W3C home > Mailing lists > Public > public-pling@w3.org > August 2010

Re: PLING - Call to Action....

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Tue, 17 Aug 2010 13:03:04 +0100
Message-ID: <4C6A7A78.6090903@kent.ac.uk>
To: jeanpierre.lerouzic@orange-ftgroup.com
CC: renato@iannella.it, public-pling@w3.org
Hi Jean Pierre

Audit is clearly desirable, but the auditor has to audit against 
something. The user's privacy preferences (or rule set) would be 
something for the auditor to audit against, so in that context, they 
make sense.

regards

David


jeanpierre.lerouzic@orange-ftgroup.com wrote:
> Hi all,
>  
> Isn't the privacy ruleset approach similar to a weak audit approach? I 
> mean it's not so useful to specify some future behaviour of a service 
> provider if one is not sure she is confronted to a real threat or not.
> The ruleset approach works well with the nice guys, who probably will 
> behave nicely anyway. The bad guys will laugh at the privacy ruleset.
> Another thing about auditability is that it involve some notarial 
> recording, here with the "privacy ruleset" there is no record about what 
> the user specified, so no legal enforcement could be achieved: The 
> user terms about her interaction with the service provider will be lost 
> as nobody record it!
> This audit approach is not the same as a policy approach which enforce 
> in real time.
>  
> Let me know your opinion,
>  
> Jean-Pierre
> 
> ------------------------------------------------------------------------
> *De :* public-pling-request@w3.org [mailto:public-pling-request@w3.org] 
> *De la part de* Renato Iannella
> *Envoyé :* mardi 17 août 2010 02:19
> *À :* pling
> *Objet :* PLING - Call to Action....
> 
> Dear PLINGers...
> 
> You maybe interested in the outcomes of the recent W3C Workshop on 
> Privacy for Advanced Web APIs - the report [1] states "the W3C staff 
> plans to propose a charter for a Privacy Interest Group... Such an 
> Interest Group could also provide a focal point for privacy-related 
> coordination with other interested standard development organizations".
> 
> One of the other interesting activities of the W3C Device APIs and 
> Policy WG - reported from the Workshop -was the development of the 
> "Privacy Rulesets" [2] - a way to describe user privacy preferences.
> 
> Clearly, these impact on the future of PLING and our role in W3C.
> 
> We should discuss this at the next teleconference (at least) and online 
> now...
> 
> Cheers
> 
> Renato Iannella
> http://renato.iannella.it
> 
> [1] http://www.w3.org/2010/api-privacy-ws/report
> [2] http://dev.w3.org/2009/dap/privacy-rulesets/

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************
Received on Tuesday, 17 August 2010 13:45:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 August 2010 13:45:51 GMT