W3C home > Mailing lists > Public > www-ws-arch@w3.org > May 2002

RE: What to make of D-AC020.1?

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Tue, 7 May 2002 17:40:47 -0700
Message-ID: <45258A4365C6B24A9832BFE224837D551D1BF1@SJDCEX01.int.exodus.net>
To: "Cutler, Roger (RogerCutler)" <RogerCutler@chevrontexaco.com>, <www-ws-arch@w3.org>
Roger,

Please see me in-line comment below that may help to clear
the "illogical" cloud.

> From: Cutler, Roger (RogerCutler) 
> [mailto:RogerCutler@chevrontexaco.com]
> Sent: Tuesday, May 07, 2002 3:01 PM
> To: Joseph Hui; www-ws-arch@w3.org
> Subject: RE: What to make of D-AC020.1?
> 
> 
> I'm sorry, I cannot agree with this.  I have read RFC 2119, 
> and it basically
> defines "must" and "should" pretty much as they exist in 
> standard English.
> In addition, the spec says as "guidance" for use,
>  
>    "Imperatives of the type defined in this memo must be used 
> with care
>    and sparingly.  In particular, they MUST only be used where it is
>    actually required for interoperation or to limit behavior which has
>    potential for causing harm (e.g., limiting retransmisssions)  For
>    example, they must not be used to try to impose a particular method
>    on implementors where the method is not required for
>    interoperability."
> 
> I would like to see the word "must" used "with care and sparingly".
> 
> As far as I am concerned, the following statement is fundamentally
> illogical, in that if disclosing privacy policies is "an absolute
> requirement of the specification" (from RFC 2119), then one 
> cannot have a
> service that follows the spec and also lacks such a 
> disclosure.  
> If, on the
> other hand, a service is not following the spec by not having 
> a disclosure,
> it does not make a lot of sense to further specify in the 
> spec 
> _____what that service is supposed to do or be______,
> since it is already a rogue 
> service, beyond the pale of the spec. 

Wrt the __underscored text__, I think you mistook the
consumer for the provider in the second sentence in my
text suggested for D-AC020.1 CSF.
Note that the CSF doesn't specify what the rogue service
(i.e. the _provider_) is supposed to do after it's been
found not disclosing privacy policies; it suggests what the
_consumer_ is supposed to do -- assume the rogue service
supports no Privacy.  (It'd be up to the consumer to either
move on or take its chances on the rogue service.)

I.e. the first sentence (of my text in D-AR020.1) says
what the provider must do.  The second sentence says
what the consumer should do if the provider fails to
do what it (the provider) must do.  
This is perfectly logical.  OTOH, the CSF would be illogical
to read if one replaced the "consumer" with "provider".

(As I mentioned in the last response to this thread,
the MUST/must wording may be too burdensome for WS providers. 
But that's another issue, better be addressed separately.)

Joe Hui
Exodus, a Cable & Wireless service
===========================================================

> Perhaps, however, we have been talking at
> cross-purposes and this was not the statement that Joseph was 
> referring to.
> 
> >       A service provider MUST disclose its privacy policies 
> in manners
> >       that can be easily understood by the consumers.  In 
> the absence
> >       of such disclosure, a consumer (of the service) SHOULD assume
> >       that neither the service nor its provider furnishes 
> any privacy
> >       policy.
> 
> -----Original Message-----
> From: Joseph Hui [mailto:Joseph.Hui@exodus.net] 
> Sent: Tuesday, May 07, 2002 3:36 PM
> To: www-ws-arch@w3.org
> Subject: RE: What to make of D-AC020.1?
> 
> 
> The MUST and SHOULD in the proposed re-wording do not 
> contradict each other.
> They were IMO properly used in ways meant to be used, per RFC 2119.
> 
> If the first MUST were changed to SHOULD as Roger suggested, 
> then the second
> sentence would be meaningless, because the consumer wouldn't 
> be able to
> assume anything, let alone decide whether to opt out or not.
> 
> Joe Hui
> Exodus, a Cable & Wireless service
> ================================================
> > -----Original Message-----
> > From: Cutler, Roger (RogerCutler)
> > [mailto:RogerCutler@chevrontexaco.com]
> > Sent: Monday, May 06, 2002 10:51 AM
> > To: Joseph Hui; Hugo Haas; www-ws-arch@w3.org
> > Subject: RE: What to make of D-AC020.1?
> > 
> > 
> > It seems to me that a number of the proposals have been 
> suffering from 
> > "MUST" inflation (and do we really have to keep SHOUTING the
> > word?)  In the
> > example below, first you say that a provide MUST do
> > something, then in the
> > very next statement start discussing what happens if the 
> > provider does not.
> > It seems to me that the logic, then, implies that this is a 
> > "should" not a
> > "must".
> > 
> > -----Original Message-----
> > From: Joseph Hui [mailto:jhui@digisle.net]
> > Sent: Friday, May 03, 2002 6:11 PM
> > To: Hugo Haas; www-ws-arch@w3.org
> > Subject: RE: What to make of D-AC020.1?
> > 
> > 
> > Hi Hugo,
> > 
> > >   D-AC020.1
> > > 
> > >     A service consumer must be able to know the privacy 
> > >     policies of the
> > >     service provider(s) that it is going to interact with.
> > 
> > This sounds good, except the "service consumer must be able
> > to" part seems
> > to place the burden (of privacy policies) more on the 
> > consumer than on the
> > provider.  If it's agreeable that the burden should be 
> mostly (or even
> > solely?) on the provider, then it may help to invert the 
> statement to
> > something like:
> > 
> >       A service provider MUST disclose its privacy policies 
> in manners
> >       that can be easily understood by the consumers.  In 
> the absence
> >       of such disclosure, a consumer (of the service) SHOULD assume
> >       that neither the service nor its provider furnishes 
> any privacy
> >       policy.
> > 
> > Cheers,
> > 
> > Joe Hui
> > Exodus, a Cable & Wireless service 
> > ============================================
> > 
> > > -----Original Message-----
> > > From: Hugo Haas [mailto:hugo@w3.org]
> > > Sent: Friday, May 03, 2002 1:13 PM
> > > To: www-ws-arch@w3.org
> > > Subject: Re: What to make of D-AC020.1?
> > > 
> > > 
> > > Hi Joe.
> > > 
> > > * Joseph Hui <jhui@digisle.net> [2002-05-02 15:43-0700]
> > > > D-AC020.1 is in the form of a question (as opposed to a
> > statement).
> > > > What are we supposed to make of it as a CSF?
> > > 
> > > Would the following rewording, carrying the same ideas, 
> address your
> > > concerns:
> > > 
> > >   D-AC020.1
> > > 
> > >     A service consumer must be able to know the privacy 
> policies of 
> > > the
> > >     service provider(s) that it is going to interact with.
> > > 
> > > Regards,
> > > 
> > > Hugo
> > > 
> > > --
> > > Hugo Haas - W3C
> > > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ -
> > > tel:+1-617-452-2092
> > > 
> > > 
> > 
> > 
> > 
> 
> 
> 
> 
Received on Tuesday, 7 May 2002 21:10:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:24:59 GMT