Add privacy policy.
authorGreg Billock <gbillock@google.com>
Tue, 19 Jun 2012 14:09:03 -0700
changeset 16 573065e3be16
parent 15 0bea278978de
child 17 f8bbacca0deb
Add privacy policy.
spec/Overview-respec.html
spec/Overview.html
--- a/spec/Overview-respec.html	Wed Jun 06 09:44:27 2012 -0700
+++ b/spec/Overview-respec.html	Tue Jun 19 14:09:03 2012 -0700
@@ -574,7 +574,7 @@
     unregister itself implicitly by removing all intent tags, or explicitly
     by keeping the tag present, but without <code>action</code> or
     <code>type</code> attributes. Such explicit unregistration SHOULD
-    be honored for any tag with a ame-origin <code>href</code> attribute.
+    be honored for any tag with a same-origin <code>href</code> attribute.
     </p>
     <p>
     The intent tags on the service handler page itself SHOULD be interpreted by
@@ -904,6 +904,27 @@
       </section>
     </section>
 
+    <section>
+      <h2>Privacy Considerations</h2>
+      <p>
+      The user needs to have confidence that the Service will user the data
+      associated with the action for the purpose intended and not share or retain
+      the data inappropriately.  For this reason it is important that the user have
+      control over Intents, in particular the selection mechanism which determines
+      which Service will handle a particular Intent.  This offers the possibility
+      of user decision and control related to the choice of Service, allowing them
+      to take into account expectations regarding the Service, including Service
+      policies related to retention and secondary use. This relates to the privacy
+      principles of control and consent [[DAP-PRIVACY-REQS]].  For this reason a user
+      should be made aware of explicit intents and be able to view and change them;
+      implementations should be encouraged to offer this functionality.
+
+      The minimum data necessary for a Service should be included as Intent parameters,
+      corresponding to the privacy principle of minimization
+      [[DAP-PRIVACY-REQS]].
+      </p>
+    </section>
+
     <section class='appendix'>
       <h2>Acknowledgements</h2>
       <p>
--- a/spec/Overview.html	Wed Jun 06 09:44:27 2012 -0700
+++ b/spec/Overview.html	Tue Jun 19 14:09:03 2012 -0700
@@ -477,7 +477,7 @@
 pre.sh_sourceCode .sh_attribute { color: #006400; }
 
 </style><link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel="stylesheet" type="text/css" charset="utf-8"></head>
-  <body style="display: inherit; "><div class="head"><p><a href="http://www.w3.org/"><img width="72" height="48" src="http://www.w3.org/Icons/w3c_home" alt="W3C"></a></p><h1 class="title" id="title">Web Intents</h1><h2 id="w3c-editor-s-draft-06-june-2012"><acronym title="World Wide Web Consortium">W3C</acronym> Editor's Draft 06 June 2012</h2><dl><dt>This version:</dt><dd><a href="http://dev.w3.org/2011/webapps/TODO.html">http://dev.w3.org/2011/webapps/TODO.html</a></dd><dt>Latest published version:</dt><dd><a href="http://www.w3.org/TR/web-intents/">http://www.w3.org/TR/web-intents/</a></dd><dt>Latest editor's draft:</dt><dd><a href="http://dev.w3.org/2011/webapps/TODO.html">http://dev.w3.org/2011/webapps/TODO.html</a></dd><dt>Previous version:</dt><dd>none</dd><dt>Editors:</dt><dd><span>Greg Billock</span>, <a href="http://google.com/">Google</a></dd>
+  <body style="display: inherit; "><div class="head"><p><a href="http://www.w3.org/"><img width="72" height="48" src="http://www.w3.org/Icons/w3c_home" alt="W3C"></a></p><h1 class="title" id="title">Web Intents</h1><h2 id="w3c-editor-s-draft-19-june-2012"><acronym title="World Wide Web Consortium">W3C</acronym> Editor's Draft 19 June 2012</h2><dl><dt>This version:</dt><dd><a href="http://dev.w3.org/2011/webapps/TODO.html">http://dev.w3.org/2011/webapps/TODO.html</a></dd><dt>Latest published version:</dt><dd><a href="http://www.w3.org/TR/web-intents/">http://www.w3.org/TR/web-intents/</a></dd><dt>Latest editor's draft:</dt><dd><a href="http://dev.w3.org/2011/webapps/TODO.html">http://dev.w3.org/2011/webapps/TODO.html</a></dd><dt>Previous version:</dt><dd>none</dd><dt>Editors:</dt><dd><span>Greg Billock</span>, <a href="http://google.com/">Google</a></dd>
 <dd><span>James Hawkins</span>, <a href="http://google.com/">Google</a></dd>
 <dd><span>Paul Kinlan</span>, <a href="http://google.com/">Google</a></dd>
 </dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2012 <a href="http://www.w3.org/"><acronym title="World Wide Web Consortium">W3C</acronym></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute of Technology">MIT</acronym></a>, <a href="http://www.ercim.eu/"><acronym title="European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. <acronym title="World Wide Web Consortium">W3C</acronym> <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p><hr></div>
@@ -491,7 +491,7 @@
       pages to create, receive, and reply to Web Intents messages, and the
       procedures the User Agent carries out to facilitate that process.
