The DAP Perspective
An Action-Packed Adventure
W3C Privacy Workshop, London
DAP — Device APIs and Policy
or Death to All Privacy?
the largest and most thorough assault on users' privacy ever undertaken by a single working group.
The Hit List
Chartered Deliverables
Giving arbitrary web pages (and widgets) access to a user's:
- personal information
- personal space
- personal communication
- personal system
Saving the Day
The Good Guys
- Privacy and security by design
- Policy framework for access to security-critical APIs
- Privacy framework and considerations for all APIs
Dark Days
Are You Paranoid Enough?
- Fingerprinting/footprinting
- Code embedding
- Connected runtime
Principles
How We Roll
- No Bolt On: Privacy is like security, by design
- Asynchronous security and privacy entry points
- Data minimisation
- Integration with common UI paradigms
Various Approaches Beyond Design
Mad Scientists?
- Policy access control language
- Privacy ruleset integration
- User-mediated resource provider acquisition (Powerbox)
Join Us
And We Shall Rule The Galaxy
- Refine and review use cases
- Find the simplest, webbiest approach to privacy
- We can use your help!
Thanks!
We'll Be Here All Week
- Home page: http://www.w3.org/2009/dap/
- Specs in progress: http://dev.w3.org/2009/dap/