- From: Kepeng Li <kepeng.lkp@alibaba-inc.com>
- Date: Thu, 14 May 2015 17:31:09 +0800
- To: Christine Runnegar <runnegar@isoc.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Hi Christine and all,
I will be on flight during our conference call time, apologize that I
can¡¯t join the call today.
About agenda item 4, I have reviewed it and hare are some feedbacks.
> 4. Privacy review request from W3C Web Payments Interest Group
>concerning W3C Web Payments Interest Group [6]
http://www.w3.org/TR/web-payments-use-cases/
1) Section 6.1.2 Agreement on Terms
Privacy / Security£º It is important that people retain control over when
and how their credentials are shared.
Comments: I suggest to add "personally identifiable information¡± to the
sentence above. We also need to consider privacy, not only security.
2) Section 6.1.2.1 Non-essential Use Cases
Privacy / Security: We must ensure adequate security for these highly
sensitive transactions to reduce the likelihood of phishing attacks.
Comments: I suggest to split this into two parts, privacy and security.
The sentence above is about security. We can add one sentence about
privacy:
Privacy: We must ensure adequate protection for the very sensitive
personally identifiable information to reduce the likelihood of privacy
leakage.
3£©Section 6.2.2 Selection of Payment Instruments
Privacy / Security: The types of payment instruments available to a payer
could be used to digitally fingerprint a payer even if they were using an
pseudo-anonymous payment mechanism. Merchants and payees may be legally
obligated to protect this kind of payer payment information.
Comments: I think we should put stronger requirements to merchants and
payees, ¡°may¡± is not sufficient. I suggest to change it to ¡°must¡±, at
least ¡°should".
4) Section 6.4.2 Delivery of Receipt
Privacy / Security: Many merchants want to ensure that receipts are not
readable by any party between them and their customer.
Comments: Receipts should also be not modifiable. I suggest to add
¡°modifiable¡± after ¡°readable¡±.
5) Section 6.4.2 Delivery of Receipt
Privacy / Security: Physical receipts should ensure that private
information is not exposed on the receipt.
Comments: Sometimes, we need to have some information on the receipt to
identify the user, e.g. ticket checking. Another way is to blur the
private information. I suggest to change it to: Physical receipts should
ensure that private information is not exposed on the receipt, or the
private information is blurred.
Thanks
Kind Regards
Kepeng Li
Alibaba Group
ÔÚ 11/5/15 5:17 pm£¬ "Christine Runnegar" <runnegar@isoc.org> дÈë:
>A friendly reminder and the draft agenda
>
>If you have any comments regarding the draft agenda, please share them on
>the list.
>
>1. Welcome and introductions
>
>2. Privacy review request from Web Applications Security WG concerning
>Subresource Integrity [1]
>
>3. Privacy review request from CSV on the Web Working Group concerning:
>
>Model for Tabular Data and Metadata on the Web [2]
>- an abstract model for tabular data, and how to locate metadata that
>enables
>users to better understand what the data holds; this specification also
>contains non-normative guidance on how to parse CSV files.
>
>Metadata Vocabulary for Tabular Data [3]
>- a JSON-based format for expressing metadata about tabular data to inform
>validation, conversion, display and data entry for tabular data
>
>Generating JSON from Tabular Data on the Web [4]
>- how to convert tabular data into JSON
>
>Generating RDF from Tabular Data on the Web [5]
>- how to convert tabular data into RDF
>
>4. Privacy review request from W3C Web Payments Interest Group concerning
>W3C Web Payments Interest Group [6]
>
>5. Comments requested on privacy and security considerations of Media
>Capture and Streams [7]
>
>6. Should sensors require a privileged context? (Discussion raised in
>Device API WG)
>
>7. AOB
>
>Christine and Tara
>
>[1] http://w3c.github.io/webappsec/specs/subresourceintegrity/
>[2] http://www.w3.org/TR/2015/WD-tabular-data-model-20150416/
>[3] http://www.w3.org/TR/2015/WD-tabular-metadata-20150416/
>[4] http://www.w3.org/TR/2015/WD-csv2json-20150416/
>[5] http://www.w3.org/TR/2015/WD-csv2rdf-20150416/
>[6] http://www.w3.org/TR/web-payments-use-cases/
>[7]
>http://www.w3.org/TR/2015/WD-mediacapture-streams-20150414/#privacy-and-se
>curity-considerations
>
>> Begin forwarded message:
>>
>> From: Christine Runnegar <runnegar@isoc.org>
>> Subject: PING call - 14 May 2015 - call details
>> Date: 8 May 2015 10:21:48 am GMT+2
>> To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
>> Resent-From: <public-privacy@w3.org>
>>
>> Dear all,
>>
>> We have our monthly teleconference on Thursday 14 May 2015 at 9am PT,
>>12pm ET, 16 UTC, 6pm CET
>>
>>
>>https://www.timeanddate.com/worldclock/fixedtime.html?iso=20150514T18&p1=
>>87&ah=1
>>
>> The draft agenda for the call will be circulated shortly.
>>
>> In the meantime, please let us know if you would like to add anything
>>to the agenda.
>>
>> Call details:
>>
>> Zakim Bridge +1.617.761.6200, conference 7464 ("PING")
>> SIP/VOIP details available here:
>>http://www.w3.org/2006/tools/wiki/Zakim-SIP
>>
>> Please also join us on IRC in the #privacy room.
>> Server: irc.w3.org
>> Username: <your name>
>> Port: 6665 N.B.: not the default IRC port!
>> Channel: #privacy
>>
>> Christine and Tara
>
Received on Thursday, 14 May 2015 09:32:01 UTC