action-325: Help re-factor into appendices

I volunteered to draft a version of the Compliance document where some of the non-normative sections could be refactored into appendices, something that has been requested a few times, and is tracked by issue-175.

My proposal is that we start with an appendix for "Privacy Preserving Techniques" and use that appendix to store any text that just provides a non-normative description of one technology or technique for accomplishing the high-level goals that we tend to use in our compliance requirements. This creates an appendix that looks like the following:

Appendix A: Privacy-Preserving Techniques
(TOC numbers from their existing locations.) Technical Precautions Siloing in the Browser Same-Origin Policy Cookie Path Attribute Storage Key Siloing in the Backend Encryption Keys Access Controls Access Monitoring Retention in the Backend Internal Practices Policy Training Supervision and Reporting Auditing

I think we could profitably write up an explanation of k-anonymity to go into this section, perhaps as one way to handling the unlinkability debate. Shane had also suggested some techniques for hashing for frequency capping, which could also end up here.

I've attached a diff and the resulting HTML file in case the group wants to inspect how this looks. I'm not sure the editors or authors of these sections support moving these pieces around right now, though. I'm fine either way, but if the group/editors decide that we should refrain from refactoring the document until more options have been closed out, then I would suggest that we POSTPONE issue-175 until such time that the editors think it would be useful.


Received on Wednesday, 7 November 2012 06:30:27 UTC