W3C

Device APIs and Policy Working Group Charter

The mission of the Device APIs and Policy Working Group is to create client-side APIs that enable the development of Web Applications and Web Widgets that interact with devices services such as Calendar, Contacts, Camera, etc. Additionally, the group will produce a framework for the expression of security policies that govern access to security-critical APIs (such as the APIs listed previously).

End date 31 July 2011
Confidentiality Proceedings are Public
Chairs Robin Berjon, Frederick Hirsch
Team Contact
(FTE %: 30)
Dominique Hazaël-Massieux, Thomas Roessler
Usual Meeting Schedule Teleconferences: 1 per week
Face-to-face: 3-4 per year (only as needed)

Goals

In December 2008, the W3C held a workshop on Security for Access to Device APIs from the Web. The goal of this workshop was to gather information and experiences in the device API space, to start building community consensus about possible standardization work within W3C, and to gather requirements to guide such work.

Workshop participants discussed the need for standardization of technologies that would be required to provide access to security sensitive APIs from a web developer's perspective, the form these technologies should take, and the viability and practicalities of standardizing this work within W3C. At the end of this workshop, the participants discussed several potential topics for new standardization work (see the Workshop Report for more details).

The following high priority topics identified in this workshop are addressed in this charter:

Scope

The scope of this Working Group is this creation of API specifications for a device's services that can be exposed to Widgets and Web Applications. Devices in this context include desktop computers, laptop computers, mobile internet devices (MIDs), cellular phones, etc.

The scope also includes defining a framework for the expression of security policies that govern access of Web Applications and Widgets to security-critical APIs. To achieve this goal, the group will need to deal with the following items: policy expression proper, identification of APIs and identification of Web Applications and Widgets. Among the principles that guide the policy framework are:

Where practical, the API specifications should use the Web IDL formalism.

Priority will be given to developing simple and consensual APIs, leaving more complex features to future versions.

This Working Group's deliverables must address issues of accessibility, internationalization, mobility, and security.

Additionally, comprehensive test suites will be developed for each specification to ensure interoperability, and the group will create interoperability reports. The group will also maintain errata as required for the continued relevance and usefulness of the specifications it produces.

Success Criteria

To advance to Proposed Recommendation, each specification is expected to have two independent implementations of each feature defined in the specification.

Out of Scope

The management of security policies (e.g. by remote entities) is out of scope of this group.

Deliverables

Recommendation-Track Deliverables

The working group will deliver at least the following specifications:

The Working Group may also enter into joint Task Forces with other groups (in particular with the Web Applications Working Group), to collaborate on specifications that cross group boundaries.

Other Deliverables

A comprehensive test suite for all features of a specification is necessary to ensure the specification's robustness, consistency, and implementability, and to promote interoperability between User Agents. Therefore, each specification must have a companion test suite, which should be completed by the end of the Last Call phase, and must be completed, with an implementation report, before transition from Candidate Recommendation to Proposed Recommendation. Additional tests may be added to the test suite at any stage of the Recommendation track, and the maintenance of a implementation report is encouraged.

The Working Group will also document in a Working Group Note the useful design patterns shared by the APIs it is developing.

Other non-normative documents may be created such as:

  • Primers
  • Requirements and use case document for specifications - these documents should also address non-mobile scenarios.
  • Non-normative group notes

Given sufficient resources, this Working Group should review other working groups' deliverables that are identified as being relevant to the Working Group's mission.

Milestones

Note: The actual production of some of the deliverables may follow a different timeline. The group will document any schedule changes on the group home page.

2009Q3
The Working Group reviews and compares existing starting points for the various deliverables, and establishes a detailed roadmap.
2009Q4-2010Q1
Deliverables with assigned editors progress along Recommendation track.
2010Q2-2010Q3
All deliverables are on Recommendation track.
2011Q2
All deliverables have reached Proposed Recommendation.

Dependencies

W3C Groups

This Working Group's specifications will depend upon some specifications being developed by other Working Groups for example the Web Applications Working Group's Web IDL specification.

This Working Group is not aware of any dependencies other Working Groups' specifications have on this Working Group's specifications.

