W3C home > Mailing lists > Public > public-pling@w3.org > February 2009

Comments on Primelife requirements document

From: Giles Hogben <Giles.Hogben@enisa.europa.eu>
Date: Wed, 11 Feb 2009 15:56:23 +0200
Message-ID: <3FA6AD22F0D6E64B81E89647A2A1C0E1E60A03@dimitra.net1.enisa.europa.eu>
To: <public-pling@w3.org>
Hi All,
As discussed on the call, I am sending round my comments on the Primelife requirements doc:
http://www.primelife.eu/images/stories/deliverables/h5.1.1-policy_requirements-public.pdf

1. In general, document is excellent - since it does not fall into the trap of mixing up requirements and solutions.
2. Need for modularisation - a policy language which satisfies all those requirements is going to be too complex to use.
3. For Social Networks, suggest including sub-case of accessing statistics on who has browsed my profile. E.g. x spends 1/2 an hr looking at pictures of y's girlfriend on her SN profile - does y or the girlfriend get this information?
4. For Social Networks, include policies based on reputation - e.g. you can see field x of my profile if you have a certain reputation.
5. For Social Networks, consider including a requirement for security features of destination e.g. encrypted transfer of profile data with scheme x.
6. Anonymous credentials use-case is actually about a solution - suggest deriving the requirements related to anonymous credentials from the other use-cases.
7. Not sure what the relevance of section on corporate security policies. Is it related to Trust Policies? If so, this should be clarified...

Regards,

Giles 

Giles Hogben
Network Security Policy Expert
European Network & Information Security Agency ( ENISA ) 
Tel: +30 2810 391892 
Fax: +30 2810 39000


Received on Wednesday, 11 February 2009 13:57:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 11 February 2009 13:57:01 GMT