W3C home > Mailing lists > Public > public-p3p-spec@w3.org > August 2003

P3P Beyond HTTP Task Force Report

From: <Patrick.Hung@csiro.au>
Date: Wed, 6 Aug 2003 13:35:52 +1000
Message-ID: <754324CDE8E4EE4498D8E0357D91368501601522@saab-bt.act.cmis.CSIRO.AU>
To: elisa@ieee-isto.org
Cc: public-p3p-spec@w3.org, lena.kannappan@rd.francetelecom.com

Dear Elisa,

Joseph and I have created a P3P Beyond HTTP Task Force Report that
may cover some of the privacy issues in Web services the Liberty
Alliance is interested in:

http://www.w3.org/P3P/2003/p3p-beyond-http/Overview.html

In fact, I am studying the Liberty Alliance specifications and try to
figure out the common areas.

Many thanks and I am looking forward to hearing from you soon.

Patrick.

-----Original Message-----
From: Joseph Reagle [mailto:reagle@w3.org]
Sent: Friday, 9 May 2003 5:57 AM
To: Elisa Korentayer
Cc: public-p3p-spec@w3.org
Subject: Re: Liberty-P3P Interaction



On Wednesday 30 April 2003 12:07, Elisa Korentayer wrote:
> The Liberty subteam that has been charged with drafting the Privacy
> Preferences Expression Languages White Paper is very interested in
> continuing the discussion and cooperation started with P3P at the Boston
> meeting in March.

Elisa, thank you for the pointers. I've reviewed the documents and besides 
the editorial comment below don't have many substantive comments. It's 
quite a lot material to get my mind around. I don't trust I understand it 
all quite yet, but after my efforts I was left with the following two 
impressions:
1. When it comes to making a declaration in the context of federated 
identity services, a possible challenge is specifying the scope of the 
soliciting service and the subsequent recipients? For example, should an 
identity service represent the policy from itself, rather narrowly, with a 
wider recipient, or define "itself" as the set of all affiliates it might 
share the information with, with no other recipients?
2. Where is the p3p hook? I note that the SOAP binding has a consent header 
block, how does that relate to a privacy declaration? I unfortunately 
remember little of the "five level policy approach", have you published 
anything with respect to that yet?

The editorial nit was in the Architecture Overview, it uses the term 
"introduce" and "federate" (i.e., "You may Federate your Airline Inc. 
identity with any others...") without first defining it. Unfortunately, the 
documents aren't hypertext (so I can't easily follow a link to their 
normative definitions) but it seems the glossary gives a definition for 
federate (i.e. bind), but not introduce. I'm sure the Overview states their 
meanings, but perhaps doing so more explicitly would help it sink in. 
<smile/>

> In terms of scheduling, we would like to get a sense from you as to
> whether P3P, or the P3P members engaged in this project, would be
> interested in having a phone conversation at the end of May to speak more
> on these issues.  

I'll defer this question to the P3P group for discussion.

> And, on a larger scale, we would like to get a sense of
> P3P's interest level, and timeline, for working on a White Paper for the
> use of P3P in the Liberty context.

On that note, I'm working in a task force to hopefully address some 
questions of how to bind SOAP or WSDL with a P3P statement. Once it is in 
decent form it might be relevant to the questions you have and I would also 
be willing to review/comment upon the White Paper.
Received on Tuesday, 5 August 2003 23:36:02 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:27 EST