Copyright © 2012 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply.
The Pick Contacts Intent defines a Web Intent [WEBINTENTS] that enables access to a user's address book service from inside a Web application. It defines both an Intent action/type pair that selects this operation, and the format of the contacts data that is returned by services implementing this specification
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
This document builds atop previous versions that were pure JavaScript APIs and turns them into an API built using Web Intents, while maintaining the data format which the JavaScript APIs had defined.
This document was published by the Device APIs Working Group as a Working Draft. This document is intended to become a W3C Recommendation. If you wish to make comments regarding this document, please send them to public-device-apis@w3.org (subscribe, archives). All feedback is welcome.
Publication as a Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This section is non-normative.
Every operating system and a large number of Web-based service providers have different ways of representing address book information. Most users are required to maintain a plurality of contact lists which leads to multiple copies of address book data. This in turn often leads to disjoint and inconsistent information being stored across a user's address book providers.
When sharing contact data with third parties users are, more often than not, required to hand over access to their whole address book. Users are implicitly required to trust third parties with all of their data when, in reality, the user may only wish, or need, to share a subset of their address book information so that an application can fulfil its purpose. When sharing of only a subset of a user's address book is possible, it often requires the user to type the information into a form herself rather than having it extracted from one of her address book services.
This specification enables a Web application to have access to a selected subset of a user's address book, obtained from arbitrary services not known to the Web application. The interactions, brokered using Web Intents [WEBINTENTS] are designed in order to maximise the user's security and privacy. Address book data may be sourced from a plurality of sources — both online and local to the user's device — so long as those sources are registered as Intent services with the user agent. It defines a common format which services use to provide data to Web applications in a consistent and interoperable manner.
The expectation is that data sharing happens with explicit user permission and filtering. The focus of this data sharing is on making the user aware of the data that they will share and putting them at the centre of the data sharing process; free to select both the extent to which they share their address book information and the ability to restrict which pieces of information related to which contact gets shared.
A set of Security and Privacy Considerations are presented for the discretion of both implementers of Pick Contacts Intent services and recipients of contact information (i.e. Web applications).
The following code illustrates how to obtain contact information from a user's address book:
var intent = new Intent({ action: "http://webintents.org/pick", type: "http://w3.org/type/contact", extras: { fields: ["displayName", "emails"] }}); navigator.startActivity(intent, contactsOK, contactsFail); function contactsOK (contacts) { // iterate over the array of contacts to do something useful with them } function contactsFail (err) { // display an error to the user }
When the above code is run, the user would typically be prompted by her user agent to select
a service able to pick a contact (there may be several such services, if she has multiple address
book sources). Upon selecting a service, she will be presented with an interface enabling her
to choose what contact information is returned to the Web application. Upon completing her
choice, the contacts data would be returned to the Web application in the contactsOK
callback.
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words must, must not, required, should, should not, recommended, may, and optional in this specification are to be interpreted as described in [RFC2119].
There is only one single conformance requirement placed upon the user agent product: a user agent must support Web Intents [WEBINTENTS].
The conformance criteria in this specification apply to a single product: the contact service which exposes a Web Intent service that handles Pick Contact Intents as defined in this specification.
The data returned by the contact service is described in this specification using [WEBIDL]. When this data is provided using JavaScript, then the contact service must do so in a manner consistent with the ECMAScript Bindings defined in the Web IDL specification.
This section is non-normative.
The Intent defined in this specification can be used to find contact information from a user's address books. This discloses information related to a user's contacts such as their phone numbers, email addresses and other personally identifying information. The distribution of this information could potentially compromise the user's privacy, or the user's contacts' privacy. A conforming implementation of this specification should provide a mechanism that protects the user's privacy and this mechanism should ensure that no contact information is retrievable without the user's express permission.
This section is non-normative.
A contact service should not provide contact information to Web sites without the express permission of the user. Obtaining the user's express permission to access a set of contacts does not imply that the user has granted permission for the same Web site to access more contact information. A contact service should take great care to ensure that the user can clearly see which information is about to be shared, and must not share more information than has been requested by the Web application.
A user agent may have prearranged trust relationships with a specific contact service that do not require such user interaction.
Web sites operators that retrieve contacts information using this Intent are denoted as recipients below.
