- From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
- Date: Fri, 13 Apr 2012 10:28:48 +0300
- To: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
- Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, <runnegar@isoc.org>, <public-privacy@w3.org>
I should add: Don't misunderstand me with my message here. I am not saying that the IAB has all the answers to your questions already and that there is no need for further work. I want to convey these two points: * Look at what is already out there: I can only talk about the IAB work since I had been involved in it. There are also two academic publication relevant for this entire exercise, namely (a) “Engineering Privacy” by Sarah Spiekermann, and Lorrie Cranor, and (b) “Engineering Privacy by Design” by Seda Guerses, Carmela Troncoso, and Claudia Diaz. In In http://www.tschofenig.priv.at/wp/?p=840 and in http://www.tschofenig.priv.at/wp/wp-content/uploads/2011/11/ietf-privacy-overview.pdf I explain briefly why their approach does not work in the IETF (nor in the W3C) context. I am happy to elaborate on that point in more detail. Some of you may have a different view. Privacy Impact Assessments are also relevant. Unfortunately, the PIAs I have seen focus on those who deploy rather than those who engineer the system. The same is true for the recently distributed Vodaphone/GSMA privacy guidelines. * If you focus only what a JavaScript API designer can do then the answer is unfortunately a bit sad: "very little" All the important design decisions have been made already with the entire Web framework. There are a couple of deployment considerations one could think about (basically the OECD principles) but that has little to do with the design of the API. In that case many of the PIAs out there actually may be the best tool you have. So, the scoping of the work is pretty essential. Anyway, I am looking forward to the discussion. Ciao Hannes On Apr 13, 2012, at 9:56 AM, Tschofenig, Hannes (NSN - FI/Espoo) wrote: > Hi Christine, > > I would suggest to share some experience of how the IAB had written their documents. They are fairly advanced already at this point and there may be some lessons that can be learned from the process. Of course the group may choose to make the experience themselves again in the style of "You can't put an old head on young shoulders". > > I reviewed Robin's draft, as you may have seen. I actually thought it was a joke. > > Ciao > Hannes > >> -----Original Message----- >> From: ext runnegar@isoc.org [mailto:runnegar@isoc.org] >> Sent: Friday, April 13, 2012 9:06 AM >> To: public-privacy@w3.org >> Subject: PING Kick-off call - Thursday 19 April - UTC 14 >> >> Dear all. >> >> Thank you for indicating your availability by completing the Doodle >> poll. The best time and date seems to be Thursday 19 April 2012 at UTC >> 14. If you are unable to join us, please feel free to circulate your >> ideas on this email list prior to the call. Minutes will also be >> available after the call. >> >> Links and instructions for the call will follow. >> >> Here is the draft agenda for the call. We welcome suggestions for >> additional items. >> >> DRAFT AGENDA - THURSDAY 19 APRIL 2012 - UTC 14 >> >> 1. Short introductions >> * from the chairs and the participants >> >> 2. Goals for the group >> * discuss the charter and how we might approach those goals >> >> 3. Particular documents/issues for review >> * Robin Berjon's draft on privacy in APIs >> * others? >> >> 4. Dependencies and Liaisons (W3C groups and external groups) >> * see Charter plus Technical Architecture Group (TAG) >> * Cryptography WG >> * others? >> >> 5. Next steps >> * Future calls >> * Tracker >> * Documents to draft? >> >> 6. AOB >> >> Christine and Tara >> >
Received on Friday, 13 April 2012 07:29:27 UTC