ISSUE-10: Should the Geolocation API methods provide an optional parameter of type URI that allows the location requesting service to advertise a policy (P3P or XACML or some other) that applies to the request?
Should the Geolocation API methods provide an optional parameter of type URI that allows the location requesting service to advertise a policy (P3P or XACML or some other) that applies to the request?
- State:
- CLOSED
- Product:
- GeoAPI V1
- Raised by:
- Andrei Popescu
- Opened on:
- 2009-06-18
- Description:
- In March 2009, Martin Thomson proposed that the Geolocation API methods should be extended to allow a Web site to provide Geolocation privacy-related information (e.g. text that explains how the website intends to use the user's location, a URL to a privacy policy, etc). This information would be rendered by the UA's chrome (e.g. in the geolocation permission dialog) and is intended to help the user decide whether or not to disclose her location to the website.
This proposal was originally discussed in the following thread:
http://lists.w3.org/Archives/Public/public-geolocation/2009Mar/0131.html
In June 2009, a similar proposal was brought up by Rigo Wenning:
http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/0104.html
- Related Actions Items:
- No related actions
- Related emails:
- Re: ISSUE-10 Re: Geopriv compromise proposal (from [email protected] on 2009-06-19)
- Re: ISSUE-10 Re: Geopriv compromise proposal (from [email protected] on 2009-06-19)
- Re: ISSUE-10 Re: Geopriv compromise proposal (from [email protected] on 2009-06-18)
- Re: ISSUE-10 Re: Geopriv compromise proposal (from [email protected] on 2009-06-18)
- Re: ISSUE-10 Re: Geopriv compromise proposal (from [email protected] on 2009-06-18)
- Re: ISSUE-10 Re: Geopriv compromise proposal (from [email protected] on 2009-06-18)
- Re: ISSUE-10 Re: Geopriv compromise proposal (from [email protected] on 2009-06-18)
- ISSUE-10 Re: Geopriv compromise proposal (from [email protected] on 2009-06-18)
- ISSUE-10: Should the Geolocation API methods provide an optional parameter of type URI that allows the location requesting service to advertise a policy (P3P or XACML or some other) that applies to the request? [GeoAPI V1] (from [email protected] on 2009-06-18)
Related notes:
The majority of the group provided negative feedback to the original proposal and the proposal was rejected. The arguments against the proposal are expressed in the following emails:
http://lists.w3.org/Archives/Public/public-geolocation/2009Mar/0136.html http://lists.w3.org/Archives/Public/public-geolocation/2009Mar/0137.html
http://lists.w3.org/Archives/Public/public-geolocation/2009Mar/0141.html
Rigo Wenning's proposal received similar feedback:
http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/0110.html
http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/0140.html
http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/0147.html
The gist of the arguments against the proposal is the following: if the proposal was adopted, the browsers would end up showing the user an interface that appears to be a user-agent enforced privacy preference panel. However, since the privacy information is provided by the website, there is no way for the user-agent to ensure that the claims made by the website are actually true. This could result in the users being mislead by a user-agent prompt. This would break the separation between the user-agent UI (which users trust) and the site content (which users don't necessarily trust) and would therefore undermine the user's trust in the user-agent, with extremely severe consequences for Web security.
Given the feedback given by the group, this issue is closed.
Display change log