Re: Best Practices for Outsourcing (ACTION-47, ISSUE-49)

On Mar 16, 2012, at 10:30 AM, Jonathan Mayer wrote:

> At the Santa Clara meeting we debated whether to mandate specific technical requirements for the outsourcing exception.  The compromise consensus was to call for "reasonable" measures and give implementers guidance in a non-normative section.

Hi Jonathan,

Saying "you should do" is a normative statement, regardless of
where it appears or whether or not the word should is in uppercase.
As such, standards editors are instructed not to use it within
non-normative sections except when the subject is clearly not a party
to the standard.  The compliance spec has a few other bugs like that
which the editors will need to fix once we have fewer options.

Normally, this kind of text would appear in a Best Practices document,
separate from the compliance or protocol spec, and be phrased in neutral
terms like "Here are a set of practices that are believed to preserve
privacy (or at least limit loss of privacy) ...".  If it was developed
within the WG, it would be written by subject matter experts -- like
by the sysops within some of the larger outsourcing orgs.  It could
also be written up as a paper outside the WG process and referenced as
non-normative, just like I referenced the KnowPrivacy paper in the

Normally, such best practices are written after the standard has
reached consensus.


Roy T. Fielding                     <>
Principal Scientist, Adobe Systems  <>

Received on Saturday, 17 March 2012 00:50:57 UTC