W3C Device API and Policy
WG Activity
Kangchan Lee
chan@etri.re.kr, chan@w3.org
Twitter : Kangchan
Thanks to Dave Raggett, and Dowan Kim

Hypertext
• 1965 coins the term
“Hypertext”
– in "A File Structure for the
Complex, the Changing,
and the Indeterminate".
20th National Conference,
New York, Association for
Computing Machinery
• Project Xanadu founded in 1981
• Goal: a networked pay-per-document hypertext
database encompassing all written information
10th MobileWebApps Camp

CERN – birthplace of the Web
• 1980 Develops “Enquire” as
a simple hypertext system
whilst consulting for CERN
• 1989 Project proposal for
World Wide Web
• 1994 Founds W3C to lead
the Web to its full potential
10th MobileWebApps Camp

Enquire
> ENQUIRE
Enquire V 1.1
Hello!
Opening file (PSK-PCP)VAC-V1:ENQR...
PSB Vacuum Control System (concept) < O>
--- ------ ------- ------
[ 1] described-by: Enquiry System
An experimental system for which this is a test.
[ 2] includes: Vacuum History System
Records and displays slow changes in pressure.
[ 3] includes: Vacuum equipment modules
Perform all the hardware interface
[ 4] includes: Control and status applications programs
Provide operator interaction from the consoles.
[ 5] described-by: Controle du System a Vide du Booster 11-2-80
Operational specification of the software
[ 6] includes: PSB Pump Surveillance System PCP 228
Allows rapid monitoring of pressure changes
[number ]
10th MobileWebApps Camp

Early Web Browser
10th MobileWebApps Camp

Current Web Environments
10th MobileWebApps Camp

Web of Things
• Rapidly diminishing incremental cost for
networking all kinds of devices
• The challenge for how to integrate devices
as part of distributed applications
• Changing the way we think of the Web
– No longer just about viewing websites on
desktop browsers with big screens
– Instead apply Web technologies to ease the
task of developing new kinds of applications
across a very wide range of devices
10th MobileWebApps Camp

Needs for (Mobile) Web
• Application like
– Rich Client (DOM, Ajax, etc)
– Stand-alone Execution (Off-line, Gears)
– Local Storage, Quick Launch, etc.
• Needs Device Access
– GPS, Camera, Contacts, Calendar
– Call/Message, History, etc.
• Security & Privacy
– Security & Policy Management
– User Consent (One-shot, Session, Permanent)
10th MobileWebApps Camp

Related Works
• Standardization Works
– HTML5
– WebApps WG
• Operators
– OMTP BONDI, JIL, OneAPI, etc.
• Solution Providers
– PhoneGap, Titanium, Rhodes, etc.
• Device Manufactures
– Palm WebOS, Nokia Web Runtime, etc
10th MobileWebApps Camp

W3C Ubiquitous Web Domain
Ubiquitous Web
Domain
Mobile Web Multimodal Ubiquitous Web Voice Browser Extensible Markup
Initiative Activity Interaction Activity Application Activity Activity Language
Mobile Web Best Ubiquitous Web
Practice WG Applications WG
Mobile Web
Initiative Test Suite Geolocation WG
WG
Mobile Web For Soc Device API and
ial Development IG
http://www.w3.org/2009/dap/
Policy WG
10th MobileWebApps Camp

DAP : Goal
• Origin
– In December 2008, Security for Access to
Device APIs from the Web
• Goal
– Declaration of APIs such as Contacts -
The mechanisms by which a widget or
Web Application can declare a
dependency (with possible security
consequences) on an API
– API Patterns - What should be similar
across many APIs, e.g. API design, error
handling etc.
– Concrete APIs - Specific APIs that should
be standardized
– Policy Description - An XML (or other)
formalism describing a security policy for
concrete APIs.
10th MobileWebApps Camp

DAP : Participations
• Chair
– Robin Berjon(Vodafone)
– Frederick Hirsch(Nokia)
• Info
– 44 group participants,
– 43 participants from 19 organizations.
• ACCESS Co., AT&T, Deutsche Telekom AG , ETRI, France
Telecom, Google, Intel Corporation, Mozilla Foundation,
Nokia, OMTP Limited, Opera Software, Samsung Electronics,
SK Telecom, Sony Ericsson Mobile Communications, Sun
Microsystems, Telecom Italia SpA , Telefónica de España,
Vodafone, W3C
– 1 Invited Experts
10th MobileWebApps Camp

DAP : Scope
• Scope
– creation of API specifications for a device's services that can
be exposed to Widgets and Web Applications
• Devices : desktop computers, laptop computers, mobile internet
devices (MIDs), cellular phones, etc.
– defining a framework for the expression of security policies
that govern access of Web Applications and Widgets to
security-critical APIs
• Before developing a new policy expression language, existing
languages (such as XACML) should be reviewed for suitability;
• The resulting policy model must be consistent with the existing same
origin policies (as documented in the HTML5 specification), in the
sense that a deployment of the policy model in Web browsers must
be possible;
• The work should not be specific to either mobile or desktop
environments, but may take differences between the environments
into account
10th MobileWebApps Camp

DAP : (expected) Deliverables
• Personal Information Management (PIM) API : Calendar API, Tasks API , Contacts API
• Camera API, Messaging API
• System Information and Events API : e.g. battery level, network status, etc.
• FileSystem API : basic operations (Create, Read, Update, Delete) and more complex
operations (e.g. mount, unmount) developed in coordination with the Web
Applications Working Group File Upload specification
• Application Launcher API : discover, identify and launch the platform's native
applications
• •Primers
Application Configuration API : manage application settings and user preferences
• User •Requirements :and use case document for specifications alerting, etc.
Interaction API e.g. minimise/maximise functions, window size,
• Communication Log API : e.g. should alsoSMS, MMS, call events. scenarios.
•These documents sent emails, address non-mobile
• Gallery API : manage the local notes file storage
•Non-normative group media
• Security Policy Framework, to express security policies that govern access of Web
Applications and widgets to security-critical APIs, including work on
– Identification of APIs
– Identification of Web Applications and Widgets
– Definition of a policy description language for security policies
– Expression of security policies that govern access of Web Applications and Widgets to security-critical APIs
10th MobileWebApps Camp

DAP : Milestones
• 2009Q3
– The Working Group reviews and compares existing
starting points for the various deliverables, and
establishes a detailed roadmap.
• 2009Q4-2010Q1
– Deliverables with assigned editors progress along
Recommendation track.
• 2010Q2-2010Q3
– All deliverables are on Recommendation track.
• 2011Q2
– All deliverables have reached Proposed
Recommendation.
10th MobileWebApps Camp

DAP : Current Status
10th MobileWebApps Camp

DAP : API Example
10th MobileWebApps Camp

Conclusion
DAP
is still at
an early stage …
Question/Discussion : chan@w3.org
Twitter : Kangchan
10th MobileWebApps Camp