Members of the W3C Device APIs and Policy Working Group have published
a First Public Working Draft for "The Messaging API". The WG was
chartered to create client-side APIs that enable the development of Web
Applications and Web Widgets that interact with devices services such
as Calendar, Contacts, Camera... This document "represents the early
consensus of the group on the scope and features of the proposed
Messaging API; in particular, the group intends to work on messages
management (move, delete, copy, etc.) in a separate specification.
Issues and editors note in the document highlight some of the points
on which the group is still working and would particularly like to
receive feedback.

The Messaging API specification defines a high-level interface to
Messaging functionality, including SMS, MMS and Email. It includes
APIs to create, send and receive messages. The specification does not
replace RFCs for Mail or SMS URLs, but includes complementary
functionality to these.

Security: The API defined in this specification can be used to create
and subscribe for incoming messages through different technologies.
Sending messages usually have a cost associated to them, especially
SMSs and MMSs. Furthermore this cost may depend on the message attributes
(e.g. destination address) or external conditions (e.g. roaming status).
Apart from billing implications, there are also privacy considerations
due to the capability to access message contents. A conforming
implementation of this specification must provide a mechanism that
protects the user's privacy and this mechanism should ensure that no
message is sent or no subscription is establisehd without the user's
express permission.

A user agent must not send messages or subscribe for incoming ones
without the express permission of the user. A user agent must acquire
permission through a user interface, unless they have prearranged
trust relationships with users, as described below. The user interface
must include the URI of the document origin, as defined in HTML 5... A
user agent may have prearranged trust relationships that do not require
such user interfaces. For example, while a Web browser will present a
user interface when a Web site request an SMS subscription, a Widget
Runtime may have a prearranged, delegated security relationship with
the user and, as such, a suitable alternative security and privacy
mechanism with which to authorize that operation...." More Infor