13:22:38 RRSAgent has joined #dap 13:22:38 logging to http://www.w3.org/2009/10/07-dap-irc 13:22:40 RRSAgent, make logs world 13:22:40 Zakim has joined #dap 13:22:42 Zakim, this will be DAP 13:22:42 ok, trackbot; I see UW_DAP()10:00AM scheduled to start in 38 minutes 13:22:43 Meeting: Device APIs and Policy Working Group Teleconference 13:22:43 Date: 07 October 2009 13:23:20 Chair: Robin Berjon, Frederick Hirsch 13:24:01 Agenda: http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0066.html 13:24:56 fhirsch has changed the topic to: DAP Teleconference code 3279 Agenda http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0066.html ; please enter attendance with Present+ first_last , also please tell zakim who you are with zakim, aaa is handle ; for the phone bridge 13:25:21 Regrets: Dominique Hazaƫl-Massieux 13:27:42 Regrets+ Marco_Marengo 13:31:37 Regrets+ maxf 13:36:08 niklasw has joined #dap 13:50:03 AnssiK has joined #dap 13:54:14 AnssiK, will you be joining the call today? 13:54:14 Kangchan has joined #dap 13:55:25 UW_DAP()10:00AM has now started 13:55:32 +Kangchan 13:55:33 -Kangchan 13:55:34 UW_DAP()10:00AM has ended 13:55:34 Attendees were Kangchan 13:55:34 Present+ 13:56:01 Kangchan: it's too early, the call starts in 5 minutes 13:56:15 wonsuk has joined #dap 13:56:15 UW_DAP()10:00AM has now started 13:56:19 +ilkka 13:56:21 Robin: Thanks.. 13:56:22 +fjh 13:56:35 and the correct syntax is "Present+ KangchanLee" :) 13:56:41 Present+ Ilkka_Oksanen 13:57:08 Present+ Kangchan 13:57:26 +darobin 13:57:34 Present+ Robin 13:57:39 paddy has joined #dap 13:57:46 dtran has joined #dap 13:58:07 +Kangchan 13:58:11 Present+ Dzung_Tran 13:58:18 +wonsuk 13:58:23 Present+ Paddy_Byers 13:58:26 Present+ wonsuk 13:58:33 +AnssiK 13:59:04 Victims list is: wonsuk, AnssiK, Mohammed, Daniel, Rob Ennals 13:59:17 +DzungTran 13:59:28 Present+ AnssiK 14:00:06 marcin has joined #dap 14:00:24 Present+ Niklas_Widell 14:00:41 Zakim, who's making noise? 14:00:51 darobin, listening for 10 seconds I heard sound from the following: fjh (29%), darobin (39%), AnssiK (28%) 14:01:21 Present+ Marcin_Hanclik 14:01:26 +JereK 14:01:29 Scribe: Anssi Kostiainen 14:01:35 ScribeNick: AnssiK 14:01:38 cuihtlauac has joined #dap 14:01:38 +marcin2 14:01:46 +dtran 14:01:52 Laura_Arribas has joined #dap 14:01:54 JereK has joined #dap 14:01:59 + +04610715aaaa 14:02:02 Present+ Dzung_Tran 14:02:04 +dtran 14:02:04 Present+ Jere_Kapyaho 14:02:08 +richt 14:02:13 Present+ Laura_Arribas 14:02:53 TOPIC: Welcome 14:03:10 richt has joined #dap 14:03:11 + +29605aabb 14:03:18 drogersuk has joined #dap 14:03:19 Present+ Richard_Tibbett 14:03:21 fh: everyone, please say "Present+ YourNick" 14:03:24 +LauraArribas 14:03:38 +??P32 14:03:39 zakim, +04610715aaaa is niklasw 14:03:39 +niklasw; got it 14:03:49 TPAC registration and hotel reminder, registration until 23 October 14:03:50 ... TPAC extended the lower registration fee period 14:04:10 Claes has joined #dap 14:04:17 ... there's also a dial-up questionnaire, please fill it in if you plan to call in to TPAC 14:04:47 Mobile Web Application Best Practices 14:04:57 http://www.w3.org/TR/2009/WD-mwabp-20091006/ 14:05:08 ask for reviewed 14:05:17 ACTION: Robin to review MWABP 14:05:18 Created ACTION-26 - Review MWABP [on Robin Berjon - due 2009-10-14]. 