The Device APIs Working Group is currently not progressing the approach outlined in this draft. Please treat this document with caution and do not reference it or use it as the basis for implementation. The domain covered by this document is still within the scope of the Working Group as defined in its Charter. The Working Group may resume this work or adopt an alternative approach depending on the interest of WG members and implementers.
The Pick Contacts Intent defines a Web Intent [[!WEBINTENTS]] that enables access to a user's address book service from inside a Web application. It defines both an Intent action/type pair that selects this operation, and the format of the contacts data that is returned by services implementing this specification
This document builds atop previous versions that were pure JavaScript APIs and turns them into an API built using Web Intents, while maintaining the data format which the JavaScript APIs had defined.
Every operating system and a large number of Web-based service providers have different ways of representing address book information. Most users are required to maintain a plurality of contact lists which leads to multiple copies of address book data. This in turn often leads to disjoint and inconsistent information being stored across a user's address book providers.
When sharing contact data with third parties users are, more often than not, required to hand over access to their whole address book. Users are implicitly required to trust third parties with all of their data when, in reality, the user may only wish, or need, to share a subset of their address book information so that an application can fulfil its purpose. When sharing of only a subset of a user's address book is possible, it often requires the user to type the information into a form herself rather than having it extracted from one of her address book services.
This specification enables a Web application to have access to a selected subset of a user's address book, obtained from arbitrary services not known to the Web application. The interactions, brokered using Web Intents [[!WEBINTENTS]] are designed in order to maximise the user's security and privacy. Address book data may be sourced from a plurality of sources — both online and local to the user's device — so long as those sources are registered as Intent services with the user agent. It defines a common format which services use to provide data to Web applications in a consistent and interoperable manner.
The expectation is that data sharing happens with explicit user permission and filtering. The focus of this data sharing is on making the user aware of the data that they will share and putting them at the centre of the data sharing process; free to select both the extent to which they share their address book information and the ability to restrict which pieces of information related to which contact gets shared.
A set of Security and Privacy Considerations are presented for the discretion of both implementers of Pick Contacts Intent services and recipients of contact information (i.e. Web applications).
The following code illustrates how to obtain contact information from a user's address book:
var intent = new Intent({ action: "http://intents.w3.org/pick",
type: "http://intents.w3.org/type/contact",
extras: { fields: ["displayName", "emails"] }});
navigator.startActivity(intent, contactsOK, contactsFail);
function contactsOK (contacts) {
// iterate over the array of contacts to do something useful with them
}
function contactsFail (err) {
// display an error to the user
}
When the above code is run, the user would typically be prompted by her user agent to select
a service able to pick a contact (there may be several such services, if she has multiple address
book sources). Upon selecting a service, she will be presented with an interface enabling her
to choose what contact information is returned to the Web application. Upon completing her
choice, the contacts data would be returned to the Web application in the contactsOK
callback.
There is only one single conformance requirement placed upon the user agent product: a user agent MUST support Web Intents [[!WEBINTENTS]].
The conformance criteria in this specification apply to a single product: the contact service which exposes a Web Intent service that handles Pick Contact Intents as defined in this specification.
The data returned by the contact service is described in this specification using [[!WEBIDL]]. When this data is provided using JavaScript, then the contact service MUST do so in a manner consistent with the ECMAScript Bindings defined in the Web IDL specification.
The Intent defined in this specification can be used to find contact information from a user's address books. This discloses information related to a user's contacts such as their phone numbers, email addresses and other personally identifying information. The distribution of this information could potentially compromise the user's privacy, or the user's contacts' privacy. A conforming implementation of this specification should provide a mechanism that protects the user's privacy and this mechanism should ensure that no contact information is retrievable without the user's express permission.
A contact service should not provide contact information to Web sites without the express permission of the user. Obtaining the user's express permission to access a set of contacts does not imply that the user has granted permission for the same Web site to access more contact information. A contact service should take great care to ensure that the user can clearly see which information is about to be shared, and must not share more information than has been requested by the Web application.
A user agent may have prearranged trust relationships with a specific contact service that do not require such user interaction.
Web sites operators that retrieve contacts information using this Intent are denoted as recipients below.
Recipients should only request contact information when necessary, and only use the contact information for the task for which it was provided to them.
