- From: <Patrick.Hung@csiro.au>
- Date: Wed, 12 Nov 2003 05:33:41 +1100
- To: rigo@w3.org
- Cc: public-p3p-spec@w3.org
Hi Rigo, How are you doing? I am sorry to reply you late as I was ver busy in the past two weeks. I got a few comments from the talk I gave at the Hong Kong University of Science and Technology (HKUST) about P3P and P3P Beyond HTTP as follows: (1) Referring to the "Privacy" tab in the "Internet Option" from IE, it doesn't really tell much to a non-computer scientist. It seems that every IE user must understand P3P and APPEL in order to set their privacy preferences properly. (2) Privacy is still a very tough problem in accessing Web pages (as what P3P is mainly targeting for), and it involves a lot of non-technical issues such as management. How could we overcome the non-technical issues in the Web services scenario? (3) There should have some learning technologies (such as the learning technology for detecting SPAM e-mails) to set the privacy preferences for a user. (4) The relationships between security and privacy are still not very clear. By the way, would you please tell me more about "the plans for a workshop in WS-Privacy and Policy?" Cheers, Patrick. -----Original Message----- From: Rigo Wenning To: public-p3p-spec Sent: 6/11/2003 9:59 Subject: [Minutes] 5 November call Present: Dave Stampley Brooks Dobbs Jack Humphrey Jeff Edelen Rigo Wenning 1/ P3P beyond HTTP Rigo gave brief update about the plans for a workshop in WS-Privacy and Policy. He further reported on the coordination going on with the WSDL working group. As Patrick Hung wasn't present, this was rather short. 2/ Discussion of P3P 1.0 element definitions and translations discussed the final versions of court and law. Dave agreed, so it is final now We agreed on the disputes, so remedies are just a follow up. So the drafting should follow the same lines as the wordings on disputes. We started to discuss the <remedies> element. In the current shape, Dave argued that a service would have an obligation of result, which he can't really promise as it might be impossible in some cases. At the same time, as in disputes, there might be other remedies that are not mentioned in the policy. We didn't want to exclude them neither lead people to believe that the remedies mentioned in this section are the only ones applicable to the dispute. Suggestion from Dave: The service-provider offers or acknowledges that the following remedies may apply to the identified dispute-resolution procedures. If there is no objection until next call, we take this as final. talking about <correct/> The discussion turned around the fact, that this is an obligation of means. There were concerns to say procedure implemented as SME's would have too large a burden to implemnent that. On the other hand, as we removed the obligation of result, we were concerned that it wouldn't be strong enough anymore. So we added policy, which means, that there has to be at least some guy responding and some thinking before using that element. Suggestion: The service-provider has implemented a policy to rectify errors or consequences for disputes arising in connection with the privacy statement. Agreement on this phrase. If there is no objection until next call, we take this as final. <money element> We discussed, that compensation is not always money. It might also be a free subscription etc. We wanted to align with <correct> Suggestion: The service-provider has implemented a compensation policy for disputes arising in connection with the privacy statement. We discussed the fact, that compensation doesn't mean necessarily to also correct the errors involved with a dispute or violation of the policy. In order to express that errors will also be corrected, <money> and <correct> would have to be present in the policy. We felt, that we should add some explanation to the specification. Agreement on this phrase. If there is no objection until next call, we take this as final. <law> element Suggestion: Remedies for disputes arising in connection with the Privacy Statement may be specified by the law referenced in the human readable description Agreement on this phrase. If there is no objection until next call, we take this as final. ACTION Rigo clean up http://www.w3.org/P3P/2003/p3p-translation.htm We had no time left to discuss the domain relations proposal and will continue to discuss this over the mailing-list. Jack already responded. Everybody else is also invited to give his comments. The date of the next meeting will be discussed over the mailing-list. Scribe=Rigo
Received on Tuesday, 11 November 2003 13:33:45 UTC