot access the device's file  
> unless
> the user has clicked on the "upload" button. Generalising that method
> might work for other types of local access. This email explores
> that idea for this group's device APIs.
>
> - File: <input type="file"> for upload, as in current HTML but adding
> <http://www.w3.org/TR/file-upload/>. To allow file modification, the
> dialog would have a checkbox labeled "Allow modification", and the
> browser would enfore writableness of the uploaded file
>
> - calendar: Similar with <input type="calendar"> and an API for  
> Calendar
> manipulation. Ditto for contacts, tasks, gallery
>
> - Gallery: ditto.
>
> - camera: <input type="image"> would, on clicking, prompt the
> viewfinder. See <http://www.w3.org/mid/4AFD83E0.20609@opera.com>
>
> - messaging: the webapp would compose a message and whatever send()
> method would trigger the device's native UI to show a preview of the
> message which could not be sent without the user pressing a button
>
> - system info: <input type="sysinfo">? Hard to make it practical.
> Probably better to rely on a general policy
>
> - Application Launcher: if the launcher is based on mime types, then  
> the
> existing mechanism: dialog, like "What should Firefox do with that  
> file?
> Open With / Save. [+remember]"
>
> - Application configuration. Probably too low level to have user
> initiate operation
>
> - User Interaction: no user control needed: browser (window resize,
> alerts) or device (vibrate) should let user decide if functionality is
> enabled.
>
> Max.
>

Received on Wednesday, 18 November 2009 15:33:23 UTC