Re: PING Kick-off call - Thursday 19 April - UTC 14 from runnegar@isoc.org on 2012-04-13 (public-privacy@w3.org from April to June 2012)

From: <runnegar@isoc.org>
Date: Fri, 13 Apr 2012 10:16:45 +0200 (CEST)
To: "Hannes Tschofenig" <hannes.tschofenig@gmx.net>
Cc: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>, "Hannes Tschofenig" <hannes.tschofenig@gmx.net>, public-privacy@w3.org
Message-ID: <1334305005.573411786@apps.rackspace.com>
Thanks for these pointers Hannes. If anyone else has pointers to relevant work (completed or ongoing), please circulate them on the list.

Thank you also for mentioning the IAB Privacy Program. This is specifically called out in the PING Charter under Dependencies and Liaisons. I think it would be very useful for PING to look at the work the IAB Privacy Program has been undertaking to develop privacy considerations and terminology, and once PING is fully up and running, to maintain a regular dialogue between the two groups. Anyway, we can discuss this further at the kick-off call.

BTW - These are the two documents under development there:
http://tools.ietf.org/html/draft-iab-privacy-considerations-02
http://tools.ietf.org/html/draft-iab-privacy-terminology-01

Christine

-----Original Message-----
From: "Hannes Tschofenig" <hannes.tschofenig@gmx.net>
Sent: Friday, 13 April, 2012 9:28am
To: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
Cc: "Hannes Tschofenig" <hannes.tschofenig@gmx.net>, runnegar@isoc.org, public-privacy@w3.org
Subject: Re: PING Kick-off call - Thursday 19 April - UTC 14

I should add: Don't misunderstand me with my message here. I am not saying that the IAB has all the answers to your questions already and that there is no need for further work. 

I want to convey these two points:

 * Look at what is already out there: I can only talk about the IAB work since I had been involved in it. There are also two academic publication relevant for this entire exercise, namely (a) “Engineering Privacy” by Sarah Spiekermann, and Lorrie Cranor, and (b) “Engineering Privacy by Design” by Seda Guerses, Carmela Troncoso, and Claudia Diaz. In In http://www.tschofenig.priv.at/wp/?p=840 and in http://www.tschofenig.priv.at/wp/wp-content/uploads/2011/11/ietf-privacy-overview.pdf I explain briefly why their approach does not work in the IETF (nor in the W3C) context. I am happy to elaborate on that point in more detail. Some of you may have a different view. Privacy Impact Assessments are also relevant. Unfortunately, the PIAs I have seen focus on those who deploy rather than those who engineer the system. The same is true for the recently distributed Vodaphone/GSMA privacy guidelines. 

 * If you focus only what a JavaScript API designer can do then the answer is unfortunately a bit sad: "very little" All the important design decisions have been made already with the entire Web framework. There are a couple of deployment considerations one could think about (basically the OECD principles) but that has little to do with the design of the API. In that case many of the PIAs out there actually may be the best tool you have. So, the scoping of the work is pretty essential. 
  
Anyway, I am looking forward to the discussion. 

Ciao
Hannes

On Apr 13, 2012, at 9:56 AM, Tschofenig, Hannes (NSN - FI/Espoo) wrote:

> Hi Christine, 
> 
> I would suggest to share some experience of how the IAB had written their documents. They are fairly advanced already at this point and there may be some lessons that can be learned from the process. Of course the group may choose to make the experience themselves again in the style of "You can't put an old head on young shoulders". 
> 
> I reviewed Robin's draft, as you may have seen. I actually thought it was a joke.
> 
> Ciao
> Hannes
> 
>> -----Original Message-----
>> From: ext runnegar@isoc.org [mailto:runnegar@isoc.org]
>> Sent: Friday, April 13, 2012 9:06 AM
>> To: public-privacy@w3.org
>> Subject: PING Kick-off call - Thursday 19 April - UTC 14
>> 
>> Dear all.
>> 
>> Thank you for indicating your availability by completing the Doodle
>> poll. The best time and date seems to be Thursday 19 April 2012 at UTC
>> 14. If you are unable to join us, please feel free to circulate your
>> ideas on this email list prior to the call. Minutes will also be
>> available after the call.
>> 
>> Links and instructions for the call will follow.
>> 
>> Here is the draft agenda for the call. We welcome suggestions for
>> additional items.
>> 
>> DRAFT AGENDA - THURSDAY 19 APRIL 2012 - UTC 14
>> 
>> 1. Short introductions
>> * from the chairs and the participants
>> 
>> 2. Goals for the group
>> * discuss the charter and how we might approach those goals
>> 
>> 3. Particular documents/issues for review
>> * Robin Berjon's draft on privacy in APIs
>> * others?
>> 
>> 4. Dependencies and Liaisons (W3C groups and external groups)
>> * see Charter plus Technical Architecture Group (TAG)
>> * Cryptography WG
>> * others?
>> 
>> 5. Next steps
>> * Future calls
>> * Tracker
>> * Documents to draft?
>> 
>> 6. AOB
>> 
>> Christine and Tara
>> 
>
Received on Friday, 13 April 2012 08:17:21 UTC