W3C home > Mailing lists > Public > public-p3p-spec@w3.org > November 2003

RE: [Minutes] 5 November call

From: <Patrick.Hung@csiro.au>
Date: Wed, 12 Nov 2003 05:33:41 +1100
Message-ID: <57C87AAEA6B0BC479B69F110575ECCCF26AF94@saab-bt.act.cmis.CSIRO.AU>
To: rigo@w3.org
Cc: public-p3p-spec@w3.org

Hi Rigo,

How are you doing? I am sorry to reply you late as I was ver
busy in the past two weeks.

I got a few comments from the talk I gave at the Hong Kong 
University of Science and Technology (HKUST) about P3P and P3P 
Beyond HTTP as follows:

(1) Referring to the "Privacy" tab in the "Internet Option" from
IE, it doesn't really tell much to a non-computer scientist. It 
seems that every IE user must understand P3P and APPEL in order to 
set their privacy preferences properly.

(2) Privacy is still a very tough problem in accessing Web pages 
(as what P3P is mainly targeting for), and it involves a lot of
non-technical issues such as management. How could we overcome 
the non-technical issues in the Web services scenario?

(3) There should have some learning technologies (such as the learning
technology for detecting SPAM e-mails) to set the privacy preferences
for a user.

(4) The relationships between security and privacy are still not 
very clear.

By the way, would you please tell me more about "the plans for a
workshop in WS-Privacy and Policy?"

Cheers,

Patrick.




 
-----Original Message-----
From: Rigo Wenning
To: public-p3p-spec
Sent: 6/11/2003 9:59
Subject: [Minutes] 5 November call


Present:
Dave Stampley
Brooks Dobbs
Jack Humphrey
Jeff Edelen
Rigo Wenning

1/ P3P beyond HTTP
Rigo gave brief update about the plans for a workshop in WS-Privacy and
Policy. He further reported on the coordination going on with the WSDL
working group. As Patrick Hung wasn't present, this was rather short.

2/ Discussion of P3P 1.0 element definitions and translations

discussed the final versions of court and law.
Dave agreed, so it is final now

We agreed on the disputes, so remedies are just a follow up. 
So the drafting should follow the same lines as the wordings on
disputes. 

We started to discuss the <remedies> element.

In the current shape, Dave argued that a service would have an
obligation of result, which he can't really promise as it might be
impossible in some cases. At the same time, as in disputes, there might
be other remedies that are not mentioned in the policy. We didn't want
to exclude them neither lead people to believe that the remedies
mentioned in this section are the only ones applicable to the dispute.

Suggestion from Dave:
The service-provider offers or acknowledges that the following remedies
may apply to the identified dispute-resolution procedures.

If there is no objection until next call, we take this as final.

talking about <correct/>
The discussion turned around the fact, that this is an obligation of
means. There were concerns to say procedure implemented as SME's would
have too large a burden to implemnent that. On the other hand, as we
removed the obligation of result, we were concerned that it wouldn't be
strong enough anymore. So we added policy, which means, that there has
to be at least some guy responding and some thinking before using that
element.

Suggestion: 
The service-provider has implemented a policy to rectify errors or
consequences for disputes arising in connection with the privacy
statement.

Agreement on this phrase.
If there is no objection until next call, we take this as final.

<money element>
We discussed, that compensation is not always money. It might also be a
free subscription etc. We wanted to align with <correct>

Suggestion:
The service-provider has implemented a compensation policy for disputes
arising in connection with the privacy statement.

We discussed the fact, that compensation doesn't mean necessarily to
also correct the errors involved with a dispute or violation of the
policy. In order to express that errors will also be corrected, 
<money> and <correct> would have to be present in the policy. We felt, 
that we should add some explanation to the specification. 

Agreement on this phrase.
If there is no objection until next call, we take this as final.

<law> element
Suggestion: 
Remedies for disputes arising in connection with the Privacy Statement
may be specified by the law referenced in the human readable description

Agreement on this phrase.
If there is no objection until next call, we take this as final.

ACTION Rigo clean up http://www.w3.org/P3P/2003/p3p-translation.htm

We had no time left to discuss the domain relations proposal and will
continue to discuss this over the mailing-list. Jack already responded.
Everybody else is also invited to give his comments.

The date of the next meeting will be discussed over the mailing-list.

Scribe=Rigo
Received on Tuesday, 11 November 2003 13:33:45 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:28 EST