Re: PING summary - 23 March 2017 from Renato Iannella on 2017-04-26 (public-privacy@w3.org from April to June 2017)

From: Renato Iannella <ri@semanticidentity.com>
Date: Wed, 26 Apr 2017 12:33:35 +1000
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Cc: POE Comment list <public-poe-comments@w3.org>
Message-Id: <57F727CC-7EA9-45A5-891B-CA260675ADEB@semanticidentity.com>

> On 13 Apr 2017, at 21:11, Christine Runnegar <runnegar@isoc.org> wrote:
> 
> (3) Request for PING review of ODRL Information Model and ODRL Vocabulary & Expression
> 
> https://www.w3.org/TR/odrl-model/
> https://www.w3.org/TR/odrl-vocab/
> 
> There may be a potential to fingerprint based on the intersection of policy settings. A question was also raised as to whether it could be used to capture keystrokes secretly (e.g. via a hidden input field). But, the specification does not log actual keys, it does post-processing; events after text to add/remove has been generated. So, the answer is probably no. There are a series of events after text entry, e.g. events to edit or modify the text (such as add or remove). Use case - people who edit content on Github, blogs, etc.
> 
> We need more information from the spec experts.


Dear PING, the POE WG discussed this at our last teleconference [1].

The ODRL specs are aimed at expressing policies, and hence are not impacted by keystroke logging.

We were not clear on the comment/impact on “fingerprinting”.

We would be happy to answer any followup questions.

Cheers...
Renato Iannella

[1] https://www.w3.org/2017/04/24-poe-minutes <https://www.w3.org/2017/04/24-poe-minutes>

Received on Wednesday, 26 April 2017 02:34:19 UTC