- From: Eric Prud'hommeaux <eric@w3.org>
- Date: Tue, 22 Mar 2005 08:46:23 -0500
- To: public-rdf-dawg@w3.org
- Message-ID: <20050322134623.GC22986@w3.org>
Persuant to ACTION EricP: propose "privacy considerations" for SPARQL protocol, I cribbed a bit of wording from RFC 2616 (HTTP 1.1) and dreamed up some more. I aggressively promo privacy policies in this text. I think that's a good idea, others may think I went too far: As with any query protocol, query servers must take care that facts disclosed in, or implied by, query results do not violate applicable privacy or secrurity policies. Conversely, it is good practice to consider query interfaces when gathering data and to publish a realistic privacy policy for the benefit of anyone contributing data. It is impossible to identify all private or sensitive information here. Addresses and credit card numbers are clearly sensitive, however, even the language constraints on literal queries can associate the client with a particular ethnic group. There is no a priori method of determining the sensitivity of any particular piece of information within the context of any given request. SPARQL servers SHOULD supply as much control over this information as possible to the provider of that information. Query URLs and server logs contain information about clients' areas of interest. This information is clearly confidential unless otherwise indicated in a privacy policy. Storage and distribution of this data can be constrained by law in some countries. Under-constrained queries can result in huge numbers of results, and thus are one possible source of denial of service attacks. Query services may choose to detect under-constrained queries, impose time or memory limits on queries, or impose other restrictions to reduce the service's vulnerability to denial of service attacks. -- -eric office: +81.466.49.1170 W3C, Keio Research Institute at SFC, Shonan Fujisawa Campus, Keio University, 5322 Endo, Fujisawa, Kanagawa 252-8520 JAPAN +1.617.258.5741 NE43-344, MIT, Cambridge, MA 02144 USA cell: +81.90.6533.3882 (eric@w3.org) Feel free to forward this message to any list for any purpose other than email address distribution.
Received on Tuesday, 22 March 2005 13:46:23 UTC