W3C home > Mailing lists > Public > public-p3p-spec@w3.org > November 2003

Re: [Minutes] 5 November call

From: Rigo Wenning <rigo@w3.org>
Date: Sun, 16 Nov 2003 02:28:17 +0100
To: Patrick.Hung@csiro.au
Cc: public-p3p-spec@w3.org
Message-ID: <20031116012817.GC984@rigo.w3.org>

On Wed, Nov 12, 2003 at 05:33:41AM +1100, Patrick.Hung@csiro.au wrote:
> I got a few comments from the talk I gave at the Hong Kong 
> University of Science and Technology (HKUST) about P3P and P3P 
> Beyond HTTP as follows:
> 
> (1) Referring to the "Privacy" tab in the "Internet Option" from
> IE, it doesn't really tell much to a non-computer scientist. It 
> seems that every IE user must understand P3P and APPEL in order to 
> set their privacy preferences properly.

We can't help here, as this is Microsoft specific. This is the user
interface issue we want to solve with the user-agent guidelines. But we
can't help with IE specifics and the specification doesn't mandate to
many things in the user interface. (which is good to allow competition)
> 
> (2) Privacy is still a very tough problem in accessing Web pages 
> (as what P3P is mainly targeting for), and it involves a lot of
> non-technical issues such as management. How could we overcome 
> the non-technical issues in the Web services scenario?

The issue here is the diversity that is enabled by web services. The
privacy issues simply depend on the current service, the data that it
needs and the way it handles that data. In general, non-technical stuff
is governed by sector-specific industry best practices or laws. But we
should be able to help them express it in P3P and show the power of
transparency here.

> 
> (3) There should have some learning technologies (such as the learning
> technology for detecting SPAM e-mails) to set the privacy preferences
> for a user.

IMHO, the creation of preferences is more a process than a static thing.
For the time being, implementers preferred to have static preferences
for the sake of simplicity and ease of implementation. Also, it is not
easy to write things back to an apple file. Giles already had some
remarks on this and suggested to use xpath instead. We haven't even
attacked this issue so far.

> 
> (4) The relationships between security and privacy are still not 
> very clear.

Security obligations were always a part of the computer-privacy world.
Personal data is sensitive data and should be secured. JRC and Giles
suggested to have a security-metadata system to be able to express the
security features of a service in order to make privacy decisions. But
there was not much interest in such an ontology.

> 
> By the way, would you please tell me more about "the plans for a
> workshop in WS-Privacy and Policy?"

At the moment, this is stalled. I can't tell you more for the
moment. 

Best, 

Rigo
Received on Saturday, 15 November 2003 20:28:50 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:28 EST