- From: <Patrick.Hung@csiro.au>
- Date: Thu, 10 Jul 2003 00:39:28 +1000
- To: reagle@w3.org, public-p3p-spec@w3.org
Hi Joseph,
I came back to office...
Beside I talked about Web services security, I also mentioned the research
issues of Web services + privacy policies at two conferences, France Telecom
R&D Labs and HP Research Labs on the West Coast last week. Of course, I
tried
to promote the P3P Beyond HTTP Task Force to the audiences. You can check my
presentation slides at:
http://www.cmis.csiro.au/Patrick.Hung/documents/W3C-Privacy.pdf
Overall, most of the audiences are interested in this new research topic but
most of them do not have any concrete idea about privacy policies. Quite a
number of them have been heard about P3P. In particular, some "liberty
alliance
(http://www.projectliberty.org)" people are very interested in what we are
doing because they are also looking into the same problem from different
aspects. I have invited them to check the work at P3P Working Group.
I checked the latest version of the P3P Beyond HTTP Task Force draft report.
Here are some of my comments:
(1) Referring to "The P3P Policy Reference (p3p.xml) specifies the URLs for
which the policy applies:"
<META xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY-REFERENCES>
<POLICY-REF about="/w3c/policy-register.xml">
^^^^^ ^^^
Why not use "rel='P3Pv1' href='/P3P/policy-register.xml'" ?
<INCLUDE>/register</INCLUDE>
</POLICY-REF>
</POLICY-REFERENCES>
</META>
(2) You repeat this paragraph in two different places"
"The adopting application should make the interaction with respect to these
information flows as simple as possible to the user:
Where information flows to multiple recipients applications via node-to-node
exchanges, applications SHOULD present a single interface to the user and
aggregate recipient policies if possible or otherwise disclose their
policies with p3p:recipient.
Where the information flows in an end-to-end relationship through various
intermediaries with inoffensive policies and the user has a relation with
that single end point, applications CAN also present the policies of the
final recipient with themselves as transparent intermediaries. (See
Intermediaries below.) "
(3) Referring to "The following is an WSDL service description
(wsdl-eg.xml):"
<soap:operation
soapAction='http://registry.example.com/RegisterDomainName'/>
^^^^^^
'http://registry.example.com/RegisterService/RegisterDomainName'
So far, I think the most important task is to get some feedbacks/comments
from the public. I am trying
to invite those liberty alliance to give us some comments and etc.
Cheers,
Patrick.
-----Original Message-----
From: Joseph Reagle [mailto:reagle@w3.org]
Sent: Wednesday, 9 July 2003 7:33 AM
To: Lorrie Cranor; public-p3p-spec@w3.org
Subject: Regrets and Update (Was: AGENDA: P3P spec call July 9)
On Thursday 03 July 2003 15:49, Lorrie Cranor wrote:
> AGENDA
>
> 1. Task force reports
> - P3P beyond HTTP - Joseph Reagle
Regrets, I have another teleconf at that time. But I just published a new
version of the report:
http://www.w3.org/P3P/2003/p3p-beyond-http/
$Revision: 1.26 $ on $Date: 2003/07/08 21:23:04 $ GMT
"wsdl example and extension now work in XSV thanks to PLH,
many URIs corrected to disambiguate between URIs of the registrar
and registry, and many other fixes"
I have not -- yet -- received the review nor comments that I expected from
this group. (When Patrick is back, it would also probably be worthwhile to
consider what will happen to this document when I'm no longer available to
work on it after July -- and I'm also taking lots of Holiday this month so
time is shortening...)
Received on Wednesday, 9 July 2003 10:39:33 UTC