Privacy/Reviews/GeolocationAPI: Difference between revisions

Jump to navigation Jump to search

Privacy/Reviews/GeolocationAPI (view source)

Revision as of 16:25, 27 April 2012

1,520 bytes added ,  27 April 2012
→‎Components
Line 44: Line 44:
'''NOTE: All Location data mentioned in this section may pertain to the user's location data (retrieved by another function), or to any arbitrary location data'''
'''NOTE: All Location data mentioned in this section may pertain to the user's location data (retrieved by another function), or to any arbitrary location data'''


'''Page Holding Location Request'''
===Page Holding Location Request===
* Page requests to convert a location to a civic address
A web page requests help from our API to convert a location to a civic addressThis request is sent to our Geolocation API, which brokers communication with a third party geocoder and then returns the resulting civic address to this page.
* This request is sent to our Geolocation API


*Stored Data: None.
'''Stored Data:'''
**Data In: location data, callback functions
None relevant.


'''Communication with Geolocation API:'''


{| class="wikitable"
|-
! Direction
! Message
! Data
! Notes
|-
| ''In:''
| (callback function name)
| Location Data
|
|-
| ''Out:''
| (request for location -- function name)
| types of data sent to Geolocation API with the message
|
|}


'''Mozilla Geolocation API'''
* Our API handles the request by asking the user for permission to use geolocation
** Not sure if we should be asking for permission if website is not requesting the user's location (ie. just converting an arbitrary location into a civic address)
* If permission is given,
** This request is processed, and the location's lat/long is then sent to the platform's reverse geocoding API (if available)
* If not,
** The request is not performed, and the interaction stops here


*Stored Data: location data
**Data In: location data, callback functions
**Data Out: lat/long from location data




===Mozilla Geolocation API===
This is a browser component in privileged code that brokers communication between the page requesting the location information and the third party location services. This component begins to handle the request by asking the user for permission to use geolocation.


'''Platform Reverse Geocoding API (3rd-Party)'''
* Not sure if we should be asking for permission if website is not requesting the user's location (ie. just converting an arbitrary location into a civic address)
* The 3rd party reverse geocoding API would then reverse geocode this lat/long into a civic address and pass it back to our API
** 3rd party API should be from a trusted source to ensure that IF we are actually using the user's location data, then it is not compromised


*Stored Data: possibly lat/long of the location data
''Sid: Yes, we should ask if the user has not beem prompted for that site.  Do we allow third party content (iframes on the page, for instance) to invoke this API?''
**Data In: lat/long of location data
**Data Out: civic address of location


''TODO: verify that we ask permission if the user has not currently authorized other geolocation activity on the page.'''


If permission is given, this request is processed, and the location's lat/long is then sent to the platform's reverse geocoding API (if available).  If not, the request is not performed, and the interaction stops here.


'''Mozilla Geolocation API'''
'''Stored Data:'''  
* We then recieve the civic address back from the platform API, the address is then passed back to the page holding the request from a success callback


*Stored Data: reverse geocoded address of the location's lat/long data given to the platform reverse geocoding API
{| class="wikitable"
**Data In: civic address of location
|-
**Data Out: civic address of location
! What
! Where
|-
| location data  
| (where stored)
|-
| civic addresses
| (where stored)
|}


''TODO: describe "location data" more technically" and identify where the data is stored for entries in the above table.'''


''Note:'' The civic addresses stored in this component are those retrieved from the third party geocoding API.  The location data stored in this component are provided by the page holding location request and may or may not have been obtained through the other geolocation API.


* Page Holding Location Request
'''Communication with page requesting location data:'''
** The page then does whatever it intended to do with the address


*Stored Data: the same reverse geocoded address of the location's lat/long data
(See "Page Holding Location Request" component for communications with that component.)
**Data In: civic address of location
 
'''Communication with 3rd Party Geocoding API:'''
 
{| class="wikitable"
|-
! Direction
! Message
! Data  
! Notes
|-
| ''In:''
| apiEndpoint return
| specific types of data received from Geocoding API with this API call
|
|-
| ''Out:''
| apiEndpointCall
| specific types of data sent to Geocoding API with this API call
|
|}
 
''TODO: document the API here -- what are the third party request API call names?  What data (specifically) do we send them and what do they return?'''
 
 
===Platform Reverse Geocoding API (3rd-Party)===
On request, the 3rd party reverse geocoding API reverse geocodes lat/long into a civic address and passes it back to the Mozilla Geolocation API.
 
''NOTE:'' 3rd party API should be from a trusted source to ensure that IF we are actually using the user's location data, then it is not compromised
 
'''Stored Data:'''
Unknown -- this third party is out of Mozilla's control.  Potentially they could store any data we send them via the Mozilla Geolocation API.
 
'''Communication with Mozilla Geolocation API:'''
 
(See "Mozilla Geolocation API" component for communications with this component.)


= User Data Risk Minimization =
= User Data Risk Minimization =
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/425050"

Navigation menu