14:05:19 ... the questionnaire is actually closed, so send an email to the members list instead 14:05:34 + +46.1.08.01.aacc - is perhaps Claes 14:05:49 TOPIC: Minutes approval 14:06:02 http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0045.html 14:06:25 fh: asking about minutes approval 14:06:33 Present+ Claes_Nilsson 14:06:34 cuihtlauac has joined #dap 14:07:12 I am here, 'this passcode is not valid: 3279#' :-( 14:07:30 zakim, Claes is handle 14:07:30 +handle; got it 14:08:20 http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0045.html 14:08:30 RESOLUTION: Minutes from 30 Sept approved 14:08:40 darobin has changed the topic to: DAP Teleconference code 3279 Agenda http://lists.w3.org/Archives/Public/public-device-apis/2009Oct/0066.html ; please enter attendance with Present+ first_last , also please tell zakim who you are with zakim, aaa is $irc_nicname ; for the phone bridge 14:09:00 +??P1 14:09:16 TOPIC: Policy Segment - API Identification 14:09:22 I can hear you all now, thank you W3C office for letting me in! 14:09:46 issue-26? 14:09:46 ISSUE-26 -- How to refer to API -- RAISED 14:09:46 http://www.w3.org/2009/dap/track/issues/26 14:10:29 zakim, aaa is Claes 14:10:29 sorry, Claes, I do not recognize a party named 'aaa' 14:10:38 q+ 14:10:52 zakim, call thomas-781 14:10:52 ok, tlr; the call is being made 14:10:54 +Thomas 14:10:55 hendry has joined #dap 14:10:59 fh: features, attributes, modules discussed in the context of Policy 14:11:05 zakim, I am thomas 14:11:05 ok, tlr, I now associate you with Thomas 14:11:07 zakim, mute me 14:11:07 Thomas should now be muted 14:11:41 question of granularity of access control for APIs 14:12:00 marcin: not sure if agrees on the granularity level 14:12:03 do we agree on granularity at method level, or group of methods called a feature 14:12:12 q+ 14:12:17 how to deal with modules as a whole 14:12:23 margin: ... in BONDI we added attributes and constants under feature 14:12:30 what is approach to attributes 14:12:31 q+ to note that there are different security considerations for adding a contact or reading one 14:12:32 q? 14:12:32 s/margin/marcin/ 14:12:37 ack marcin 14:13:12 ack Thomas 14:13:14 Thomas, you wanted to note that there are different security considerations for adding a contact or reading one 14:13:39 note that we may want to raise issue for security related to events/callbacks 14:13:59 brianleroux has joined #dap 14:14:04 Thomas: question about an API that can access data storage 14:14:36 the point is less about storage, but more about the distinct security considerations... This is an example. 14:14:41 ack thom 14:14:42 q+ 14:14:53 marcin: you can do everything on storage 14:15:04 +Brian_LeRoux 14:15:22 Thomas: for reading and writing or reading, depending on the UC I might have different security considerations 14:15:29 thx 14:15:37 ah, thx 14:15:44 Present+ Brian_LeRoux 14:15:47 marcin: current filesystem API from BONDI has filesystem.read and filesystem.write 14:16:13 ... all methods and attributes are covered needed to read from the file 14:16:28 + +1.604.685.aadd 14:16:41 ... CRUD mentioned 14:16:51 ... as in Create, Read, Update, Delete 14:17:07 anssi suggests that features need to be defined according to CRUD, one feature for each... 14:17:17 ... we'll need a CRUD design pattern for all the APIs 14:17:21 s/anssi/marcin 14:18:30 niklasw has joined #dap 14:19:17 ... example: open, read and close methods 14:19:42 ... reading UC: we should also cover the constants 14:20:06 ... opening a file uses reading and writing? 14:20:30 ... someone who has access to the file reading UC could open a file in a write mode and open would be succesful in write mode 14:20:54 ... what happens if someone open the file in truncate mode 14:21:35 s/open/opens/ 14:21:39 q? 14:21:43 ack fhirsch 14:21:57 fh: the issue with callbacks and events 14:22:44 marcin: I don't know how it's expessed with a URI 14:23:46 Marcin notes may not protect existing events, but restrict new events and handlers introduced in DAP 14:23:56 ... events such as keypress discussed 14:24:00 q+ 14:24:09 ack jerek 14:24:43 JereK: if you are given access to a function, callbacks should be also allowed 14:25:02 marcin: callbacks that are parameters to event listeners will be handled 14:25:18 feature may include method plus input arg to be meaningful, eg file open with read or write input argument would correspond to different features 14:25:38 declarative definition of handlers in mark-up 14:25:40 input events 14:25:50 ... handlers such as onkeypress 14:26:00 input events - see email from David Rogers... 