       </p>
-    </div><div id="sotd" class="introductory section"><h2>Status of This Document</h2><p><em>This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current <acronym title="World Wide Web Consortium">W3C</acronym> publications and the latest revision of this technical report can be found in the <a href="http://www.w3.org/TR/"><acronym title="World Wide Web Consortium">W3C</acronym> technical reports index</a> at http://www.w3.org/TR/.</em></p><p>This document was published by the <a href="http://www.w3.org/2008/webapps/">Web Applications (WebApps) Working Group</a> as an Editor's Draft. If you wish to make comments regarding this document, please send them to <a href="mailto:[email protected]">[email protected]</a> (<a href="mailto:[email protected]?subject=subscribe">subscribe</a>, <a href="http://lists.w3.org/Archives/Public/public-web-intents/">archives</a>). All feedback is welcome.</p><p>Publication as an Editor's Draft does not imply endorsement by the <acronym title="World Wide Web Consortium">W3C</acronym> Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.</p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 <acronym title="World Wide Web Consortium">W3C</acronym> Patent Policy</a>. <acronym title="World Wide Web Consortium">W3C</acronym> maintains a <a href="TODO" rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the <acronym title="World Wide Web Consortium">W3C</acronym> Patent Policy</a>.</p></div><div id="toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#example" class="tocxref"><span class="secno">1.1 </span>Example</a></li><li class="tocline"><a href="#normative-parts" class="tocxref"><span class="secno">1.2 </span>Normative parts</a></li></ul></li><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2. </span>Terminology</a><ul class="toc"><li class="tocline"><a href="#actors" class="tocxref"><span class="secno">2.1 </span>Actors</a></li><li class="tocline"><a href="#life-cycle-of-intents-and-services" class="tocxref"><span class="secno">2.2 </span>Life cycle of Intents and Services</a></li></ul></li><li class="tocline"><a href="#api-description" class="tocxref"><span class="secno">3. </span>API Description</a><ul class="toc"><li class="tocline"><a href="#intent-parameters-dictionary" class="tocxref"><span class="secno">3.1 </span>Intent parameters dictionary</a><ul class="toc"><li class="tocline"><a href="#dictionary-intentparameters-members" class="tocxref"><span class="secno">3.1.1 </span>Dictionary <span class="idlType formerLink idlType"><code>IntentParameters</code></span> Members</a></li></ul></li><li class="tocline"><a href="#intent-object" class="tocxref"><span class="secno">3.2 </span>Intent object</a><ul class="toc"><li class="tocline"><a href="#attributes" class="tocxref"><span class="secno">3.2.1 </span>Attributes</a></li><li class="tocline"><a href="#methods" class="tocxref"><span class="secno">3.2.2 </span>Methods</a></li></ul></li><li class="tocline"><a href="#invocation-api" class="tocxref"><span class="secno">3.3 </span>Invocation API</a><ul class="toc"><li class="tocline"><a href="#methods-1" class="tocxref"><span class="secno">3.3.1 </span>Methods</a></li></ul></li><li class="tocline"><a href="#delivery-and-response-api" class="tocxref"><span class="secno">3.4 </span>Delivery and Response API</a><ul class="toc"><li class="tocline"><a href="#attributes-1" class="tocxref"><span class="secno">3.4.1 </span>Attributes</a></li></ul></li><li class="tocline"><a href="#registration-markup" class="tocxref"><span class="secno">3.5 </span>Registration Markup</a><ul class="toc"><li class="tocline"><a href="#attributes-2" class="tocxref"><span class="secno">3.5.1 </span>Attributes</a></li></ul></li></ul></li><li class="tocline"><a href="#user-agent-behavior" class="tocxref"><span class="secno">4. </span>User Agent Behavior</a><ul class="toc"><li class="tocline"><a href="#explicit-intents" class="tocxref"><span class="secno">4.1 </span>Explicit Intents</a></li><li class="tocline"><a href="#matching-action-and-type-for-delivery" class="tocxref"><span class="secno">4.2 </span>Matching