W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

Re: AG004 Closure Sought

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 24 Jul 2002 13:40:35 +0200
To: Joseph Hui <Joseph.Hui@exodus.net>
Cc: Hugo Haas <hugo@w3.org>, www-ws-arch@w3.org
Message-ID: <20020724114035.GF3716@localhost>

As far as I understand, CSF's are more important than requirements ;)

Does the switch from CSF to requirement mean, privacy is not important?
I think no. But it should be clear, that the P3P-Group will watch out
that the requirement won't be watered down.

As for the wording:

We took the term 'user' instead of 'consumer' because it has less legal
connotations. So the wording spin-doctored by Hugo, Danny Weitzner has 
some of those tweaks. 

As for the P3P-Policy traveling with the request, we have the same issue
with SOAP and it will be probably solved the same way.. I find the usage
scenario described by Hugo is accurate.



On Mon, Jul 22, 2002 at 08:14:16PM -0700, Joseph Hui wrote:
> Hugo,
> Frankly I could happily and still can live with
> the original wording of D-AR020.5.
> It floated quite naturally, as opposed to the
> "new and improved" version, which comes across
> as, well: overworked. :-)
> Joe Hui
> Exodus, a Cable & Wireless service
> ===================================== 
> -----Original Message-----
> From:	Hugo Haas [mailto:hugo@w3.org]
> Sent:	Mon 7/22/2002 1:43 PM
> To:	www-ws-arch@w3.org
> Cc:	Rigo Wenning
> Subject:	Re: AG004 Closure Sought
> [ Copying Rigo Wenning since the proposal originated from a discussion
>   I had with him. ]
> * Joseph Hui <Joseph.Hui@exodus.net> [2002-07-14 23:39-0700]
> > 5) Privacy requirements to be solidified.
> >    During the last F2F we did not get around to finalize
> >    the verbiage for the Privacy req's.  So there seems
> >    to be still considerable req-related work to be done.
> Joseph asked me to champion AC020[1].
> At the last face-to-face meeting[2], we accepted AC020, AC020.1,
> AC020.2, AC020.3, rejected AC020.4, and proposed AC020.5
> I would like to request two minor editorial change:
> - AC020.3: I was told that it was better to use "user" instead of
>   "consumer", because it was more general (at least in US law):
> |          + AC020.3 The Web Services Architecture MUST enable a user
> |            to access a Web Service's advertised privacy policy
> |            statement.
> - it seems that AC020.[1235] are more requirements than CSFs; it
>   probably would be better to name them AR020.[1235].
> So we need to get consensus on the proposed D-AC020.5 (or D-AR020.5).
> The text reads:
> |          + D-AC020.5 The Web Services Architecture MUST enable
> |            delegation and propagation of privacy policy.
> This requirements is trying to address the following problem: a Web
> service A may use other Web services to fulfill a request. If a user U
> and A do business based on a particular privacy policy P, any Web
> service contacted by A in order to process U's request should not
> violate P.
> This is why P should be propagated along with any processing.
> People seemed generally happy about this idea at the face-to-face
> meeting, but I had echoes on the security task-force call that the
> wording was obscure.
> Maybe it comes from "delegation", which is actually confusing me too.
> What about (two choices):
>   The Web Services Architecture MUST enable propagation of privacy
>   policy [during delegation of processing | across Web services].
> Well, it's not crystal clear either, but we can use that as a starting
> point.
> Regards,
> Hugo
>   1. http://www.w3.org/2002/ws/arch/2/06/wd-wsa-reqs-20020605.html#AC020
>   2. http://www.w3.org/2002/ws/arch/2/06/f2f-minutes#Review
> -- 
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
Received on Wednesday, 24 July 2002 07:47:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:02 GMT