To:
"'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>
From:
Daniel Manley <dmanley@tucows.com>
Date:
Mon, 30 Jul 2001 12:47:48 -0400
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mozilla/5.0 (X11; U; Linux 2.2.14-6.1.1 i686; en-US; rv:0.9.1) Gecko/20010607
Subject:
Re: Data Collection Requirements
Just to give this topic a bit of a kick start before IETF 51... I personally agree with Scott's suggested updates to the requirement: A generic protocol MUST provide services to identify social data use preferences. In terms of web sites, because of the wide array of web services and data requirements, P3P and the opposite requirement wording are more appropriate. But with registries and the limited social data, EPP could define a configurable set of policies. Each registry could set defaults or unchangeable settings based on contract agreements. Registrars would be told of the settings (via contracts and published policies of the regsitry) and could attempt to set global preferences on login (maybe with the login command or a separate command). For the sake of completeness, there could be a preference:info command. Each contact would also have privacy preferences attached because each registrant might have different privacy needs (either via personal comfort level or geographical region, etc...). I just don't think that social data privacy with EPP registries should be a big black cloud that P3P could make it. There's limited data and controlled audiences (registry/registrars) involved so the policies surround that should be simple. Dan