Re: summary of informal PING working meeting last Friday... from Hannes Tschofenig on 2014-03-11 (public-privacy@w3.org from January to March 2014)

From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Date: Tue, 11 Mar 2014 20:05:55 +0100
To: Joseph Lorenzo Hall <joe@cdt.org>, public-privacy@w3.org
Message-ID: <531F5E93.10806@gmx.net>

Hi Joe,

Note that there are two different aspects:

1) A description that explains what a document author would have to
consider when taking privacy into account during the design of a protocol.

2) How the process of doing privacy write-ups and reviews looks like.

RFC 6973 (and http://www.tschofenig.priv.at/w3c-privacy-guidelines.html)
are about #1.

Regarding item #2 we (in the IETF/IAB) are still debating how exactly
this would be done since there isn't a lot of experience out there.

We had a meeting at the last IETF meeting (which was last week in
London) to find out how such reviews could actually take place. There is
also a document that puts more requirements (in terms of process forward):
https://tools.ietf.org/html/draft-cooper-ietf-privacy-requirements-00

I am always uncertain whether you guys talk about #1 or #2 when you
refer to RFC 6973. You seem to conflate the two aspects.

Ciao
Hannes

On 03/11/2014 04:48 PM, Joseph Lorenzo Hall wrote:
> 
> 
> On 3/11/14, 11:01 AM, Hannes Tschofenig wrote:
> 
>> On 03/11/2014 03:03 PM, Joseph Lorenzo Hall wrote:
>>> The guidelines in RFC 6973 are in no way systematic; they are
>>> probably better characterized as a point or one-time evaluation.
>>> They are meant to be a set of considerations that IETF
>>> specifications should respond to before Area Director review, and
>>> the AD can require specification editors to include text
>>> addressing those issues.
> 
>> Joe, could you explain your criticism regarding RFC 6973?
> 
>> Regarding the question about when to do the review RFC 6973 does
>> not mandate a specific style. In the IETF, as you know, reviews are
>> done in all stages of the document life-cycle (not only during IESG
>> review).
> 
> I didn't mean it as a critique necessarily... just a statement of the
> model of review that IETF currently supports. It seemed to be that the
> w3c process is so different that having more specific elements
> sprinkled throughout the standards process might be a good alternative.
> Of course, the desire to make this not a chore for PING or WG
> participants is a big part of what we can reasonably do here... which
> is why I think a two part solution may be good in the short term:
> 
> 1. Have something solid in place for newly chartered activities that
> incorporates PING and privacy (trainings, privacy consideration input
> into draft charters).
> 
> 2. Try and enhance or profile the 6973 guidelines for web standards
> such that we're comfortable that it will do some real good in  what
> Frank talks about in the "go-live" sign-off... but that clearly must
> happen at the Working Draft stage.
> 
> I'm a total noob, so please teach me where I'm being naive and we'll
> move on to do great things.
> 
> best, Joe
> 
> 
>

Received on Tuesday, 11 March 2014 19:19:57 UTC