- From: Rigo Wenning <rigo@w3.org>
- Date: Sun, 16 Nov 2003 02:28:17 +0100
- To: Patrick.Hung@csiro.au
- Cc: public-p3p-spec@w3.org
On Wed, Nov 12, 2003 at 05:33:41AM +1100, Patrick.Hung@csiro.au wrote: > I got a few comments from the talk I gave at the Hong Kong > University of Science and Technology (HKUST) about P3P and P3P > Beyond HTTP as follows: > > (1) Referring to the "Privacy" tab in the "Internet Option" from > IE, it doesn't really tell much to a non-computer scientist. It > seems that every IE user must understand P3P and APPEL in order to > set their privacy preferences properly. We can't help here, as this is Microsoft specific. This is the user interface issue we want to solve with the user-agent guidelines. But we can't help with IE specifics and the specification doesn't mandate to many things in the user interface. (which is good to allow competition) > > (2) Privacy is still a very tough problem in accessing Web pages > (as what P3P is mainly targeting for), and it involves a lot of > non-technical issues such as management. How could we overcome > the non-technical issues in the Web services scenario? The issue here is the diversity that is enabled by web services. The privacy issues simply depend on the current service, the data that it needs and the way it handles that data. In general, non-technical stuff is governed by sector-specific industry best practices or laws. But we should be able to help them express it in P3P and show the power of transparency here. > > (3) There should have some learning technologies (such as the learning > technology for detecting SPAM e-mails) to set the privacy preferences > for a user. IMHO, the creation of preferences is more a process than a static thing. For the time being, implementers preferred to have static preferences for the sake of simplicity and ease of implementation. Also, it is not easy to write things back to an apple file. Giles already had some remarks on this and suggested to use xpath instead. We haven't even attacked this issue so far. > > (4) The relationships between security and privacy are still not > very clear. Security obligations were always a part of the computer-privacy world. Personal data is sensitive data and should be secured. JRC and Giles suggested to have a security-metadata system to be able to express the security features of a service in order to make privacy decisions. But there was not much interest in such an ontology. > > By the way, would you please tell me more about "the plans for a > workshop in WS-Privacy and Policy?" At the moment, this is stalled. I can't tell you more for the moment. Best, Rigo
Received on Saturday, 15 November 2003 20:28:50 UTC