Re: [ietf-provreg] [BH] P3P and Extensible Provisioning Protocol

On Monday 07 April 2003 20:27, Eric Brunner-Williams in Portland Maine 
wrote:
> p3p:nonident - does not collect identified data
> epp:null - data is not persistent
>
> The problem-domains are not identical. P3P is concerned with "initial
> data collection", EPP is concerned with "onward transport" of data
> previously collected.

If the initial data collection had a particular policy (P3P) wouldn't it be 
best to pass on the initial P3P agreed to, with the data, when it is 
distributed to those with the "same" policies?

Let me back way up and ask what data is involved here? Was there a usage 
scenario? (Didn't see one, but I expect its clear to those involved with 
provreg, of which I'm mostly ignorant.) I was presuming, as you said, that 
the data was initially collected by a registrar and then shared with a 
registry. So for instance:
  https://www.gandi.net/whois?l=EN&domain=w3.org
contains personally identifiable data. My (continued) presumption was that 
the registrar, Gandi, might have a policy associated with the collection of 
this information. Now, Gandi might also share this with a .org TLD registry 
data base. So in it's initial <create> it would see the registry <greeting> 
and note its <dcp> (policy). If this didn't match the data it collected it 
under, then it might not upload the information if it said p3p:same, or it 
might if it said p3p:other-recipient. (In the first case, it's more likely 
to say p3p:public since whois is public, or at least to set its privacy 
policy based on the policies it knows it must interact with on the back 
end.)

However, my scenario, which is probably incorrect, fails to predict the 
variances in EPP.

> As "others" are the IESG, looking at what bits of a data collection vocab
> are substantially similar, or dissimilar, across problem domains, may not
> be the best use of anyone's time.

I didn't follow this bit.

Received on Wednesday, 9 April 2003 17:22:41 UTC