Recipients should only request contact information when necessary, and only use the contact information for the task for which it was provided to them.
Recipients should dispose of contact information once that task is completed, unless expressly permitted to retain it by the user. Recipients should also take measures to protect this information against unauthorised access. If contact information is stored, users should be allowed to update and delete this information.
The recipient of contact information should not retransmit the contact information without the user's express permission. Care should be taken when retransmitting and use of encryption is encouraged.
Recipients should clearly and conspicuously disclose the fact that they are collecting contact data, the purpose of the collection, how long the data is retained, how the data is secured, how the data is shared if it is shared, how users can access, update and delete the data, and any other choices that users have with respect to the data. This disclosure should include an explanation of any exceptions to the guidelines listed above.
Note that even if a user gives permission to share their contact information this can have serious privacy implications for those parties whose contacts are shared, as they may not wish such sharing to occur. This should be considered by Web applications when requesting and using such information.
Further to the requirements listed in the previous section, implementers of a user agents are also advised to consider the following aspects that can negatively affect the privacy of their users: in certain cases, users can inadvertently grant permission to disclose their contacts to Web sites. In other cases, the content hosted at a certain URL changes in such a way that the previously granted contact permissions no longer apply as far as the user is concerned. Or the users might simply change their minds.
Predicting or preventing these situations is inherently difficult. Mitigation and in-depth defensive measures are a user agent's responsibility and not prescribed by this specification. However, in designing these measures, implementers are advised to enable user awareness of information sharing, and to provide easy access to user interfaces that enable revocation of permissions that Web applications have to access this Intent.
The action for this Intent is http://webintents.org/pick
.
The type for this Intent is http://w3.org/type/contact
.
When a contact service is matched for delivery using these action and type, it must respond in one of two ways:
postResult()
) matching the data format defined below.
postFailure()
) matching the error data format defined below. The contact service
must not treat the user selecting zero contacts or cancelling the service as error conditions.
The Pick Contact Intent can be instantiated with an extras
field that adheres to the
following dictionary.
ContactIntentExtras
dictionary
The ContactIntentExtras
dictionary describes the options that can be applied to contact searching.
dictionary ContactIntentExtras {
DOMString? search;
unsigned long? limit;
DOMString[] fields;
};
ContactIntentExtras
Membersfields
of type array of DOMStringContact
dictionary that
the Web application is requesting from the contact service. The contact service must
not return defined fields on the contact objects that it provides other than those present in this
list. If a field name is provided that the contact service does not recognise as a field
of the Contact
dictionary, then it must ignore it.
limit
of type unsigned long, nullablelimit
is specified, the contact service must not return more than limit
contacts. The
contact service should enforce this limitation in the user interface that it exposes.
search
of type DOMString, nullable
Upon successful invocation, the contact service must return an array of Contact
dictionaries.
Contact
dictionary
The Contact
dictionary captures the properties of a contact object. All properties included in this
interface have a corresponding definition in [POCO-SCHEMA], [RFC2426] (also known as vCard), and
[OMA-CAB], thereby allowing the data format to be supported across implementations supporting these
various contact representations.
Additional attributes may be included according to the provisions detailed in Extended Contact Properties and Parameters.
dictionary Contact {
DOMString id;
DOMString? displayName;
ContactName
? name;
DOMString? nickname;
ContactField
[]? phoneNumbers;
ContactField
[]? emails;
ContactAddress
[]? addresses;
ContactField
[]? ims;
ContactOrganization
[]? organizations;
Date? birthday;
DOMString? note;
ContactField
[]? photos;
DOMString[]? categories;
ContactField
[]? urls;
};
Contact
Membersaddresses
of type array of ContactAddress
, nullableContact
.
birthday
of type Date, nullableContact
. The contact service may
set the year value to 0000 when the age of the Contact
is private or the year is not
available.
categories
of type array of DOMString, nullableContact
. e.g. "family", "favourite", "cryptozoologists".
displayName
of type DOMString, nullableContact
in a form that is suitable for display
to the user.
emails
of type array of ContactField
, nullableContact
.
id
of type DOMStringContact
object.
ims
of type array of ContactField
, nullableContact
.
name
of type ContactName
, nullableContact
indicated by the name components
associated with the ContactName
dictionary.
nickname
of type DOMString, nullableContact
.
note
of type DOMString, nullableContact
that is managed by the
user of the address book.
organizations
of type array of ContactOrganization
, nullableContact
.
phoneNumbers
of type array of ContactField
, nullableContact
.
photos
of type array of ContactField
, nullable
This attribute represents one or more photos associated with this Contact
.