Liaisons

This Working Group expects to maintain contacts with at least the following groups and Activities within W3C (in alphabetical order):

Geolocation Working Group
The Geolocation Working Group is chartered to develop the Geolocation API Specification. During Workshop discussions, this specification was frequently cited as a prototypical example for the kinds of security and privacy considerations that are expected in future device APIs.
HTML Working Group
The HTML Working Group's deliverables cover the security model implemented in Web Browsers; this security model imposes limitations on what an extended model for Web Applications and widgets can achieve.
Mobile Web Initiative
To help identify use cases and requirements for Web Applications on mobile devices and to help ensure that this Working Group's deliverables address those use cases and requirements
Policy Languages Interest Group (PLING)
PLING is chartered as a forum for community building around policy languages, and might be able to provide useful expertise. This Interest Group might be a useful forum for further discussion of policy management strategies.
Web Accessibility Initiative Protocols and Formats Working Group
To ensure this Working Group's deliverables support accessibility requirements, particularly with regard to interoperability with assistive technologies, and inclusion in deliverables of guidance for implementing the group's deliverables in ways that support accessibility requirements.
Web Applications Working Group
This group defines relevant specifications including Web IDL, and File Upload.
Ubiquitous Web Applications Working Group
This group defines relevant specifications, including the Delivery Context Client Interfaces (DCCI).

Furthermore, this Working Group expects to follow the following W3C Recommendations, Guidelines and Notes and, if necessary, to liaise with the communities behind the following documents:

External Groups

The following is a tentative list of external bodies the Working Group should collaborate with:

ECMA Technical Committee 39 (TC39)
This is the group responsible for ECMAScript standardization, and related ECMAScript features like E4X. As this Working Group will be developing ECMAScript APIs, it should collaborate with TC39.
JCP
The Java Community Process has developed comparable APIs for the Java runtime.
IETF
The IETF has created specifications that are related to some of the APIs in this WG's scope.
OASIS
OASIS' Extensible Access Control Markup Language (XACML) is a likely starting point for work on policy description. If the language is used, relevant requirements and experiences should be fed back to the XACML technical committee.
OMTP
OMTP's BONDI initiative aims to define key interfaces that enable the mobile web platform to access sensitive functions on the mobile, within a security framework that protects the user from malicious actions. OMTP can provide input to requirements and technologies for this Working Group, as well as review and endorse deliverables.
OpenAjax Alliance
The OpenAjax Alliance has done initial work to identify guidelines for the design of mobile device APIs.

Participation

To be successful, this Working Group is expected to have 10 or more active participants for its duration, and to have the participation of the industry leaders in fields relevant to the specifications it produces.

The Chair(s) and specification Editors are expected to contribute one to two days per week towards the Working Group. There is no minimum requirement for other participants. However, it should be noted that as defined by the Process Document, group participants need to attend most meetings, be familiar with documents and minutes of past meeting, and follow the relevant mailing lists to be considered in good standing; this is likely to require at least half a day a week.

This Working Group will also allocate the necessary resources for building Test Suites for each specification.

This Working Group welcomes participation from non-Members. The group encourages questions and comments on its public mailing list, public-device-apis@w3.org, which is publicly archived and for which there is no formal requirement for participation. The group also welcomes non-Members to contribute technical submissions for consideration, with the agreement from each participant to Royalty-Free licensing of those submissions under the W3C Patent Policy.

Communication

The Working Group's Teleconferences will focus on discussion of particular specifications, and will be conducted on an as-needed basis. At least one teleconference per week is expected.

Most of the technical work of the group will be done through discussions on the public-device-apis@w3.org, the group's public mailing list. Editors' drafts and their editing history will be available from a public W3C web site. The group's action and issue tracking data will also be public, as will the Member-approved minutes from all teleconferences and meetings.

The group will use a Member-confidential mailing list for administrative purposes and, at the discretion of the Chairs and members of the group, for member-only discussions in special cases when a particular member requests such a discussion.

Information about the group (for example, details about deliverables, issues, actions, status, participants) will be available from the Device APIs and Policy Working Group home page.

Decision Policy

As explained in the Process Document (section 3.3), this group will seek to make decisions when there is consensus. When the Chair puts a question and observes dissent, after due consideration of different opinions, the Chair should record a decision (possibly after a formal vote) and any objections, and move on.

This charter is written in accordance with Section 3.4, Votes of the W3C Process Document and includes no voting procedures beyond what the Process Document requires.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be implemented, according to this policy, on a Royalty-Free basis.

For more information about disclosure obligations for this group, please see the W3C Patent Policy Implementation.

About this Charter

This charter for this Working Group has been created according to section 6.2 of the Process Document. In the event of a conflict between this document or the provisions of any charter and the W3C Process, the W3C Process shall take precedence.


Dominique Hazael-Massieux, <dom@w3.org>, Thomas Roessler, <tlr@w3.org>, Team Contacts, based on a draft by Art Barstow, Nokia