14:26:24 ... handlers the concern, not the callbacks 14:26:29 DanielColoma has joined #dap 14:26:39 fh: there's many ways code can be executed 14:27:04 About features, possible principle: "protect information, not APIs that are behind it" 14:28:09 fh: URIs seem to be a good approach, there seems to be a general agreement 14:28:14 About events: http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/0069.html 14:28:16 ... hierarchical use of features 14:28:26 ... one API can invoke another API 14:29:00 issue-27? 14:29:00 ISSUE-27 -- [Policy] Is revocation in scope -- RAISED 14:29:00 http://www.w3.org/2009/dap/track/issues/27 14:29:38 + +03491337aaee 14:29:50 fh: do we want to discuss revocation? 14:30:09 ... there are many mechanisms 14:30:30 q+ 14:30:36 ... wants to raise the issue explicitly 14:30:40 ack drogersuk 14:31:10 charter, section 2.2: "The management of security policies ... is out of scope" 14:31:11 management is out of charter scope, so I believe we should consider revocation out of scope 14:31:27 drogersuk: kill switches discussed 14:31:38 but I suggest we can consider authentication in scope 14:33:03 ... we should leave the policy discussion to the end? 14:33:24 ... do we have an e2e view re policy? 14:33:53 I agree that the detail can be deferred, but we need to acknowledge it somewhere 14:33:58 +1 to deferring 14:34:00 in a policy overview doc or something 14:34:59 so policy needs to come from somewhere and then go somewhere (good or bad) - e.g. removal / revocation / kill-switches / management 14:35:00 fh: do the others have comments re deferring to v.next? 14:35:05 +1 to defer 14:35:22 +1 to more time 14:35:52 +1 to defer 14:35:53 I agree with Paddy 14:36:08 we need to scope 14:36:31 paddy: what's the scope for work were deferring? 14:36:52 proposed resolution- defer specifying revocation mechanisms or expressing them until v.next 14:37:06 s/were/we're/ 14:37:54 drogersuk: BONDI specifics discussed 14:38:24 anssik: paddy 14:38:46 s/drogersuk:/paddy:/ 14:39:41 fjh - agreement: 1. defer, 2. keep some hooks 14:39:47 fh: paddy to provide a proposal for resolution 14:40:13 fh: I raised another issue on the list based on position papers 14:40:47 ... feedback given we should not be so strict 14:41:35 Zakim, +03491337aaee is DanielColoma 14:41:35 +DanielColoma; got it 14:41:40 q+ 14:41:44 ack marcin 14:41:48 ... Geolocation API is a bit different 14:42:12 TOPIC: policy - use of model dialogs 14:42:15 marcin: Geolocation spec not limited to dialogs 14:42:18 issue-28? 14:42:18 ISSUE-28 -- [Policy] Requirement for NO security prompting -- RAISED 14:42:18 http://www.w3.org/2009/dap/track/issues/28 14:42:57 q+ to speak to a scope point here 14:43:29 ack thomas 14:43:29 Thomas, you wanted to speak to a scope point here 14:43:58 Thomas: having too many conversation on security UIs 14:44:13 ... non-modal UIs discussed 14:44:31 ... we should not specify APIs which require modal dialogs 14:44:50 ... modal dialogs are blocking 14:45:05 q+ 14:45:15 +1 to non-blocking / asynchronous methods 14:45:21 ... UA differences to be taken into consideration 14:45:24 ack fhirsch 14:45:28 zakim, mute me 14:45:28 Thomas should now be muted 14:45:53 fh: easy out for security policy to use modal dialogs 14:46:10 ack th 14:46:39 zakim, mute me 14:46:39 Thomas should now be muted 14:46:51 +1 14:47:45 TOPIC: Policy action review 14:47:55 action-15? 