- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 23 Jul 2003 12:10:10 -0400
- To: public-p3p-spec@w3.org
1. Task force reports
- P3P beyond HTTP - Joseph Reagle
Patrick Hung is taking over this task force. Lorrie will try to get him
a jigedit account.
- User agent behavior - Lorrie Cranor
Continuing to make progress. More feedback welcome.
- Compact policies - Brian Zwit and Brooks Dobbs
Brooks and Jeremy have been discussing and will arrange a call in the
next two weeks. They will focus on documenting performance issues and
on the grouping mechanism.
- Article 10 vocabulary issues - Giles Hogben
Giles will try to attend the working party meeting in September to make
sure this gets discussed and we get EU feedback.
2. Discuss Liberty slides
http://lists.w3.org/Archives/Member/w3c-p3p-specification/2003Jul/
0002.html
Here is the gist of the feedback we want to send to Liberty. Other WG
members may draft more detailed feedback to send themselves...
We have some concerns about taking the very expressive P3P vocabulary
and reducing it down to a set of five privacy policies. If web sites
are only going to be able to describe five policies, there is not a lot
to be gained by using P3P at all. You could simply define five standard
policies in human-readable language. From a technical perspective, we
do not understand why the five-policy limitation is necessary. While
service providers may want to provide a limited set of preference
settings to users in order to make interfaces usable, it is not clear
why every service provider needs to provide the same set of preference
settings, or why web sites should be restricted to providing policies
that correspond with these settings.
We also have concerns about the way these policies have been put into a
well-ordered set. The P3P vocabulary was not intended to represent a
well-ordered set. Depending on the context and user preferences, some
data uses may be more privacy invasive than others, for example.
Looking at the specific five policies that have been proposed, we also
do not understand why the least restrictive ones are not a superset of
the more restrictive policies -- for example, why doesn't the moderate
policy include nonident and all along with contact-and-other?
We also note that the policies require the use of the remedies element,
which is actually an optional part of P3P. In addition, the delivery
element is only permitted for the least restrictive policy, however, it
is an element found in the privacy policies of most web sites today.
3. Discussion of Ari's identified/identifiable/link
clarification draft.
http://www.w3.org/Bugs/Public/show_bug.cgi?id=167
http://lists.w3.org/Archives/Public/public-p3p-spec/2003Jun/0030.html
Rigo had some concerns about Ari's draft, which he explained in
http://lists.w3.org/Archives/Public/public-p3p-spec/2003Jul/0033.html.
Lorrie suggested that Ari try incorporating Rigo's suggestions about
referring to the EU definitions in the introduction, but then stick
with his current approach. Rigo was not on the call so we don't know
what his reaction will be, but Ari will try this and then get feedback.
Brooks will send Ari a linking example to include too.
4. Our next call will be on July 30. The primary agenda item will be
discussing Jeremy's draft. If we do not receive this draft by July 28
we will probably postpone this call until August 6 (unless something
else comes up that we need to discuss).
Received on Wednesday, 23 July 2003 12:07:38 UTC