To:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
cc:
"'Eric Brunner-Williams in Portland Maine'" <brunner@nic-naa.net>, "'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>, brunner@nic-naa.net
From:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date:
Mon, 09 Apr 2001 14:51:51 -0400
In-Reply-To:
Your message of "Mon, 09 Apr 2001 13:47:05 EDT." <DF737E620579D411A8E400D0B77E671D750905@regdom-ex01.prod.netsol.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: Registrant Access (Data Protection/Privacy)
Scott, That's a good question, which is why I snuck "non persistent" into the text, just to get a bite ;-) I've mentioned off-list that one way to view access is cache validation, as the data (t && s) is persistent at its ultimate sink(s) (thin && thick), but is transient at intermediate points (if any) in the provisioning chain. To address this we need to either, as P3P does, to impute temporal properties with a PURPOSE element, or as P3P also does, associate vague temporal properties to RETENTION element, which we need anyway, or as P3P also does, create an element which contains specific (ISO 8601) temporal properties, which we also need anyway ;-) I'm a fan of good temporal identifiers, so I propose the later. In my opening and motivating para I managed to miss Paul Kane's cite: > For registries based in Europe, EU directive 95/46/EC, says "data subjects > (registrants) must have the ability to inspect and modify information > (including its deletion) directly with the Data User" (registry).... I also managed to miss the chance to reply to co-Chair Jaap and Bart Boswinkel's reading of both Directive 95/46 [1], and agree that 95/46 does not require the right of access be read as extending the scope of the protocol to registrants, (see (42) and (43) of the preamble, and Art 10., which establishes a right of access and a right to rectify, not a specific mechanism to accomplish either). References: [1] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data http://europa.eu.int/eur-lex/en/lif/dat/1995/en_395L0046.html Eric