14:47:55 ACTION-15 -- Marcin Hanclik to review/compare device capabilities and features -- due 2009-09-30 -- OPEN 14:47:55 http://www.w3.org/2009/dap/track/actions/15 14:48:15 action-15 closed 14:48:15 ACTION-15 Review/compare device capabilities and features closed 14:48:20 marcin: sent an email re the action above 14:48:41 action-23? 14:48:41 ACTION-23 -- Paddy Byers to open an issue and start a discussion on features/device capabilities -- due 2009-10-07 -- OPEN 14:48:41 http://www.w3.org/2009/dap/track/actions/23 14:48:43 fh: capabilities and features under discussion 14:48:58 paddy: will send an email to the list 14:49:23 fh: any topics on policy I have missed? 14:49:38 ... otherwise let's move on to APIs 14:49:41 Scope excludes UA requirements relating to support for revocation, including support for specific certificate profiles, OSCP profiles, or any requirement to support certificate status/CRL checking. 14:49:49 Scope includes ensuring there is provision within any formats or policy or trust model that may be necessary, under reasonably foreseeable use cases, to allow such requirements to be specified independently. 14:51:52 RESOLUTION: Scope excludes UA requirements relating to support for revocation, including support for specific certificate profiles, OSCP profiles, or any requirement to support certificate status/CRL checking. 14:52:13 RESOLUTION: Scope includes ensuring there is provision within any formats or policy or trust model that may be necessary, under reasonably foreseeable use cases, to allow such requirements to be specified independently. 14:52:22 TOPIC: API Segment 14:52:30 http://dev.w3.org/2009/dap/api-reqs/Overview.html 14:53:02 darobin: please review the requirements so that we can publish it as a Note 14:53:12 q+ 14:53:20 ack JereK 14:53:23 q+ 14:53:24 ... Working Draft actually before a Note 14:53:40 JereK: system information sensor access lumps sensors under sysinfo 14:53:47 ... should those be split 14:53:53 ... aka Sensor API 14:54:06 darobin: what should be in the first version of the requirements document 14:54:16 ... the 1st version we put out do not have to be perfect 14:54:47 ... ok to push the document out with the sensor issue? 14:55:11 +1 for dedicated extensible sensor API 14:56:00 JereK: NFC mentioned 14:56:02 NFC is a write and read transducer 14:56:11 sensor and 'actuator' 14:56:18 q? 14:56:36 ack fhirsch 14:57:26 ack thom 14:58:08 Thomas: WD should be published ASAP 14:58:21 +1 for extensible sensor API 14:58:28 +1 to publish 14:58:29 darobin: any concerns re fast publication? 14:58:41 +1 for sensors 14:58:52 fh: it would be valuable to get feedback, and publishing a WD is a good way to accomplish that 14:59:10 q? 14:59:34 RESOLUTION: publish a Working Draft of the Requirements document before TPAC 15:00:18 q+ 15:00:20 darobin: proposing a doing quick actions review, if no specific issues 15:00:28 -Thomas 15:00:31 q- 15:00:50 hey, sorry my call dropped 15:00:52 - +1.604.685.aadd 15:00:54 yes to file and camera 15:00:55 action-19? 15:00:55 ACTION-19 -- Brian LeRoux to leroux to review contact, camera, file-system -- due 2009-09-30 -- OPEN 15:00:55 http://www.w3.org/2009/dap/track/actions/19 15:01:06 ACTION-21? 15:01:06 ACTION-21 -- Bryan Sullivan to send comments about Arve's requirements for ISSUE-6 -- due 2009-09-30 -- OPEN 15:01:06 http://www.w3.org/2009/dap/track/actions/21 15:01:22 q+ 15:01:39 darobin: AOB 15:01:46 q- 15:02:23 ... straw-poll on device object 15:02:34 + +1.604.685.aaff 15:02:44 - +1.604.685.aaff 15:02:52 q+ 15:03:46 drogersuk: about Contacts API, are we taking Nokia, BONDI and PhoneGap inputs as is or start from the scratch 15:03:49 Bryan has joined #dap 15:03:58 darobin: we're starting with requirements gathering 15:04:04 +Bryan_Sullivan 15:04:29 ... the draft was to kick-start the work 15:04:31 so it could be 'another' API to add to the mixx 15:04:49 ... took parts from both Nokia and BONDI 15:05:03 drogersuk: the more we look at the better / PhoneGap is an aggregate of all the mobile smartphones 15:05:28 drogersuk: concerned on the length of time it'll take to produce the specs 15:05:33 however, for example, I quite like googles contacts api for gmail, etc 15:05:43 what about design patterns for example? 