To:
shollenbeck@verisign.com
cc:
ietf-provreg@cafax.se
From:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date:
Thu, 15 Feb 2001 19:50:38 -0500
Sender:
owner-ietf-provreg@cafax.se
Subject:
grrp-reqs-06, 11. Security Considerations [3]
Scott, Elsewhere we've established the division between technical and social information (zone files vs billing files). We can be specific about the minimum necessary data collection and onward-transport policies for technical data. We can be specific about the minimum necessary data collection and onward-transport policies for social data, What your [3] manages is simply to assert a mechanism exists to to distinguish technical from social information. I propose that [3] be removed from Section 11, and a section added with the requirements statements attempted in [3] revised and placed in this new section. 1x. Data Collection Considerations [1] The protocol MUST allow each data transfer to include aggregations of information identifying the parties exchanging data, information about the jurisdiction of each party, and the data collection policies applicable to different pieces of data in the exchange. [2] The protocol MUST allow aggregations of specific policy characteristics that describe how data can be used, how long data can be retained, who may be a recipient of the data, and the data access available to the data's originator. This will allow a "record route" like feature for onward transport after initial information collection, "signed" jurisdictionally and for business practices for technical and social information [1], and This will allow object-specific expression of applicable data collection policies (purpose/recipient/retention/access) [2]. Cheers, Eric