The photos must be specified in the value
attribute of the ContactField
object
by using a URL pointing to an image resource. The data:
URI scheme may be used in order
to provide inline data.
A contact service should not use this attribute to send down arbitrary photos taken by this user, but specifically profile photos of the contact suitable for display when describing the contact.
urls
of type array of ContactField
, nullable
This attribute represents one or more URLs associated with this Contact
e.g. personal web page,
blog.
ContactName
dictionary
The ContactName
dictionary describes a contact's name in detail.
dictionary ContactName {
DOMString? familyName;
DOMString? givenName;
DOMString? middleName;
DOMString? honorificPrefix;
DOMString? honorificSuffix;
};
ContactName
MembersfamilyName
of type DOMString, nullableContact
.
givenName
of type DOMString, nullableContact
.
honorificPrefix
of type DOMString, nullableContact
. E.g. Mr., Dr., Ms., Mrs.
honorificSuffix
of type DOMString, nullableContact
. E.g. Jr., III, Sr.
middleName
of type DOMString, nullableContact
.
ContactField
dictionary
The ContactField
dictionary is a reusable component that is used to capture contact fields of the
Contact
dictionary that have some modicum of structure.
dictionary ContactField {
DOMString type;
DOMString? value;
boolean pref;
};
ContactField
Memberspref
of type booleanContactField
is the
preferred, or primary, value for the contact property this ContactField
is
representing in the Contact
interface. By default, the value is false
.
type
of type DOMStringContactField
and its content varies subject
to the contact property this ContactField
is representing. For example, if the ContactField
is representing a phoneNumber
property, the type
attribute can be set to
home
, mobile
; if the ContactField
is representing the ims
property, the type attribute could be set to xmpp
, irc
, bbm
, etc.
value
of type DOMString, nullableContactField
and its content varies subject to the
contact property this ContactField
is representing. For example, if the ContactField
is
representing an email
, the value attribute could be set to JoeSmith@example.com
,
and if the ContactField
is representing a url
, the value attribute can be set to
http://www.example.org/joesmith
, etc.
ContactAddress
dictionary
The ContactAddress
dictionary is a reusable component that is used to capture addresses
within the Contact
dictionary.
dictionary ContactAddress {
boolean pref;
DOMString? type;
DOMString? streetAddress;
DOMString? locality;
DOMString? region;
DOMString? postalCode;
DOMString? country;
};
ContactAddress
Memberscountry
of type DOMString, nullableContactAddress
.
locality
of type DOMString, nullableContactAddress
.
postalCode
of type DOMString, nullableContactAddress
.
pref
of type booleanContactAddress
is the preferred,
or primary, value for the contact. By default, the value is false
.
region
of type DOMString, nullableContactAddress
.
streetAddress
of type DOMString, nullableContactAddress
.
type
of type DOMString, nullablework
,
home
, premises
, etc).
ContactOrganization
dictionary
The ContactOrganization
dictionary is a reusable component that is used to support contact
organisations within the Contact
dictionary.
dictionary ContactOrganization {
boolean pref;
DOMString? type;
DOMString? name;
DOMString? department;
DOMString? title;
};
ContactOrganization
Membersdepartment
of type DOMString, nullableContact
works.
name
of type DOMString, nullablepref
of type booleanContactOrganization
is the preferred, or
primary, value for the contact. By default, the value is false
.
title
of type DOMString, nullableContact
holds inside this organisation.
type
of type DOMString, nullableContactError
dictionary
If the contact service encounters an error then it must return an error
(through postFailure()
) using the ContactError
dictionary.
dictionary ContactError {
DOMString message;
};
ContactError
Membersmessage
of type DOMString
A contact service may extend the dictionaries described in in the Data Formats section with
additional fields. If providing an extended field, a contact service must prefix its name
with X
(U+0058 LATIN CAPITAL LETTER X) or use a vendor-specific prefix.