W3C home > Mailing lists > Public > public-prov-wg@w3.org > November 2012

Re: PROV-AQ security (privacy) considerations

From: Timothy Lebo <lebot@rpi.edu>
Date: Tue, 6 Nov 2012 09:50:19 -0500
Cc: W3C provenance WG <public-prov-wg@w3.org>
Message-Id: <85AA8819-50B4-410E-A1FA-63AFDF69AA5E@rpi.edu>
To: Graham Klyne <GK@ninebynine.org>
I think it is a great description and would be happy to see it included.

Regards,
Tim


On Nov 6, 2012, at 9:35 AM, Graham Klyne <GK@ninebynine.org> wrote:

> I'm working through some outstanding TODO issues in PROV-AQ.
> 
> There are some notes for discussion of potential privacy concerns. Based on these notes, I've drafted the following, which might be controversial:
> 
> [[
>        Provenance information may provide a route for leakage of privacy-related information, combining as it does a diversity of information types with possible personally-identifying information; e.g. editing timestamps may provide clues to the working patterns of document editors, or derivation traces might indicate access to sensitive materials.  In particular, note that the fact that a resource is openly accessible does not mean that its provenance information should also be.  When publishing provenance, its sensitivity should be considered and appropriate access controls applied where necessary.  When a provenance-aware publishing service accepts some resource for publication, the contributors should have some opportunity to review and correct or conceal any provenance information that they don't wish to be exposed.
> ]]
> 
> Are there any objections to this?
> 
> #g
> 
> 
Received on Tuesday, 6 November 2012 14:50:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 6 November 2012 14:50:52 GMT