- From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Date: Tue, 17 Aug 2010 13:03:04 +0100
- To: jeanpierre.lerouzic@orange-ftgroup.com
- CC: renato@iannella.it, public-pling@w3.org
Hi Jean Pierre Audit is clearly desirable, but the auditor has to audit against something. The user's privacy preferences (or rule set) would be something for the auditor to audit against, so in that context, they make sense. regards David jeanpierre.lerouzic@orange-ftgroup.com wrote: > Hi all, > > Isn't the privacy ruleset approach similar to a weak audit approach? I > mean it's not so useful to specify some future behaviour of a service > provider if one is not sure she is confronted to a real threat or not. > The ruleset approach works well with the nice guys, who probably will > behave nicely anyway. The bad guys will laugh at the privacy ruleset. > Another thing about auditability is that it involve some notarial > recording, here with the "privacy ruleset" there is no record about what > the user specified, so no legal enforcement could be achieved: The > user terms about her interaction with the service provider will be lost > as nobody record it! > This audit approach is not the same as a policy approach which enforce > in real time. > > Let me know your opinion, > > Jean-Pierre > > ------------------------------------------------------------------------ > *De :* public-pling-request@w3.org [mailto:public-pling-request@w3.org] > *De la part de* Renato Iannella > *Envoyé :* mardi 17 août 2010 02:19 > *À :* pling > *Objet :* PLING - Call to Action.... > > Dear PLINGers... > > You maybe interested in the outcomes of the recent W3C Workshop on > Privacy for Advanced Web APIs - the report [1] states "the W3C staff > plans to propose a charter for a Privacy Interest Group... Such an > Interest Group could also provide a focal point for privacy-related > coordination with other interested standard development organizations". > > One of the other interesting activities of the W3C Device APIs and > Policy WG - reported from the Workshop -was the development of the > "Privacy Rulesets" [2] - a way to describe user privacy preferences. > > Clearly, these impact on the future of PLING and our role in W3C. > > We should discuss this at the next teleconference (at least) and online > now... > > Cheers > > Renato Iannella > http://renato.iannella.it > > [1] http://www.w3.org/2010/api-privacy-ws/report > [2] http://dev.w3.org/2009/dap/privacy-rulesets/ -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
Received on Tuesday, 17 August 2010 13:45:50 UTC