W3C home > Mailing lists > Public > public-prov-wg@w3.org > November 2012

Re: PROV-AQ security (privacy) considerations

From: Paul Groth <pgroth@gmail.com>
Date: Tue, 6 Nov 2012 16:31:28 -0500
Message-ID: <CAJCyKRpZeAzy=2wfSct2BPJTqcu3P1BZPp3-o-r7A6nrfbnTTw@mail.gmail.com>
To: James Cheney <jcheney@inf.ed.ac.uk>
Cc: Graham Klyne <GK@ninebynine.org>, W3C provenance WG <public-prov-wg@w3.org>
HI Graham,

Is this kind of language that should be in the spec? I'm just wondering?

The paragraph itself is fine. Just wondering about whether this should go
in.

cheers
Paul


On Tue, Nov 6, 2012 at 3:25 PM, James Cheney <jcheney@inf.ed.ac.uk> wrote:

> That sounds reasonable, if not obvious, to me also (but worth saying, to
> avoid lawsuits later :)
>
> --James
>
> On Nov 6, 2012, at 9:50 AM, Timothy Lebo wrote:
>
> > I think it is a great description and would be happy to see it included.
> >
> > Regards,
> > Tim
> >
> >
> > On Nov 6, 2012, at 9:35 AM, Graham Klyne <GK@ninebynine.org> wrote:
> >
> >> I'm working through some outstanding TODO issues in PROV-AQ.
> >>
> >> There are some notes for discussion of potential privacy concerns.
> Based on these notes, I've drafted the following, which might be
> controversial:
> >>
> >> [[
> >>       Provenance information may provide a route for leakage of
> privacy-related information, combining as it does a diversity of
> information types with possible personally-identifying information; e.g.
> editing timestamps may provide clues to the working patterns of document
> editors, or derivation traces might indicate access to sensitive materials.
>  In particular, note that the fact that a resource is openly accessible
> does not mean that its provenance information should also be.  When
> publishing provenance, its sensitivity should be considered and appropriate
> access controls applied where necessary.  When a provenance-aware
> publishing service accepts some resource for publication, the contributors
> should have some opportunity to review and correct or conceal any
> provenance information that they don't wish to be exposed.
> >> ]]
> >>
> >> Are there any objections to this?
> >>
> >> #g
> >>
> >>
> >
> >
> >
>
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>
>
>
Received on Tuesday, 6 November 2012 21:31:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 6 November 2012 21:31:55 GMT