- From: Kepeng Li <kepeng.lkp@alibaba-inc.com>
- Date: Fri, 15 May 2015 22:40:21 +0800
- To: <public-webpayments-ig@w3.org>
Hello all,
Please find my review comments about privacy aspects of the Web Payments
Use Case document.
Thanks,
Kind Regards
Kepeng Li
Alibaba Group
ÔÚ 14/5/15 5:31 pm£¬ "Kepeng Li" <kepeng.lkp@alibaba-inc.com> дÈë:
>Hi Christine and all,
>
>About agenda item 4, I have reviewed it and here are some feedbacks.
>
>> 4. Privacy review request from W3C Web Payments Interest Group
>>concerning W3C Web Payments Interest Group [6]
>
>http://www.w3.org/TR/web-payments-use-cases/
>
>1) Section 6.1.2 Agreement on Terms
>
>Privacy / Security£º It is important that people retain control over when
>and how their credentials are shared.
>
>
>Comments: I suggest to add "personally identifiable information¡± to the
>sentence above. We also need to consider privacy, not only security.
>
>2) Section 6.1.2.1 Non-essential Use Cases
>
>Privacy / Security: We must ensure adequate security for these highly
>sensitive transactions to reduce the likelihood of phishing attacks.
>
>
>Comments: I suggest to split this into two parts, privacy and security.
>The sentence above is about security. We can add one sentence about
>privacy:
>
>Privacy: We must ensure adequate protection for the very sensitive
>personally identifiable information to reduce the likelihood of privacy
>leakage.
>
>
>3£©Section 6.2.2 Selection of Payment Instruments
>
>Privacy / Security: The types of payment instruments available to a payer
>could be used to digitally fingerprint a payer even if they were using an
>pseudo-anonymous payment mechanism. Merchants and payees may be legally
>obligated to protect this kind of payer payment information.
>
>
>Comments: I think we should put stronger requirements to merchants and
>payees, ¡°may¡± is not sufficient. I suggest to change it to ¡°must¡±, at
>least ¡°should".
>
>
>4) Section 6.4.2 Delivery of Receipt
>
>Privacy / Security: Many merchants want to ensure that receipts are not
>readable by any party between them and their customer.
>
>
>Comments: Receipts should also be not modifiable. I suggest to add
>¡°modifiable¡± after ¡°readable¡±.
>
>5) Section 6.4.2 Delivery of Receipt
>
>
>Privacy / Security: Physical receipts should ensure that private
>information is not exposed on the receipt.
>
>
>Comments: Sometimes, we need to have some information on the receipt to
>identify the user, e.g. ticket checking. Another way is to blur the
>private information. I suggest to change it to: Physical receipts should
>ensure that private information is not exposed on the receipt, or the
>private information is blurred.
>
>
>Thanks
>
>Kind Regards
>
>Kepeng Li
>Alibaba Group
>
>
>ÔÚ 11/5/15 5:17 pm£¬ "Christine Runnegar" <runnegar@isoc.org> дÈë:
>
>>A friendly reminder and the draft agenda
>>
>>If you have any comments regarding the draft agenda, please share them on
>>the list.
>>
>>1. Welcome and introductions
>>
>>2. Privacy review request from Web Applications Security WG concerning
>>Subresource Integrity [1]
>>
>>3. Privacy review request from CSV on the Web Working Group concerning:
>>
>>Model for Tabular Data and Metadata on the Web [2]
>>- an abstract model for tabular data, and how to locate metadata that
>>enables
>>users to better understand what the data holds; this specification also
>>contains non-normative guidance on how to parse CSV files.
>>
>>Metadata Vocabulary for Tabular Data [3]
>>- a JSON-based format for expressing metadata about tabular data to
>>inform
>>validation, conversion, display and data entry for tabular data
>>
>>Generating JSON from Tabular Data on the Web [4]
>>- how to convert tabular data into JSON
>>
>>Generating RDF from Tabular Data on the Web [5]
>>- how to convert tabular data into RDF
>>
>>4. Privacy review request from W3C Web Payments Interest Group concerning
>>W3C Web Payments Interest Group [6]
>>
>>5. Comments requested on privacy and security considerations of Media
>>Capture and Streams [7]
>>
>>6. Should sensors require a privileged context? (Discussion raised in
>>Device API WG)
>>
>>7. AOB
>>
>>Christine and Tara
>>
>>[1] http://w3c.github.io/webappsec/specs/subresourceintegrity/
>>[2] http://www.w3.org/TR/2015/WD-tabular-data-model-20150416/
>>[3] http://www.w3.org/TR/2015/WD-tabular-metadata-20150416/
>>[4] http://www.w3.org/TR/2015/WD-csv2json-20150416/
>>[5] http://www.w3.org/TR/2015/WD-csv2rdf-20150416/
>>[6] http://www.w3.org/TR/web-payments-use-cases/
>>[7]
>>http://www.w3.org/TR/2015/WD-mediacapture-streams-20150414/#privacy-and-s
>>e
>>curity-considerations
>>
>>> Begin forwarded message:
>>>
>>> From: Christine Runnegar <runnegar@isoc.org>
>>> Subject: PING call - 14 May 2015 - call details
>>> Date: 8 May 2015 10:21:48 am GMT+2
>>> To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
>>> Resent-From: <public-privacy@w3.org>
>>>
>>> Dear all,
>>>
>>> We have our monthly teleconference on Thursday 14 May 2015 at 9am PT,
>>>12pm ET, 16 UTC, 6pm CET
>>>
>>>
>>>https://www.timeanddate.com/worldclock/fixedtime.html?iso=20150514T18&p1
>>>=
>>>87&ah=1
>>>
>>> The draft agenda for the call will be circulated shortly.
>>>
>>> In the meantime, please let us know if you would like to add anything
>>>to the agenda.
>>>
>>> Call details:
>>>
>>> Zakim Bridge +1.617.761.6200, conference 7464 ("PING")
>>> SIP/VOIP details available here:
>>>http://www.w3.org/2006/tools/wiki/Zakim-SIP
>>>
>>> Please also join us on IRC in the #privacy room.
>>> Server: irc.w3.org
>>> Username: <your name>
>>> Port: 6665 N.B.: not the default IRC port!
>>> Channel: #privacy
>>>
>>> Christine and Tara
>>
>
>
Received on Friday, 15 May 2015 14:42:10 UTC