W3C home > Mailing lists > Public > www-ws-arch@w3.org > March 2002

RE: WS Privacy [Was RE: Status of D-AG006]

From: Joseph Hui <jhui@digisle.net>
Date: Wed, 20 Mar 2002 19:38:31 -0800
Message-ID: <C153D39717E5F444B81E7B85018A460B081B277D@ex-sj-5.digisle.com>
To: "Edgar, Gerald" <gerald.edgar@boeing.com>, <www-ws-arch@w3.org>
From: Edgar, Gerald [mailto:gerald.edgar@boeing.com] 
[snip]

> I can not address legal issues, since governing law varies from place to
> place. I see privacy as a subclass of confidentiality- protection from
> unauthorized attempts to read data.
 
As I said during the first mention of Privacy in the security
threads, protecting the privacy of data from unintended
readership pertains to Confidentiality, which is of security.
 (The security primitive for addressing Confidentiality is Encryption.)
The rest are non-security-related Privacy.  (There's in fact no known
security primitive to address any of them.)
 
I too am of the opinion that how data is treated by apps
should be ruled out of scope, though I'd always keep my mind
open to new revelations about Privacy pertaining to the WG's
goals, including the one newly proposed by Hugo.
 
Joe Hui
Exodus, a Cable & Wireless company
================================

	 

	]ty,

	Privacy consists of the right of an entity, normally a person, acting in
	their own behalf, and how much it will interact with its environment. The
	entity determines how much information to share.
	
	This also has implications for web services in how to keep web services
	confidential, this should be part of security. How the data is treated in
	the application using web services is I think beyond the scope of the
	architecture group
	
	Gerald W. Edgar <gerald.edgar@boeing.com>
	Architecture support, BCA Architecture and e-business
	425-234-1422
	
	Mailing address:
	The Boeing Company, M/S 6H-WW
	PO Box 3707, Seattle, WA 98124-2207
	USA
	
	
	
	-----Original Message-----
	From: Hugo Haas [mailto:hugo@w3.org]
	Sent: Wednesday, March 20, 2002 11:07
	To: www-ws-arch@w3.org
	Cc: Rigo Wenning
	Subject: Re: WS Privacy [Was RE: Status of D-AG006]
	
	
	Hi Joe.
	
	* Joseph Hui <jhui@digisle.net> [2002-03-20 10:33-0800]
	[..]
	> On the new goal you're proposing -- protecting comsumers' private data
	> from exploitation, I tend to think legislative bodies (instead of
	technological
	> standard bodies) can be much much more effective in privacy areas.
	> E.g. I don't know of any effective technical mechanism that can prevent
	> a merchant from whom a consumer has purchased goods from using the
	> consumer's shipping address for promotional mails.  But if the laws
	> says the merchant must provide a checkbox for consumers to
	> exclude themselves from potential spams, then the problem (which is
	> only one of many privacy problems) is pretty solved, as it's
	technologically
	> trivial to add such anti-spam feature (i.e. stopping spams at their
	sources).
	
	Privacy can be protected by, for example:
	- minimalizing the amount of data collected to what is necessary only.
	- limit the period such data is held.
	
	I don't think we can prevent data collection, but we can have services
	advertize what they are doing, e.g. by using P3P, which was developed
	at W3C[1], and plan for such things in the architecture.
	
	> I'd also suggest that as we're starting to deliberate Privacy, we need to
	> *define* (de Javu?) what Privacy means in the WSAWG context,
	> so we know what we're getting ourselves into.
	
	Even though I have been the one advocating for privacy, I am no
	privacy expert and am copying Rigo Wenning on this in case he wants to
	add something.
	
	To me, privacy in the Web services architecture context is about
	collection of data by service providers about the service consumers;
	the tricky part is that there could be several parties involved for
	providing a complex service, which could each have different policies.
	
	The data could be tied to your name, address, or maybe simply a user
	identifier, for marketing purposes or maybe just for statistical
	analyses, it could be shared among providers or kept to one provider,
	etc.
	
	Regards,
	
	Hugo
	
	  1. http://www.w3.org/P3P/
	--
	Hugo Haas - W3C
	mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
	
	
Received on Wednesday, 20 March 2002 22:38:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:56 GMT