- From: Graham Klyne <graham.klyne@zoo.ox.ac.uk>
- Date: Sat, 10 Nov 2012 10:32:18 +0000
- To: Yolanda Gil <gil@isi.edu>
- CC: W3C provenance WG <public-prov-wg@w3.org>
Yolanda, Back online, I've now reviewed the use cases you identified, and realize my earlier response really missed your point. I propose to add a new paragraph to the security considerations section: [[ Provenance information may be used as a basis for auditing use of information to help establish accountability for information use [1] and due process in performing information processing tasks. Thus, provenance management systems can provide mechanisms to support enforcement and auditing of privacy and other information handling policies. In such use, provenance information itself may be a valuable target for attack by malicious agents, and care must be taken to ensure that provenance records are stored securely and in a fashion that resists attempts to tamper with it. [1] Information Accountability, Weitzner, Abelson, Berners-Lee, Feigenbaum, Hendler, Sussman, Communications of the ACM, Jun. 2008, 82-87, http://doi.acm.org/10.1145/1349026.1349043 (alt: http://dig.csail.mit.edu/2008/06/info-accountability-cacm-weitzner.pdf) ]] (I think this is a very appropriate place to flag the Weitzner reference - thanks for indirectly directing me to it.) #g -- On 07/11/2012 01:12, Yolanda Gil wrote: > Hi Graham, > > Privacy is indeed an important issue, I am very happy that you tracked this. We > collected several use cases from the community during the Provenance Incubator > that brought up provenance issues, in particular: > > http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_Report#Anonymous_Information > http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_Report#Provenance_and_Private_Data_Use > > http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_Report#Fulfilling_Contractual_Obligations > > > We reflected privacy concerns in one of the three driving scenarios that we > synthesized out of the use cases: > > http://www.w3.org/2005/Incubator/prov/wiki/Analysis_of_Business_Contract_Scenario > > Based on the discussions we had on the above, the text that you propose makes > sense to me. If anything, I'd add a sentence at the end: > > "Provenance management systems can provide mechanisms for enforcement and > auditing of privacy policies." > > Thanks, > > Yolanda > > > Yolanda Gil, USC/ISI > +1-310-448-8794
Received on Saturday, 10 November 2012 10:43:15 UTC