action and type for delivery</a></li><li class="tocline"><a href="#handling-service-suggestions-from-intent-invocation" class="tocxref"><span class="secno">4.3 </span>Handling Service suggestions from Intent Invocation</a></li></ul></li><li class="tocline"><a href="#use-cases-and-requirements" class="tocxref"><span class="secno">5. </span>Use Cases and Requirements</a><ul class="toc"><li class="tocline"><a href="#sharing" class="tocxref"><span class="secno">5.1 </span>Sharing</a></li><li class="tocline"><a href="#integration-with-local-web-apps" class="tocxref"><span class="secno">5.2 </span>Integration with local web apps</a></li><li class="tocline"><a href="#persistent-connections" class="tocxref"><span class="secno">5.3 </span>Persistent connections</a></li><li class="tocline"><a href="#integration-with-external-applications" class="tocxref"><span class="secno">5.4 </span>Integration with external applications</a></li><li class="tocline"><a href="#translating-existing-web-platform-features-to-intents" class="tocxref"><span class="secno">5.5 </span>Translating existing web platform features to intents</a></li><li class="tocline"><a href="#authentication" class="tocxref"><span class="secno">5.6 </span>Authentication</a></li></ul></li><li class="tocline"><a href="#acknowledgements" class="tocxref"><span class="secno">A. </span>Acknowledgements</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">B. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">B.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">B.2 </span>Informative references</a></li></ul></li></ul></div>
+    </div><div id="sotd" class="introductory section"><h2>Status of This Document</h2><p><em>This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current <acronym title="World Wide Web Consortium">W3C</acronym> publications and the latest revision of this technical report can be found in the <a href="http://www.w3.org/TR/"><acronym title="World Wide Web Consortium">W3C</acronym> technical reports index</a> at http://www.w3.org/TR/.</em></p><p>This document was published by the <a href="http://www.w3.org/2008/webapps/">Web Applications (WebApps) Working Group</a> as an Editor's Draft. If you wish to make comments regarding this document, please send them to <a href="mailto:[email protected]">[email protected]</a> (<a href="mailto:[email protected]?subject=subscribe">subscribe</a>, <a href="http://lists.w3.org/Archives/Public/public-web-intents/">archives</a>). All feedback is welcome.</p><p>Publication as an Editor's Draft does not imply endorsement by the <acronym title="World Wide Web Consortium">W3C</acronym> Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.</p><p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 <acronym title="World Wide Web Consortium">W3C</acronym> Patent Policy</a>. <acronym title="World Wide Web Consortium">W3C</acronym> maintains a <a href="TODO" rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the <acronym title="World Wide Web Consortium">W3C</acronym> Patent Policy</a>.</p></div><div id="toc" class="section"><h2 class="introductory">Table of Contents</h2><ul class="toc"><li class="tocline"><a href="#introduction" class="tocxref"><span class="secno">1. </span>Introduction</a><ul class="toc"><li class="tocline"><a href="#example" class="tocxref"><span class="secno">1.1 </span>Example</a></li><li class="tocline"><a href="#normative-parts" class="tocxref"><span class="secno">1.2 </span>Normative parts</a></li></ul></li><li class="tocline"><a href="#terminology" class="tocxref"><span class="secno">2. </span>Terminology</a><ul class="toc"><li class="tocline"><a href="#actors" class="tocxref"><span class="secno">2.1 </span>Actors</a></li><li class="tocline"><a href="#life-cycle-of-intents-and-services" class="tocxref"><span class="secno">2.2 </span>Life cycle of Intents and Services</a></li></ul></li><li class="tocline"><a href="#api-description" class="tocxref"><span class="secno">3. </span>API Description</a><ul class="toc"><li class="tocline"><a href="#intent-parameters-dictionary" class="tocxref"><span class="secno">3.1 </span>Intent parameters dictionary</a><ul class="toc"><li class="tocline"><a href="#dictionary-intentparameters-members" class="tocxref"><span class="secno">3.1.1 </span>Dictionary <span class="idlType formerLink idlType"><code>IntentParameters</code></span> Members</a></li></ul></li><li class="tocline"><a href="#intent-object" class="tocxref"><span class="secno">3.2 </span>Intent object</a><ul class="toc"><li class="tocline"><a href="#attributes" class="tocxref"><span class="secno">3.2.1 </span>Attributes</a></li><li class="tocline"><a href="#methods" class="tocxref"><span class="secno">3.2.2 </span>Methods</a></li></ul></li><li class="tocline"><a href="#invocation-api" class="tocxref"><span class="secno">3.3 </span>Invocation API</a><ul class="toc"><li class="tocline"><a href="#methods-1" class="tocxref"><span class="secno">3.3.1 </span>Methods</a></li></ul></li><li class="tocline"><a href="#delivery-and-response-api" class="tocxref"><span class="secno">3.4 </span>Delivery and Response API</a><ul class="toc"><li class="tocline"><a href="#attributes-1" class="tocxref"><span class="secno">3.4.1 </span>Attributes</a></li></ul></li><li class="tocline"><a href="#registration-markup" class="tocxref"><span class="secno">3.5 </span>Registration Markup</a><ul class="toc"><li class="tocline"><a href="#attributes-2" class="tocxref"><span class="secno">3.5.1 </span>Attributes</a></li></ul></li></ul></li><li class="tocline"><a href="#user-agent-behavior" class="tocxref"><span class="secno">4. </span>User Agent Behavior</a><ul class="toc"><li class="tocline"><a href="#explicit-intents" class="tocxref"><span class="secno">4.1 </span>Explicit Intents</a></li><li class="tocline"><a href="#matching-action-and-type-for-delivery" class="tocxref"><span class="secno">4.2 </span>Matching action and type for delivery</a></li><li class="tocline"><a href="#handling-service-suggestions-from-intent-invocation" class="tocxref"><span class="secno">4.3 </span>Handling Service suggestions from Intent Invocation</a></li></ul></li><li class="tocline"><a href="#use-cases-and-requirements" class="tocxref"><span class="secno">5. </span>Use Cases and Requirements</a><ul class="toc"><li class="tocline"><a href="#sharing" class="tocxref"><span class="secno">5.1 </span>Sharing</a></li><li class="tocline"><a href="#integration-with-local-web-apps" class="tocxref"><span class="secno">5.2 </span>Integration with local web apps</a></li><li class="tocline"><a href="#persistent-connections" class="tocxref"><span class="secno">5.3 </span>Persistent connections</a></li><li class="tocline"><a href="#integration-with-external-applications" class="tocxref"><span class="secno">5.4 </span>Integration with external applications</a></li><li class="tocline"><a href="#translating-existing-web-platform-features-to-intents" class="tocxref"><span class="secno">5.5 </span>Translating existing web platform features to intents</a></li><li class="tocline"><a href="#authentication" class="tocxref"><span class="secno">5.6 </span>Authentication</a></li></ul></li><li class="tocline"><a href="#privacy-considerations" class="tocxref"><span class="secno">6. </span>Privacy Considerations</a></li><li class="tocline"><a href="#acknowledgements" class="tocxref"><span class="secno">A. </span>Acknowledgements</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">B. </span>References</a><ul class="toc"><li class="tocline"><a href="#normative-references" class="tocxref"><span class="secno">B.1 </span>Normative references</a></li><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">B.2 </span>Informative references</a></li></ul></li></ul></div>
     
     <div id="introduction" class="section">
       <!--OddPage--><h2><span class="secno">1. </span>Introduction</h2>
@@ -954,7 +954,7 @@
     unregister itself implicitly by removing all intent tags, or explicitly
     by keeping the tag present, but without <code>action</code> or
     <code>type</code> attributes. Such explicit unregistration <em class="rfc2119" title="should">should</em>
-    be honored for any tag with a ame-origin <code>href</code> attribute.
