RE: FW: ACTION-660: Input to BP2, on Security and Privacy

Sean,
I would not suggest we write anything so fluffy as a "position paper on
modern mobile thinking" either. I recommend concrete testable
recommendations that address key issues. Security/privacy of personally
identifiable information when exchanged by web applications is one
objective that can be described through concrete implementable
techniques baed upon well-established and widely deployed web
technology. Efficient use of network resources, and user
awareness/control are others. I will be sending out additional emails to
start threads on the other recommendation areas (I could only send out
so many yesterday...).

These concepts are not fluff, but important issues that will make a big
difference in the user experience under common mobile service contexts.

I understand that you disagree with the notion that anything other than
a traditional web browser and web content types should be in scope. Does
this mean that you think W3C should be unconcerned about whether
widget-based web applications using XHTML+CSS, can effectively deal with
presentation/interaction constraints of mobile devices, or whether any
of the other fundamental issues of the mobile context are irrelevant to
them? The problem with BP1 was that it attempted to snapshot a view in
time of a browser-based default context that has been quickly superseded
by reality. The things in BP1 that are still relevant (and there are
quite a few), are those that address concerns not limited to the DDC. We
should learn from that in BP2, and not arbitrarily restrict our focus,
locking the T-Model Ford in the barn, but letting all the Porsche 911's
out. 

I'm not here to edit a document on "interesting topics". I'm here to
help create focused/important/concrete recommendations that will benefit
the mobile web market.

I was at the Nov F2F and it was clear to me that the scope of BP2, while
focused on the web browser context as the core example of a web
application environment, should consider those recommendations re their
broader utility for web applications in general on mobile devices.

Best regards,
Bryan Sullivan | AT&T

-----Original Message-----
From: Sean Owen [mailto:srowen@google.com] 
Sent: Friday, February 15, 2008 2:44 AM
To: Sullivan, Bryan
Cc: BPWG-Public
Subject: Re: FW: ACTION-660: Input to BP2, on Security and Privacy

I think I disagree quite a bit then, and if I'm the only one, that's OK.
I feel strongly that we are not here to write a position paper on modern
mobile thinking. We're here as part of the *Mobile* *Web* Initiative,
*Best Practices* working group. MIDlets -- unless they're a browser --
are plainly not in scope, in my view. Widgets of the future are not in
scope, unless they happen to be acting like a user agent for web
content. The Web is in bounds, meaning XHTML, CSS, Javascript, RSS, and
company. Actual practice is in scope; generalities are not. Things in
more than trivial use today are in bounds, things like DCCI don't seem
to be at this point.

We agree that we're not here to state the obvious, that security is
important in mobile, or that one should be generally thinking about user
privacy, and leave it up to the reader as an exercise to figure out what
it means in particular technologies. It is useful to write about how,
specifically, these issues intersect Web access from mobile devices
today, and how specifically people are using Web technologies correctly
to address them. Whatever does not pass that test, should not be in BP2.

I sure don't think it's bad if you want to write a document on all these
interesting topics; I don't want to write it, not within the BPWG. I
just do not think this is what BP2 is supposed to be, or within the
charter. I can only refer you to BP1 to illustrate the intent as I
understand it, and that does not seem to be where you're heading.

I'm happy to defer if there are more voices supporting this seemingly
large change of direction. Or, I could be well convinced if someone
could start writing some BPs in the spirit of BP1 to illustrate what
BP2 will be.

On Fri, Feb 15, 2008 at 3:07 AM, Sullivan, Bryan <BS3131@att.com> wrote:
>  Everything I have proposed is current technology; again, because one

> type of user agent implementation environment doesn't support a 
> current  feature of another environment, is no reason to avoid 
> discussing the  implications of the more advanced environment. But 
> overall the  objectives are not to focus on the specifics of APIs, 
> environments, or  even user-agent types. The objective is to define 
> proper behavior of any  web-technology based user agent in general, 
> but focused at core on the  browsing service "model" which of course 
> is not limited to "web  browsers". I can browse RSS feeds (or maps) 
> just as usefully as web  pages, using the same basic web technologies.

> We need to address the  issues in commmon to those various types of
web applications.

Received on Friday, 15 February 2008 18:28:14 UTC