Nicely said, Frederick. Note that I am not saying that nothing should be said about privacy at the level of an individual specification but the appropriate granularity will very much depend on the type of work. For example, in the context of the current privacy reviews in this group there are lots of JavaScript APIs that are presented to us and one can see some common patterns. To me it appears that certain privacy decisions have been cast in stone already with the decision to follow a code distribution model, like JavaScript provides, and hence you have to deal with those constraints. On 05/30/2014 04:47 PM, Frederick Hirsch wrote: > I think what this paragraph from Hannes is also saying, and maybe we > should clarify, is that privacy requires a system view, end-end, and > this is what applications and implementers are able to analyze, while > individual specifications are often components. The security and privacy > considerations for components can highlight minimization and potential > vulnerabilities and countermeasures, but overall issues like data > retention and reuse (to give two obvious examples) usually cannot be > addressed in a specification in isolation.
Received on Friday, 30 May 2014 14:58:05 UTC