- From: Schutzer, Daniel <schutzerd@citigroup.com>
- Date: Wed, 1 Jan 2003 07:26:34 -0500
- To: Matthias Schunter <mts@zurich.ibm.com>, public-p3p-ws@w3.org, "'Durkee, Steve (CITIC)'" <steve.durkee@citicorp.com>
- Cc: wmi@zurich.ibm.com, evh@zurich.ibm.com
To better evaluate this future work proposal, it would be helpful to understand in more detail just what types of changes you are proposing. For example, today we can identify on an individual element basis whether that information element is opt-in opt-out or required - what more are you recommending? -----Original Message----- From: Matthias Schunter [mailto:mts@zurich.ibm.com] Sent: Friday, December 13, 2002 10:04 AM To: public-p3p-ws@w3.org Cc: wmi@zurich.ibm.com; evh@zurich.ibm.com Subject: Future Work Proposal: P3P Spec. Ambiguities SCOPE A P3P policy should make clear what recipient is allowed to perform what purpose on which data element. In addition, it should define what data can be collected, whether it needs to be anonymized at collection, and how long can it be retained. Unfortunately, the P3P specification only describes the meaning of a policy that restricts itself to the most primitive case. Complicated cases, like conflicts, are not sufficiently addressed. The following issues should be clarified: - Overlapping Statements: What is the meaning of overlapping statements In particular if some have opt-in opt-out, some haven't. - Meaning of non-identifiable: It is unclear what an non-identifiable element means. RESOURCES - Matthias Schunter - Review and proposed changes to the spec. - Aiming at an addenum to 1.0 that clarifies these issues. -- Dr. Matthias Schunter <mts (at) zurich.ibm.com> --- IBM Zurich Research Laboratory, Ph. +41 (1) 724-8329 Fax +41-1-724 8953; More info at www.semper.org/sirene PGP Fingerprint 989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Wednesday, 1 January 2003 07:27:17 UTC