Re: Things we're not doing from ashok malhotra on 2010-07-23 (public-vision-core@w3.org from July 2010)

From: ashok malhotra <ashok.malhotra@oracle.com>
Date: Fri, 23 Jul 2010 09:52:13 -0700
To: Thomas Roessler <tlr@w3.org>
CC: public-vision-core <public-vision-core@w3.org>
Message-ID: <4C49C8BD.6020708@oracle.com>

See inline
All the best, Ashok


Thomas Roessler wrote:
> On 23 Jul 2010, at 17:17, ashok malhotra wrote:
>
>   
>> Let me comment on three items:
>>
>> 1. Privacy. To the man on the street privacy and security may be the two biggest problems with the Web.
>> OASIS is starting a TC on a privacy model.  Charter is at http://www.oasis-open.org/committees/process-2009-07-30.php#formation
>>     
>
> That seems to be a link into the OASIS process document.  Would you have a pointer to the charter?
>   
Sorry!  Copy of Charter is attached.
> I'll add that one of the results in the workshop report will be that there are several ideas on the table, but a great deal of uncertainty about how deployable those ideas are.  Structurally, they very much overlap with this piece:
>
>   
>> This is a strong model where everytime a website wants some personal information it has
>> to indicate why it wants the information and request permission.  Some feel this is too onerous and
>> recommend an alternate model where you indicate your privacy preferences (what data, who can see it, how long)
>> and the privacy preferences are carried along with the data.  If they are violated, there are legal recourses.
>>     
>
> Can you say more about the extent to which the OASIS TC is doing concrete work, vs abstract modeling in the direction of ISO/IEC JTC 1 SC 37 WG 5's privacy model?
>   
It seems to be working on the model.  The charter says:  "to develop and 
articulate a Privacy Management Reference Model that describes a set of 
broadly-applicable data privacy and security requirements and a set of 
implementable Services and interactions for fulfilling those requirements."

>
>   
>> 2. Identity
>> Anyone can get an OpenId ... I have 3!  But there is no way to verify if, indeed, what/who I claim to be is
>> accurate.  This kind of Id is useful for single-sign on but it is not verified identity.  The Social Security Office
>> will not accept it.  So, should we try and start an agency that that provides verified identity?  This should be
>> voluntary, so there is a means to verify your identity if you choose to provide it.  The agency should keep
>> track of who requests your identity.  The eGoverment folks may be interested.  My take the fun out of online dating :-)
>>     
>
> Are you suggesting that this sort of assurance should be part of W3C's mission?  Or are you suggesting that W3C should consider identity protocols part of of its mission?
>   
I'm thinking out loud!  I think a verified identity agency would be 
great but not clear it is for the W3C to start.
I'm sorry you will not be on Tuesday's call.  We should discuss.
>
>

Attachments

application/pdf attachment: COPY_OF_CHARTER_FOR_OASIS_Privacy_Management_Reference_Model.pdf

Received on Friday, 23 July 2010 16:55:26 UTC