Recipients should dispose of contact information once that task is completed, unless expressly permitted to retain it by the user. Recipients should also take measures to protect this information against unauthorised access. If contact information is stored, users should be allowed to update and delete this information.
The recipient of contact information should not retransmit the contact information without the user's express permission. Care should be taken when retransmitting and use of encryption is encouraged.
Recipients should clearly and conspicuously disclose the fact that they are collecting contact data, the purpose of the collection, how long the data is retained, how the data is secured, how the data is shared if it is shared, how users can access, update and delete the data, and any other choices that users have with respect to the data. This disclosure should include an explanation of any exceptions to the guidelines listed above.
Note that even if a user gives permission to share their contact information this can have serious privacy implications for those parties whose contacts are shared, as they may not wish such sharing to occur. This should be considered by Web applications when requesting and using such information.
Further to the requirements listed in the previous section, implementers of a user agents are also advised to consider the following aspects that can negatively affect the privacy of their users: in certain cases, users can inadvertently grant permission to disclose their contacts to Web sites. In other cases, the content hosted at a certain URL changes in such a way that the previously granted contact permissions no longer apply as far as the user is concerned. Or the users might simply change their minds.
Predicting or preventing these situations is inherently difficult. Mitigation and in-depth defensive measures are a user agent's responsibility and not prescribed by this specification. However, in designing these measures, implementers are advised to enable user awareness of information sharing, and to provide easy access to user interfaces that enable revocation of permissions that Web applications have to access this Intent.
The action for this Intent is http://intents.w3.org/pick.
The type for this Intent is http://intents.w3.org/type/contact.
When a contact service is matched for delivery using these action and type, it MUST respond in one of two ways:
postResult()) matching the data format defined below.
postFailure()) matching the error data format defined below. The contact service
MUST NOT treat the user selecting zero contacts or cancelling the service as error conditions.
The Pick Contact Intent can be instantiated with an extras field that adheres to the
following dictionary.
The ContactIntentExtras dictionary describes the options that can be applied to contact searching.
limit
is specified, the contact service MUST NOT return more than limit contacts. The
contact service SHOULD enforce this limitation in the user interface that it exposes.
Upon successful invocation, the contact service MUST return an array of Contact dictionaries.
The Contact dictionary captures the properties of a contact object. All properties included in this interface have a corresponding definition in [[POCO-SCHEMA]], [[RFC2426]] (also known as vCard), and [[OMA-CAB]], thereby allowing the data format to be supported across implementations supporting these various contact representations.
Additional attributes MAY be included according to the provisions detailed in Extended Contact Properties and Parameters.
This attribute represents one or more photos associated with this Contact.
The photos MUST be specified in the value attribute of the ContactField object
by using a URL pointing to an image resource. The data: URI scheme may be used in order
to provide inline data.
A contact service SHOULD NOT use this attribute to send down arbitrary photos taken by this user, but specifically profile photos of the contact suitable for display when describing the contact.
This attribute represents one or more URLs associated with this Contact e.g. personal web page, blog.
The ContactName dictionary describes a contact's name in detail.
The ContactField dictionary is a reusable component that is used to capture contact fields of the Contact dictionary that have some modicum of structure.
phoneNumber property, the type attribute can be set to
home, mobile; if the ContactField is representing the ims
property, the type attribute could be set to xmpp, irc, bbm, etc.
email, the value attribute could be set to JoeSmith@example.com,
and if the ContactField is representing a url, the value attribute can be set to
http://www.example.org/joesmith, etc.
false.
The ContactAddress dictionary is a reusable component that is used to capture addresses within the Contact dictionary.
ContactAddress is the preferred,
or primary, value for the contact. By default, the value is false.
work,
home, premises, etc).
The ContactOrganization dictionary is a reusable component that is used to support contact organisations within the Contact dictionary.
ContactOrganization is the preferred, or
primary, value for the contact. By default, the value is false.
If the contact service encounters an error then it MUST return an error
(through postFailure()) using the ContactError dictionary.
A contact service MAY extend the dictionaries described in in the Data Formats section with
additional fields. If providing an extended field, a contact service MUST prefix its name
with X (U+0058 LATIN CAPITAL LETTER X) or use a vendor-specific prefix.