W3C home > Mailing lists > Public > public-device-apis@w3.org > July 2010

Comments on Privacy Rulesets from the DAP F2F

From: SULLIVAN, BRYAN L (ATTCINW) <BS3131@att.com>
Date: Fri, 16 Jul 2010 03:54:53 -0700
Message-ID: <8080D5B5C113E940BA8A461A91BFFFCD12D91F6C@BD01MSXMB015.US.Cingular.Net>
To: <public-device-apis@w3.org>
Here are the comments I made today during the discussion on privacy and
policy:

My assessment of the group sentiment: If DAP doesn't define a default
policy it will risk "breaking the web". But the definition of a
least-restrictive default that loosens protections too much will likely
raise objections. There is a tension between those two goals.

The technical question is secondary, e.g. needing to include the rules
as an HTTP header or use an intermediary negotiation protocol ala
Powerbox.

There is no consensus in DAP that giving the user detailed control over
privacy choices is a good thing, i.e. that it would be usable by users
or would not "break the web" (i.e. cause features to stop working
inadvertently and confusingly to the user, or diminish the effectiveness
of some services such as search engines).

While there is no clear intent (yet) to do so, we will have issues if
DAP takes the same approach with security, e.g. defines a set of
security policies that are intended to be implemented uniformly across
the world. 
-	In work outside W3C (e.g. BONDI) we specifically avoided
defining a specific policy set (but did specify a framework for policy
definition), since it was viewed as an unacceptable imposition on the
marketplace and would require customization anyway for different markets
and regulatory requirements.
-	It is certainly good to seek consensus on a recommended default
policy (or set of policies), but a normative requirement that they are
fixed and not customizable would not be acceptable to us.

Whether the fixed privacy ruleset approach itself is workable for the
network service provider community is TBD. Similar to security, there
may be a need to be more flexible to support market/regulatory
requirements.

Thanks, 
Bryan Sullivan | AT&T
Received on Friday, 16 July 2010 10:55:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:11 GMT