To:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
cc:
"'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>, brunner@nic-naa.net
From:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date:
Thu, 05 Jul 2001 19:14:07 -0400
In-Reply-To:
Your message of "Thu, 05 Jul 2001 08:42:22 EDT." <3CD14E451751BD42BA48AAA50B07BAD60B8360@vsvapostal3.prod.netsol.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: Data Collection Requirements
Scott, The current requirement in 8.4 [1] is: A generic protocol MUST provide services to identify data collection policies. There is a MUST (manditory to implement) and a how "identify" (annouunce, communicate, convay, ... and a what "policies". The proposed change is: A generic protocol MUST provide services to identify social data use preferences. There is a MUST (manditory to implement) and a how "identify" (annouunce, communicate, convay, ... and a what "preferences", with a qualification that the only data subject to this M2I requirement is "social". Comment. The issue was not identified in the IESG comments of 2 July (via Patrik). Discussion I (scope: data vs social data) "Social data" is defined [1], and [2] in the context of "thick" and "thin models of dns name registries. A two-valued taxonomy of data transit and repository models is not "generic", merely familiar. In the existing context of [1], if the mechanism is sufficient to identify the policies (note: not preferences) under which social data was collected, and the policies for technical data are no more difficult to specify and implement interoperably than those for social data, no apparent necessity exists for declining to provide a mechanism to policy technical data. Example technical data specific use case: provision object type == dns name, value == bar, in any registry of type dns name, except those not blackholing spammers, or unsigned, or ending in a stoplist (e.g., repurposed ccTLDs such as ".tv", ".bz" or ".md") People can substitute their own zone file specific properties for the two I picked out of my hat. Given the possibility of technical data specific data collection policy, the necessity for precluding it in a generic protocol is missing. Discussion II (substance: registry vs unknown actor) Section 7.5 Extensibility [3] reads: The protocol MUST provide an optional field within all commands whose format and use will be controlled by individual registry policy. The original is consistent with this. The proposed change is not. Registries are not, under draft-ietf-provreg-grrp-reqs-02.txt, obliged to service those registration requests which are inconsistent with Registry policy, other than to generate some form of error response. Whatever "preferences" are, they are not policies of the registry, and to sensibly harmonize 7.5 [3] with something that isn't a registry policy, a change to 7.5 [3] is required, or an additional Extensibility subsection added which expresses a M2I requirement for all commands whose format and use will be controlled by the preference and its originator (thing and actor still TBD). People can insert their own idea of who might be have a preference, it is simply necessary that whoever that actor is, it is _incapable_ of binding the registry to service its request. It isn't the registry, and it isn't any originating or transit data collector, each of whom is likewise not obliged to service those registration (transit) requests inconsistent with their own respective policies, and incidently, fall outside the scope of draft-ietf-provreg-grrp-reqs-02.txt. Discussion II (substance: policy vs preference) Contained in the next section. Sorry, I didn't write this top-to-bottom. Discussion III (response to motivating comments) Scott states two questions (which I've modified slightly to make them symmetric): 1. is our need to provide a way for a contact to describe the data it originates and what use of the data it authorizes 2. is our need to provide a way for a registry to describe the data it collects and what use of the data it authorizes Scott suggests we need to solve the former, and not the latter. I differ. In the P3P model, the problem of expressing user preferences, at least in a form more general than in a single browser, is via APPEL, a language for preferences. In the P3P model, the problem of expressing site data collection practices, at least in a form more general than in a single web site, is via P3P, a language for expressing data collection practices. The first question involves a party other than a registry and a registrar (and a resellers), to wit, a registrant. Therefore it is out of scope for this requirements draft, and for the associated protocol(s). The second question (as posed by Scott, and here extended by myself from "a registry" to "an entity engaged in onward transfer of registrant data, and a registry") involves only parties in the reseller/registry/registrar set of entities. This is within the scope for this requirements draft, as well as the associated protocol(s). Scott's reading of the requirement I wrote is correct: > As I read this requirement, it refers to a registry's data collection > policies. This is consistent with the way P3P is described by the W3C ("The > Platform for Privacy Preferences Project (P3P) enables Web sites to express > their privacy practices in a standard format that can be retrieved > automatically and interpreted easily by user agents." [P3P]). We are not however, as Scott continues, applying P3P by substitution, and attempting to figure out what the Generic Registry Registrar Protocol requirements would look like if it were a Generic HTTP Protocol requirement. Rather, we are applying a model of data collection policy announcement to each of the entities (thick or thin models) involved in onward transfer of data, which are within the scope of the grrp draft. A P3P derived vocabulary happens to be the best available tool at the moment that is consistent with XML as the specification language [4]. This approach was also used in CPExchange version 1.0 [3]. A distinct, and previously mentioned issue is whether there actually is any requirement for in-band data collection policy announcement. One line of thought is that privacy has no place in the name (or address) space. Another is that off-line contract is a sufficient mechanism to enable policy. I'm sure there are others in addition to these to, and Scott only mentioned the second of these. However, where interoperable standard mechanism is absent, there is no possibility of interoperable standard policy. If we don't do the first, we can't do the second. Maybe the American Bar Association can, or ICANN, but the IETF simply cannot. Additionally, contract doesn't scale, and there may be more than seven name registries and seventy name registrars in the requirements space -- I think there is. An even longer-winded explanation, neh? Let's have a discussion of data collection policies and discuss P3P and how to specify reseller/registrar/registry data collection policies on the agenda for London. Eric References: [1] draft-ietf-provreg-dn-defn-01.txt, Rader, at lines 167 and 177. [2] draft-ietf-provreg-grrp-reqs-02.txt, Hollenbeck, at lines 202 and 206, section 1.1 Definitions, Acronyms, and Abbreviations, and first used in 3.4.2 Object Registration, lines 482, and subsequently. and subsequently [3] http://www.cpexchange.org/standard/cpexchangev1_0F.zip [4] draft-ietf-provreg-epp-04.txt, at line 38. [P3P] http://www.w3.org/TR/P3P/#Introduction