15:05:55 darobin: we can start with existing inputs, but both have issues so it would not actually speed things up 15:06:32 drogersuk: design patterns should provide the basis for all the APIs 15:06:46 darobin: patterns easier to derive from concrete work 15:07:18 drogersuk: we should draw from the experience from the inputs 15:07:51 darobin: not sure how we're not using prior art to our advantage 15:08:26 drogersuk: to dive into specific API and doing it again could end up in doing more work 15:08:48 q+ 15:08:56 darobin: argument understood, not clear what is proposed to address it, publish patterns beforehand? 15:09:05 ack drogersuk 15:09:13 ack marcin 15:09:31 marcin: re design patterns, in BONDI we have tried to identify the patterns 15:09:47 ... similar document could be delivered to DAP 15:10:07 q+ 15:10:19 can we agree a clear strategy in terms of API design? 15:10:38 ACTION: Marcin to provide a design patterns document before TPAC 15:10:38 Created ACTION-27 - Provide a design patterns document before TPAC [on Marcin Hanclik - due 2009-10-14]. 15:12:23 drogersuk: wants to see a strategy how we'll deliver the APIs instead adademic discussion on API design 15:14:01 darobin: AOB 15:14:07 ack Bryan 15:15:06 Bryan: would like to see design patterns done fast, there's market momentum which would benefit us moving fast 15:15:18 q+ 15:15:26 ack drogersuk 15:16:21 drogersuk: looking at the inputs and conflicts in them 15:16:40 darobin: we have three primary inputs, in some cases four 15:16:58 q 15:17:13 ... it would be a bruising process if we start looking into inputs in details 15:17:32 drogersuk: can we identify areas where we agree on 15:17:47 darobin: beneficial approach for generic patterns 15:17:59 in APIs too, not just the patterns 15:18:20 ... we as a group don't want to do the same mistakes as what's potentially present in the input 15:19:03 -LauraArribas 15:19:03 TOPIC: Adjourn 15:19:04 -Bryan_Sullivan 15:19:06 -DzungTran 15:19:06 -marcin2 15:19:07 -darobin 15:19:08 -richt 15:19:09 -Claes 15:19:10 -fjh 15:19:12 -niklasw 15:19:14 -ilkka 15:19:16 -DanielColoma 15:19:18 -JereK 15:19:18 paddy has left #dap 15:19:20 -wonsuk 15:19:22 -??P1 15:19:45 RRSAgent, generate minutes 15:19:45 I have made the request to generate http://www.w3.org/2009/10/07-dap-minutes.html fhirsch 15:19:47 cuihtlauac has left #dap 15:20:17 fhirsch: thanks! 15:20:26 AnssiK: you did great, thanks a lot 15:20:51 -AnssiK 15:24:56 - +29605aabb 15:28:38 Zakim, who's there? 15:28:38 I don't understand your question, darobin. 15:28:42 Zakim, who's here? 15:28:42 On the phone I see Kangchan, paddy 15:28:43 On IRC I see DanielColoma, hendry, Claes, JereK, Laura_Arribas, wonsuk, AnssiK, Zakim, RRSAgent, fhirsch, darobin, tlr, maxf, arg, ilkka, trackbot, dom 15:28:54 heh, funny how some people just stay 15:29:00 Zakim, end call 15:29:00 I don't understand 'end call', darobin 15:29:11 Zakim, drop kangchan 15:29:11 Kangchan is being disconnected 15:29:12 -Kangchan 15:29:14 Zakim, drop paddy 15:29:14 paddy is being disconnected 15:29:15 UW_DAP()10:00AM has ended 15:29:16 Attendees were ilkka, fjh, darobin, Kangchan, wonsuk, AnssiK, DzungTran, JereK, marcin2, richt, +29605aabb, LauraArribas, niklasw, +46.1.08.01.aacc, Claes, Thomas, +1.604.685.aadd, 15:29:18 ... paddy, DanielColoma, +1.604.685.aaff, Bryan_Sullivan 15:30:14 hendry has left #dap 15:36:16 JereK has left #dap 15:52:53 AnssiK has left #dap 15:58:57 okay, transition request made for the requirements document 17:03:59 wonsuk has left #dap 17:32:49 Zakim has left #dap