W3C home > Mailing lists > Public > public-prov-wg@w3.org > September 2012

Re: ACTION-650: Review what provenance WG is doing with an eye to application to privacy issues

From: Paul Groth <p.t.groth@vu.nl>
Date: Mon, 24 Sep 2012 15:37:22 +0200
Message-ID: <CAJCyKRraOGSgCo2_86gEOJtLKRgN9R4jGONApkpv3j03emnk-A@mail.gmail.com>
To: Graham Klyne <graham.klyne@zoo.ox.ac.uk>
Cc: W3C provenance WG <public-prov-wg@w3.org>
Hi Graham,

The chairs haven't been contacted. I think we clearly are one part of
supporting this use-case.

cheers
Paul

On Sun, Sep 23, 2012 at 11:27 PM, Graham Klyne
<graham.klyne@zoo.ox.ac.uk> wrote:
> I just spotted this on the W3C TAG list.  I don't know if any of us have been
> contacted about this?
>
> My perception is that our focus has been on establishing a basis for trust.  But
> in many ways, I think that the accountability issues referred to are a
> complementary aspect of the same underlying raison d'etre; i.e. knowing what was
> done, to what, and by whom.
>
> #g
> --
>
> -------- Original Message --------
> Subject: ACTION-650: Review what provenance WG is doing with an eye to
> application to privacy issues
> Resent-Date: Sun, 23 Sep 2012 20:49:45 +0000
> Resent-From: www-tag@w3.org
> Date: Sun, 23 Sep 2012 16:49:17 -0400
> From: Jonathan A Rees <rees@mumble.net>
> To: www-tag@w3.org
>
> ACTION-650: Review what provenance WG is doing with an eye to
> application to privacy issues
> https://www.w3.org/2001/tag/group/track/actions/650
>
> As I remember, I suggested looking at this to help close a TAG
> discussion of privacy that was ending with no clear direction for
> further discussion.
>
> What I had in mind was to ask whether the Provenance WG would deliver
> specifications that could support accountability workflows of
> the kind advocated by TAMI ( http://dig.csail.mit.edu/TAMI/ ).  The
> hypothesis behind TAMI is, briefly, that core to any effective
> implementation of privacy policy is accountability.  Suppose that some
> entity A has access to B's private information, and A makes public
> *other* information that has the appearance of potential for violating
> some agreed privacy policy.  It would be nice if the burden of proof
> of policy adherence were on A, and if A had some way to satisfy such a
> burden without violating such policy.
>
> The question asked by this action is, does anything coming from the
> provenance WG assist in any way in the management or expression of
> such proofs?
>
> Indeed, the TAMI idea was listed among the original provenance XG use
> cases:
>    http://www.w3.org/2005/Incubator/prov/wiki/Use_Cases
> ... and documented here:
>    http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_private_data_use
> ... but was not really addressed in any XG output:
>    http://www.w3.org/2005/Incubator/prov/XGR-prov-20101214/#Original_Use_Cases
>
> I did a quick scan of the WG's working drafts (as listed here:
>   http://www.w3.org/2011/prov/wiki/Main_Page ) and did not find any
> evidence that this use case, or even any specific consideration of
> privacy or accountability, survived to figure into WG's goals or
> designs.  That is not to say there is no applicability; and I have not
> digested the working drafts to the point I could asses that question.
>
> My purpose here is mainly educational. I feel that whenever privacy
> comes up in the TAG, we tend to wander off into the relative comfort zone of
> security, which is only one part of achieving privacy goals. Where
> privacy gets interesting and hard is around the question not of
> *access* to data, but of how someone who has access can learn
> what uses are permitted (policy communication, see Geolocation
> debate), and convince themselves or others that any actual use of the
> data conforms to policy. That is not a security question (given
> current technology).
> The state of the art, in fact, is legal (see Larry's governance work).
> TAMI is a research effort to move some of the non-security (i.e.
> use policy) aspects back into a technical space, so I think TAG
> members should be aware of it.
>
> Set PENDING REVIEW.
>
> Jonathan
>
>



-- 
--
Dr. Paul Groth (p.t.groth@vu.nl)
http://www.few.vu.nl/~pgroth/
Assistant Professor
- Knowledge Representation & Reasoning Group |
  Artificial Intelligence Section | Department of Computer Science
- The Network Institute
VU University Amsterdam
Received on Monday, 24 September 2012 13:37:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 24 September 2012 13:37:48 GMT