[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
cc: "Hollenbeck, Scott" <shollenbeck@verisign.com>, "'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>, brunner@nic-naa.net
From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date: Tue, 22 Oct 2002 09:50:57 -0400
Content-ID: <10235.1035294657.1@nic-naa.net>
In-Reply-To: Your message of "Tue, 22 Oct 2002 14:09:22 +0200." <20021022120922.GB5837@nic.fr>
Sender: owner-ietf-provreg@cafax.se
Subject: Re: "private" Element Attribute

Stepane,

No "ultra-simple" proposals. I agree.

Example, personally identifying information (PII) disclosure

	a) via whois:43 (or other forms of whois-like services)
	   to j-random query engines
vs
	b) via bulk transfer
	   to corporate members of the "other" IAB
	   (Internet Advertizing Bureau)

The user acceptance is based upon probability (assumed low so an
"acceptable risk") vs certainty. In the whois:43 list there was
evidence that the probability of PII harvesting from whois:43 is
high.

> I suggest instead to rely on a function of EPP: the fact that you can
> include XML elements which are not in the official schema.

Please see the discussion of the data collection policy <dcp> element,
in the -07 draft. This stuff got formalized for us around the London
meeting.

Unless the APPEL draft has changed significantly (and I'll check, I've
got some P3P Spec WG due diligence to do anyway), APPEL remains a
mechanism for user agents like IE6 or Mozilla to attempt to acquire a
P3P policy from some P3P policy author. It isn't a mechanism to assert
some access/retention/distribution/... policy upon a data flow from a
UA.

> That way, we would build on an existing and documented and recognized
> and quite comprehensive framework (managing its privacy preferences is
> complicated enough that we do not introduce a new framework).

Hmm. I don't want to make the same (IMO) error of judgement that has lead
to people thinking someone has the only comprehensive framework for FOO,
e.g., the Unicoders and character sets. That said, covering the three basic
forms of policy (EU Directives, OEDC Guidelines, and US FTC) took the P3P
activity some time. We have an additional issue, jurisdictionalization,
which shows up in the ICANN gTLD vs IANA ccTLD policy claims at the protocol
level, and possibly elsewhere, e.g., in delegations below the top level.

We have some of P3P's vocabulary. What are we missing, and speaking to the
point made by Randy, what do we need to do to get element-wise properties?

I have to write something sensible for the p3p workshop this week, so if
anyone has any ideas they'd like me to noodle about, drop me a line. Here
what the Chair sent yesterday:

	I hope all of you have seen the information about the
	upcoming workshop on the future of P3P. If not, please
	take a look at http://www.w3.org/2002/p3p-ws/
	
	I hope that a number of you will participate. Officially
	the deadline has passed, but we do have room for
	more participants, so please let me know ASAP if you
	want to participate. This workshop will help W3C
	decide what sort of P3P-related efforts to continue
	in the future, so it is important that we get input from
	a diverse set of people. We expect the workshop to
	be more discussion than presentation, so participation
	from people in this working group who are familiar with
	what is in the current spec will be very helpful.

Kitakitamatsinopowaw, (see you all again)
Eric

Home | Date list | Subject list