W3C home > Mailing lists > Public > www-p3p-policy@w3.org > February 2002

comments toward p3p 2

From: Robert Thibadeau <rht@cs.cmu.edu>
Date: Thu, 07 Feb 2002 00:08:09 -0500
Message-ID: <3C620BB9.6000302@cs.cmu.edu>
To: www-p3p-policy@w3.org
Rigo,

You asked "anything" on suggestions for P3P2.0. That convinced me to say 
something.

I want to precede by saying that I am very happy that Giles Hogben has 
been making a contribution. I long ago told him first to write the APPEL 
and P3P demonstrator it as it is laid out, and he informs me that the 
JRC code is now fully compliant, and he indicated perhaps the only fully 
compliant code out there. I now told him that he has much more 'right' 
(of the Camelot's "right's right" kind) than others to suggest changes. 
I did not "do" what Giles did, but I have been a programmer since 1966, 
and my Ph.D. is, in essence, in computational linguistics, so I've seen 
the shadows of all this for many years. Language expresses "privacy" at 
its very root - it is called "ergativity," "agency," or "causality" and 
is, as Herb Simon and Rescher pointed out in the Journal of Philosophy, 
by happenstance also in 1966, a "counterfactual that cannot be 
contraposed." It takes a system of conditionals, some of which are not 
disclosed, to have agency, causality, or ergativity. The classic 
distinction, in ergative systems, is between 'it moved' and 'she moved 
it.' The right to privacy is fundamental in most utterances because it 
is presupposed by nearly all verbs in all human languages. Nearly all 
our communications presuppose the listener will respect (viz., not 
question for proof) the right of non-disclosed control.

I have two main suggestions for P3P 2.0. The first is to "objectize" the 
definitions. As I mentioned, I have long thought that P3P belonged at 
the IETF level because privacy agreements should have scope beyond HTTP 
transactions. The privacy object may provide a core P3P definition 
strictly for "policies" and, see below, "contracts". The object methods 
that can instantiate such a object, for client or for server, may differ 
depending on chosen context, with the only measure of success being that 
an agreement be reached. Pointer mechanisms, such as policy ref's are 
good in this. It should be possible to "self" a privacy object and 
thereby invoke a instance that is an agreement or contract. I would like 
to see a 'fast ported' protocol, on its own TCP port, and a augmentation 
to SMTP, as well as HTTP. All capable of achieving the same results 
between parties to the privacy agreement.

The second is to support the form of persona that I have been proposing 
- to keep clear it is really only part of the implementation of a 
persona, so we can call it a "persona's privacy policy, or PPP." There 
should be a way to express a privacy policy that includes variables to 
be filled in by the client or server agents. Furthermore, it should be 
possible to specify that these variables are authenticated or not (e.g., 
that a XML authentication or X.509v3 can establish that the person is 
who he says he is). Finally, we should be able to name a policy with a 
persona name and these should be globally unique. There should be an 
"Amazon Shopper" persona, for example. With this people can build simple 
software that allows people to build privacy policies for groups of 
people and organizations but applying to individuals. A PPP should also 
have provision for digital signing by all the parties to a transaction 
and therefore should have offered signature authorities (an ordered set 
of certificates, for example) for each signator as well as any agents 
(proxies) who may be operating on behalf of client or server agents.

That's about it.

Thanks to everybody involved for the good work. I wholeheartedly back 
the continuation of the
P3P efforts.

Regards, Bob
Received on Thursday, 7 February 2002 00:14:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT