RE: What to make of D-AC020.1? from Cutler, Roger (RogerCutler) on 2002-05-07 (www-ws-arch@w3.org from May 2002)

From: Cutler, Roger (RogerCutler) <RogerCutler@chevrontexaco.com>
Date: Tue, 7 May 2002 15:01:06 -0700
To: "'Joseph Hui'" <Joseph.Hui@exodus.net>, www-ws-arch@w3.org
Message-ID: <7FCB5A9F010AAE419A79A54B44F3718E2EAD99@bocnte2k3.boc.chevrontexaco.net>
I'm sorry, I cannot agree with this.  I have read RFC 2119, and it basically
defines "must" and "should" pretty much as they exist in standard English.
In addition, the spec says as "guidance" for use,
 
   "Imperatives of the type defined in this memo must be used with care
   and sparingly.  In particular, they MUST only be used where it is
   actually required for interoperation or to limit behavior which has
   potential for causing harm (e.g., limiting retransmisssions)  For
   example, they must not be used to try to impose a particular method
   on implementors where the method is not required for
   interoperability."

I would like to see the word "must" used "with care and sparingly".

As far as I am concerned, the following statement is fundamentally
illogical, in that if disclosing privacy policies is "an absolute
requirement of the specification" (from RFC 2119), then one cannot have a
service that follows the spec and also lacks such a disclosure.  If, on the
other hand, a service is not following the spec by not having a disclosure,
it does not make a lot of sense to further specify in the spec what that
service is supposed to do or be, since it is already a rogue service, beyond
the pale of the spec.  Perhaps, however, we have been talking at
cross-purposes and this was not the statement that Joseph was referring to.

>       A service provider MUST disclose its privacy policies in manners
>       that can be easily understood by the consumers.  In the absence
>       of such disclosure, a consumer (of the service) SHOULD assume
>       that neither the service nor its provider furnishes any privacy
>       policy.

-----Original Message-----
From: Joseph Hui [mailto:Joseph.Hui@exodus.net] 
Sent: Tuesday, May 07, 2002 3:36 PM
To: www-ws-arch@w3.org
Subject: RE: What to make of D-AC020.1?


The MUST and SHOULD in the proposed re-wording do not contradict each other.
They were IMO properly used in ways meant to be used, per RFC 2119.

If the first MUST were changed to SHOULD as Roger suggested, then the second
sentence would be meaningless, because the consumer wouldn't be able to
assume anything, let alone decide whether to opt out or not.

Joe Hui
Exodus, a Cable & Wireless service
================================================
> -----Original Message-----
> From: Cutler, Roger (RogerCutler)
> [mailto:RogerCutler@chevrontexaco.com]
> Sent: Monday, May 06, 2002 10:51 AM
> To: Joseph Hui; Hugo Haas; www-ws-arch@w3.org
> Subject: RE: What to make of D-AC020.1?
> 
> 
> It seems to me that a number of the proposals have been suffering from 
> "MUST" inflation (and do we really have to keep SHOUTING the
> word?)  In the
> example below, first you say that a provide MUST do
> something, then in the
> very next statement start discussing what happens if the 
> provider does not.
> It seems to me that the logic, then, implies that this is a 
> "should" not a
> "must".
> 
> -----Original Message-----
> From: Joseph Hui [mailto:jhui@digisle.net]
> Sent: Friday, May 03, 2002 6:11 PM
> To: Hugo Haas; www-ws-arch@w3.org
> Subject: RE: What to make of D-AC020.1?
> 
> 
> Hi Hugo,
> 
> >   D-AC020.1
> > 
> >     A service consumer must be able to know the privacy 
> >     policies of the
> >     service provider(s) that it is going to interact with.
> 
> This sounds good, except the "service consumer must be able
> to" part seems
> to place the burden (of privacy policies) more on the 
> consumer than on the
> provider.  If it's agreeable that the burden should be mostly (or even
> solely?) on the provider, then it may help to invert the statement to
> something like:
> 
>       A service provider MUST disclose its privacy policies in manners
>       that can be easily understood by the consumers.  In the absence
>       of such disclosure, a consumer (of the service) SHOULD assume
>       that neither the service nor its provider furnishes any privacy
>       policy.
> 
> Cheers,
> 
> Joe Hui
> Exodus, a Cable & Wireless service 
> ============================================
> 
> > -----Original Message-----
> > From: Hugo Haas [mailto:hugo@w3.org]
> > Sent: Friday, May 03, 2002 1:13 PM
> > To: www-ws-arch@w3.org
> > Subject: Re: What to make of D-AC020.1?
> > 
> > 
> > Hi Joe.
> > 
> > * Joseph Hui <jhui@digisle.net> [2002-05-02 15:43-0700]
> > > D-AC020.1 is in the form of a question (as opposed to a
> statement).
> > > What are we supposed to make of it as a CSF?
> > 
> > Would the following rewording, carrying the same ideas, address your
> > concerns:
> > 
> >   D-AC020.1
> > 
> >     A service consumer must be able to know the privacy policies of 
> > the
> >     service provider(s) that it is going to interact with.
> > 
> > Regards,
> > 
> > Hugo
> > 
> > --
> > Hugo Haas - W3C
> > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ -
> > tel:+1-617-452-2092
> > 
> > 
> 
> 
>
Received on Tuesday, 7 May 2002 18:01:28 UTC