W3C home > Mailing lists > Public > www-ws-cg@w3.org > October 2002

Re: XMLP WG Issue 240 Resolution

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 16 Oct 2002 13:17:28 -0400
Message-ID: <016801c27537$e7c825a0$9816cf87@barbaloot>
To: "Hugo Haas" <hugo@w3.org>
Cc: <xmlp-comments@w3.org>, <www-ws-cg@w3.org>, "P3P Specification Group" <w3c-p3p-specification@w3.org>

While I am quite glad to see the presence of AC020 in the
web services architecture requirements document, I have
two concerns:

1) We understood the XMLP requirement to mean that specific
mechanisms would be specified, while the working group
has instead intepreted it to mean simply to create a spec
which would make it possible for someone else to specify
specific mechanisms. Since AC020 uses the term "enable"
I fear that this requirement may be interpreted in a similar
way, and it might be argued that the requirement has already
been met since nothing in the proposed architecture
prevents mechanisms from being built to do these things -- there
for it enables privacy protection. Therefore, I would like to see
a requirement that actually mandates that a working group
create something rather than just develop an architecture
absent of obstacles to the future creation of something.

2) I am concerned about your statement "the Web
Services Architecture Working Group will tackle the problem, or at
least place some requirements on a Working Group which will craft a
concrete solution to it." I think that it is important that privacy
get built into web services sooner than later. Privacy protection
can be relatively easy to build into systems when it is built
in from the beginning, while retrofitting systems later tends
to make it more expensive. Since web services technology
is already being deployed, we need to get privacy built into
it as soon as possible. We need someone to take on this
task in the short term, and not leave open the possibility
that a working group will think about this for a while and then
delegate it to another working group.

Lorrie


----- Original Message -----
From: "Hugo Haas" <hugo@w3.org>
To: "Lorrie Cranor" <lorrie@research.att.com>
Cc: <xmlp-comments@w3.org>; <www-ws-cg@w3.org>; "P3P Specification Group"
<w3c-p3p-specification@w3.org>
Sent: Wednesday, October 16, 2002 11:33 AM
Subject: Re: XMLP WG Issue 240 Resolution


> Hi Lorrie.
>
> * Lorrie Cranor <lorrie@research.att.com> [2002-10-16 09:40-0400]
> > The P3P Specification working group is not satisfied with
> > the resolution to issue 240 [2]. We do not believe the XMLP
> > group has met the requirement that it be possible "to associate
> > a P3P Privacy Policy with an XMLP message." Nonetheless,
> > given that the XMLP working group does not believe that
> > further work on this issue is within their charter, we would
> > be satisfied if the issue would be assigned to another web
> > services working group which does have a charter that
> > permits it to work on this.
> >
> > The P3P Specification working group hereby requests that
> > the issue we raised with the XMLP group in [2]
> > be considered by the WS CG so that a process can be
> > put in place by which this issue can be resolved. It is critical
> > that this issue not fall between the cracks simply because
> > no group believes it fits within their charter. The P3P
> > Specification working group would be happy to assist one
> > of the web services groups in resolving this issue. Perhaps
> > this issue could be resolved most expediantly by appointing
> > a cross-group task force that inclues a couple of members
> > from the P3P group and a couple of members from one of the
> > web services groups.
>
> To understand the issue a little better, how does your request relate
> to the Web services architecture requirement AR020.5[3]:
>
>   The WSA must enable delegation and propagation of privacy policy.
>
> It seems that this requirement covers this, and therefore that the Web
> Services Architecture Working Group will tackle the problem, or at
> least place some requirements on a Working Group which will craft a
> concrete solution to it.
>
> AR020.5 came out of the following scenario, which needs to be
> integrated into the Web Services Architecture Usage Scenarios
> document:
>
>   http://lists.w3.org/Archives/Public/www-ws-arch/2002Jul/0368.html
>
> This scenario doesn't explicitely call out for a P3P policy concretely
> traveling along with a message, but I think that it covers the
> situations.
>
> Regards,
>
> Hugo
>
>   3. http://www.w3.org/TR/2002/WD-wsa-reqs-20021011#AC020
> --
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/
>
Received on Wednesday, 16 October 2002 13:28:09 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.30 : Monday, 21 November 2005 18:07:22 GMT