W3C home > Mailing lists > Public > public-p3p-spec@w3.org > July 2003

RE: Regrets and Update (Was: AGENDA: P3P spec call July 9)

From: <Patrick.Hung@csiro.au>
Date: Thu, 10 Jul 2003 00:39:28 +1000
Message-ID: <754324CDE8E4EE4498D8E0357D91368501601381@saab-bt.act.cmis.CSIRO.AU>
To: reagle@w3.org, public-p3p-spec@w3.org

Hi Joseph,

I came back to office...

Beside I talked about Web services security, I also mentioned the research 
issues of Web services + privacy policies at two conferences, France Telecom

R&D Labs and HP Research Labs on the West Coast last week. Of course, I
to promote the P3P Beyond HTTP Task Force to the audiences. You can check my

presentation slides at:
Overall, most of the audiences are interested in this new research topic but
most of them do not have any concrete idea about privacy policies. Quite a
number of them have been heard about P3P. In particular, some "liberty
(http://www.projectliberty.org)" people are very interested in what we are
doing because they are also looking into the same problem from different
aspects. I have invited them to check the work at P3P Working Group.

I checked the latest version of the P3P Beyond HTTP Task Force draft report.
Here are some of my comments:
(1) Referring to "The P3P Policy Reference (p3p.xml) specifies the URLs for
which the policy applies:"

<META xmlns="http://www.w3.org/2002/01/P3Pv1">
    <POLICY-REF about="/w3c/policy-register.xml">
                ^^^^^   ^^^
                Why not use "rel='P3Pv1' href='/P3P/policy-register.xml'" ?

(2) You repeat this paragraph in two different places"

"The adopting application should make the interaction with respect to these
information flows as simple as possible to the user:

Where information flows to multiple recipients applications via node-to-node
exchanges, applications SHOULD present a single interface to the user and
aggregate recipient policies if possible or otherwise disclose their
policies with p3p:recipient. 
Where the information flows in an end-to-end relationship through various
intermediaries with inoffensive policies and the user has a relation with
that single end point, applications CAN also present the policies of the
final recipient with themselves as transparent intermediaries. (See
Intermediaries below.) "

(3) Referring to "The following is an WSDL service description


So far, I think the most important task is to get some feedbacks/comments
from the public. I am trying
to invite those liberty alliance to give us some comments and etc.



-----Original Message-----
From: Joseph Reagle [mailto:reagle@w3.org]
Sent: Wednesday, 9 July 2003 7:33 AM
To: Lorrie Cranor; public-p3p-spec@w3.org
Subject: Regrets and Update (Was: AGENDA: P3P spec call July 9)

On Thursday 03 July 2003 15:49, Lorrie Cranor wrote:
> 1. Task force reports
>     - P3P beyond HTTP - Joseph Reagle

Regrets, I have another teleconf at that time. But I just published a new 
version of the report:
  $Revision: 1.26 $ on $Date: 2003/07/08 21:23:04 $ GMT
  "wsdl example and extension now work in XSV thanks to PLH, 
  many URIs corrected to disambiguate between URIs of the registrar 
  and registry, and many other fixes"

I have not -- yet -- received the review nor comments that I expected from 
this group. (When Patrick is back, it would also probably be worthwhile to 
consider what will happen to this document when I'm no longer available to 
work on it after July -- and I'm also taking lots of Holiday this month so 
time is shortening...)
Received on Wednesday, 9 July 2003 10:39:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:02:17 UTC