+    be honored for any tag with a same-origin <code>href</code> attribute.
     </p>
     <p>
     The intent tags on the service handler page itself <em class="rfc2119" title="should">should</em> be interpreted by
@@ -1284,6 +1284,27 @@
       </div>
     </div>
 
+    <div id="privacy-considerations" class="section">
+      <!--OddPage--><h2><span class="secno">6. </span>Privacy Considerations</h2>
+      <p>
+      The user needs to have confidence that the Service will user the data
+      associated with the action for the purpose intended and not share or retain
+      the data inappropriately.  For this reason it is important that the user have
+      control over Intents, in particular the selection mechanism which determines
+      which Service will handle a particular Intent.  This offers the possibility
+      of user decision and control related to the choice of Service, allowing them
+      to take into account expectations regarding the Service, including Service
+      policies related to retention and secondary use. This relates to the privacy
+      principles of control and consent [<cite><a class="bibref" rel="biblioentry" href="#bib-DAP-PRIVACY-REQS">DAP-PRIVACY-REQS</a></cite>].  For this reason a user
+      should be made aware of explicit intents and be able to view and change them;
+      implementations should be encouraged to offer this functionality.
+
+      The minimum data necessary for a Service should be included as Intent parameters,
+      corresponding to the privacy principle of minimization
+      [<cite><a class="bibref" rel="biblioentry" href="#bib-DAP-PRIVACY-REQS">DAP-PRIVACY-REQS</a></cite>].
+      </p>
+    </div>
+
     <div class="appendix section" id="acknowledgements">
       <!--OddPage--><h2><span class="secno">A. </span>Acknowledgements</h2>
       <p>
@@ -1303,5 +1324,5 @@
 </dd><dt id="bib-HTTP11">[HTTP11]</dt><dd>R. Fielding; et al. <a href="http://www.ietf.org/rfc/rfc2616.txt"><cite>Hypertext Transfer Protocol - HTTP/1.1.</cite></a> June 1999. Internet RFC 2616. URL: <a href="http://www.ietf.org/rfc/rfc2616.txt">http://www.ietf.org/rfc/rfc2616.txt</a> 
 </dd><dt id="bib-POSTMSG">[POSTMSG]</dt><dd>Ian Hickson. <a href="http://www.w3.org/TR/webmessaging/"><cite>HTML5 Web Messaging.</cite></a> 13 March 2012. W3C Working Draft. (Work In Progress.) URL: <a href="http://www.w3.org/TR/webmessaging/">http://www.w3.org/TR/webmessaging/</a>
 </dd><dt id="bib-RFC2046">[RFC2046]</dt><dd>N. Freed; N. Borenstein. <a href="http://www.ietf.org/rfc/rfc2046.txt"><cite>Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types.</cite></a> November 1996. Internet RFC 2046. URL: <a href="http://www.ietf.org/rfc/rfc2046.txt">http://www.ietf.org/rfc/rfc2046.txt</a> 
-</dd></dl></div><div id="informative-references" class="section"><h3><span class="secno">B.2 </span>Informative references</h3><p>No informative references.</p></div></div></body></html>
-
+</dd></dl></div><div id="informative-references" class="section"><h3><span class="secno">B.2 </span>Informative references</h3><dl class="bibliography"><dt id="bib-DAP-PRIVACY-REQS">[DAP-PRIVACY-REQS]</dt><dd>Alissa Cooper, Frederick Hirsch, John Morris. <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/"><cite>Device API Privacy Requirements</cite></a> 29 June 2010. W3C Note URL: <a href="http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/">http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/</a> 
+</dd></dl></div></div></body></html>