- From: <Patrick.Hung@csiro.au>
- Date: Wed, 6 Aug 2003 13:35:52 +1000
- To: elisa@ieee-isto.org
- Cc: public-p3p-spec@w3.org, lena.kannappan@rd.francetelecom.com
Dear Elisa, Joseph and I have created a P3P Beyond HTTP Task Force Report that may cover some of the privacy issues in Web services the Liberty Alliance is interested in: http://www.w3.org/P3P/2003/p3p-beyond-http/Overview.html In fact, I am studying the Liberty Alliance specifications and try to figure out the common areas. Many thanks and I am looking forward to hearing from you soon. Patrick. -----Original Message----- From: Joseph Reagle [mailto:reagle@w3.org] Sent: Friday, 9 May 2003 5:57 AM To: Elisa Korentayer Cc: public-p3p-spec@w3.org Subject: Re: Liberty-P3P Interaction On Wednesday 30 April 2003 12:07, Elisa Korentayer wrote: > The Liberty subteam that has been charged with drafting the Privacy > Preferences Expression Languages White Paper is very interested in > continuing the discussion and cooperation started with P3P at the Boston > meeting in March. Elisa, thank you for the pointers. I've reviewed the documents and besides the editorial comment below don't have many substantive comments. It's quite a lot material to get my mind around. I don't trust I understand it all quite yet, but after my efforts I was left with the following two impressions: 1. When it comes to making a declaration in the context of federated identity services, a possible challenge is specifying the scope of the soliciting service and the subsequent recipients? For example, should an identity service represent the policy from itself, rather narrowly, with a wider recipient, or define "itself" as the set of all affiliates it might share the information with, with no other recipients? 2. Where is the p3p hook? I note that the SOAP binding has a consent header block, how does that relate to a privacy declaration? I unfortunately remember little of the "five level policy approach", have you published anything with respect to that yet? The editorial nit was in the Architecture Overview, it uses the term "introduce" and "federate" (i.e., "You may Federate your Airline Inc. identity with any others...") without first defining it. Unfortunately, the documents aren't hypertext (so I can't easily follow a link to their normative definitions) but it seems the glossary gives a definition for federate (i.e. bind), but not introduce. I'm sure the Overview states their meanings, but perhaps doing so more explicitly would help it sink in. <smile/> > In terms of scheduling, we would like to get a sense from you as to > whether P3P, or the P3P members engaged in this project, would be > interested in having a phone conversation at the end of May to speak more > on these issues. I'll defer this question to the P3P group for discussion. > And, on a larger scale, we would like to get a sense of > P3P's interest level, and timeline, for working on a White Paper for the > use of P3P in the Liberty context. On that note, I'm working in a task force to hopefully address some questions of how to bind SOAP or WSDL with a P3P statement. Once it is in decent form it might be relevant to the questions you have and I would also be willing to review/comment upon the White Paper.
Received on Tuesday, 5 August 2003 23:36:02 UTC