Re: Policy for an Internet registry

On Tue, Aug 13, 2002 at 01:04:19PM -0400,
 Lorrie Cranor <lorrie@research.att.com> wrote 
 a message of 59 lines which said:

> It sounds to me like you are collecting the phone number
> from everyone,

Right. 

> so the phone number itself is not optional.

I understand.

> <public/>. What you would need to do is group the data
> you collect into two data groups  (or possibly more) -- one
> for the data that users have a choice about
> publishing and one for data which there is no choice.
> In the data group where there is a choice you would
> include
>  <RECIPIENTS><ours/><public required="opt-out"/></RECIPIENTS>
> or something like that.

It means one STATEMENT for variables where they can opt out and
another one for variables which are always public? Correct? If so, it
is not very easy to write and to read. Here is an example. Any better
way?

  <STATEMENT> 
    <CONSEQUENCE>Social data (name, address, etc), distributed by
    whois and whois-like services. Mandatory.</CONSEQUENCE>
    <PURPOSE> 
      <contact/> 
    </PURPOSE> 
    <RECIPIENT> <public/> </RECIPIENT> 
    <RETENTION>
      <stated-purpose/></RETENTION> 
    <DATA-GROUP> 
      <DATA ref="#user.name"/> 
      <DATA ref="#user.home-info.postal"/> 
    </DATA-GROUP> 
  </STATEMENT> 

  <STATEMENT> 
    <CONSEQUENCE>Social data (name, address, etc), distributed by
    whois and whois-like services. Red-listable.</CONSEQUENCE>
    <PURPOSE> 
      <contact/> 
    </PURPOSE> 
    <RECIPIENT> <public required="opt-out"/> </RECIPIENT> 
    <RETENTION>
      <stated-purpose/></RETENTION> 
    <DATA-GROUP> 
      <DATA ref="#user.home-info.online.telecom.telephone"/> 
    </DATA-GROUP> 
  </STATEMENT> 

Received on Wednesday, 14 August 2002 02:59:40 UTC