W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

RE: What to make of D-AC020.1?

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Tue, 7 May 2002 16:00:14 -0700
Message-ID: <45258A4365C6B24A9832BFE224837D551D1BEF@SJDCEX01.int.exodus.net>
To: "Cutler, Roger (RogerCutler)" <RogerCutler@chevrontexaco.com>, <www-ws-arch@w3.org>
Roger,

I did mean to suggest the requirement an absolute one.
Wouldn't that be what the Privacy advocates want?
You did raise some good points that the statement
should be negotiated downward to be more implementer
friendly, for I could have overextended.  

Would you care to suggest a replacement?
I offered mine to Hugo's original mainly because I needed
something in the form of a statement instead of a quesiton
in order to vote on it.  It's time for me to re-iterate my
previous disclaimer that I have no expertise in Privacy.
Maybe your wording, being the third, would be a charm. ;-)
Note that I never quite like Hugo's and subsequently mine
for their being "un-CSF'ly."  
Hopefully you'll get it right and perfect.
Let's see your shot. :-)

Cheers,

Joe Hui
Exodus, a Cable & Wireless service
=====================================================



> -----Original Message-----
> From: Cutler, Roger (RogerCutler) 
> [mailto:RogerCutler@chevrontexaco.com]
> Sent: Tuesday, May 07, 2002 3:01 PM
> To: Joseph Hui; www-ws-arch@w3.org
> Subject: RE: What to make of D-AC020.1?
> 
> 
> I'm sorry, I cannot agree with this.  I have read RFC 2119, 
> and it basically
> defines "must" and "should" pretty much as they exist in 
> standard English.
> In addition, the spec says as "guidance" for use,
>  
>    "Imperatives of the type defined in this memo must be used 
> with care
>    and sparingly.  In particular, they MUST only be used where it is
>    actually required for interoperation or to limit behavior which has
>    potential for causing harm (e.g., limiting retransmisssions)  For
>    example, they must not be used to try to impose a particular method
>    on implementors where the method is not required for
>    interoperability."
> 
> I would like to see the word "must" used "with care and sparingly".
> 
> As far as I am concerned, the following statement is fundamentally
> illogical, in that if disclosing privacy policies is "an absolute
> requirement of the specification" (from RFC 2119), then one 
> cannot have a
> service that follows the spec and also lacks such a 
> disclosure.  If, on the
> other hand, a service is not following the spec by not having 
> a disclosure,
> it does not make a lot of sense to further specify in the 
> spec what that
> service is supposed to do or be, since it is already a rogue 
> service, beyond
> the pale of the spec.  Perhaps, however, we have been talking at
> cross-purposes and this was not the statement that Joseph was 
> referring to.
> 
> >       A service provider MUST disclose its privacy policies 
> in manners
> >       that can be easily understood by the consumers.  In 
> the absence
> >       of such disclosure, a consumer (of the service) SHOULD assume
> >       that neither the service nor its provider furnishes 
> any privacy
> >       policy.
> 
> -----Original Message-----
> From: Joseph Hui [mailto:Joseph.Hui@exodus.net] 
> Sent: Tuesday, May 07, 2002 3:36 PM
> To: www-ws-arch@w3.org
> Subject: RE: What to make of D-AC020.1?
> 
> 
> The MUST and SHOULD in the proposed re-wording do not 
> contradict each other.
> They were IMO properly used in ways meant to be used, per RFC 2119.
> 
> If the first MUST were changed to SHOULD as Roger suggested, 
> then the second
> sentence would be meaningless, because the consumer wouldn't 
> be able to
> assume anything, let alone decide whether to opt out or not.
> 
> Joe Hui
> Exodus, a Cable & Wireless service
> ================================================
> > -----Original Message-----
> > From: Cutler, Roger (RogerCutler)
> > [mailto:RogerCutler@chevrontexaco.com]
> > Sent: Monday, May 06, 2002 10:51 AM
> > To: Joseph Hui; Hugo Haas; www-ws-arch@w3.org
> > Subject: RE: What to make of D-AC020.1?
> > 
> > 
> > It seems to me that a number of the proposals have been 
> suffering from 
> > "MUST" inflation (and do we really have to keep SHOUTING the
> > word?)  In the
> > example below, first you say that a provide MUST do
> > something, then in the
> > very next statement start discussing what happens if the 
> > provider does not.
> > It seems to me that the logic, then, implies that this is a 
> > "should" not a
> > "must".
> > 
> > -----Original Message-----
> > From: Joseph Hui [mailto:jhui@digisle.net]
> > Sent: Friday, May 03, 2002 6:11 PM
> > To: Hugo Haas; www-ws-arch@w3.org
> > Subject: RE: What to make of D-AC020.1?
> > 
> > 
> > Hi Hugo,
> > 
> > >   D-AC020.1
> > > 
> > >     A service consumer must be able to know the privacy 
> > >     policies of the
> > >     service provider(s) that it is going to interact with.
> > 
> > This sounds good, except the "service consumer must be able
> > to" part seems
> > to place the burden (of privacy policies) more on the 
> > consumer than on the
> > provider.  If it's agreeable that the burden should be 
> mostly (or even
> > solely?) on the provider, then it may help to invert the 
> statement to
> > something like:
> > 
> >       A service provider MUST disclose its privacy policies 
> in manners
> >       that can be easily understood by the consumers.  In 
> the absence
> >       of such disclosure, a consumer (of the service) SHOULD assume
> >       that neither the service nor its provider furnishes 
> any privacy
> >       policy.
> > 
> > Cheers,
> > 
> > Joe Hui
> > Exodus, a Cable & Wireless service 
> > ============================================
> > 
> > > -----Original Message-----
> > > From: Hugo Haas [mailto:hugo@w3.org]
> > > Sent: Friday, May 03, 2002 1:13 PM
> > > To: www-ws-arch@w3.org
> > > Subject: Re: What to make of D-AC020.1?
> > > 
> > > 
> > > Hi Joe.
> > > 
> > > * Joseph Hui <jhui@digisle.net> [2002-05-02 15:43-0700]
> > > > D-AC020.1 is in the form of a question (as opposed to a
> > statement).
> > > > What are we supposed to make of it as a CSF?
> > > 
> > > Would the following rewording, carrying the same ideas, 
> address your
> > > concerns:
> > > 
> > >   D-AC020.1
> > > 
> > >     A service consumer must be able to know the privacy 
> policies of 
> > > the
> > >     service provider(s) that it is going to interact with.
> > > 
> > > Regards,
> > > 
> > > Hugo
> > > 
> > > --
> > > Hugo Haas - W3C
> > > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ -
> > > tel:+1-617-452-2092
> > > 
> > > 
> > 
> > 
> > 
> 
> 
> 
> 
Received on Tuesday, 7 May 2002 18:59:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:59 GMT