- From: Robert Thibadeau <rht@cs.cmu.edu>
- Date: Thu, 07 Feb 2002 00:08:09 -0500
- To: www-p3p-policy@w3.org
Rigo, You asked "anything" on suggestions for P3P2.0. That convinced me to say something. I want to precede by saying that I am very happy that Giles Hogben has been making a contribution. I long ago told him first to write the APPEL and P3P demonstrator it as it is laid out, and he informs me that the JRC code is now fully compliant, and he indicated perhaps the only fully compliant code out there. I now told him that he has much more 'right' (of the Camelot's "right's right" kind) than others to suggest changes. I did not "do" what Giles did, but I have been a programmer since 1966, and my Ph.D. is, in essence, in computational linguistics, so I've seen the shadows of all this for many years. Language expresses "privacy" at its very root - it is called "ergativity," "agency," or "causality" and is, as Herb Simon and Rescher pointed out in the Journal of Philosophy, by happenstance also in 1966, a "counterfactual that cannot be contraposed." It takes a system of conditionals, some of which are not disclosed, to have agency, causality, or ergativity. The classic distinction, in ergative systems, is between 'it moved' and 'she moved it.' The right to privacy is fundamental in most utterances because it is presupposed by nearly all verbs in all human languages. Nearly all our communications presuppose the listener will respect (viz., not question for proof) the right of non-disclosed control. I have two main suggestions for P3P 2.0. The first is to "objectize" the definitions. As I mentioned, I have long thought that P3P belonged at the IETF level because privacy agreements should have scope beyond HTTP transactions. The privacy object may provide a core P3P definition strictly for "policies" and, see below, "contracts". The object methods that can instantiate such a object, for client or for server, may differ depending on chosen context, with the only measure of success being that an agreement be reached. Pointer mechanisms, such as policy ref's are good in this. It should be possible to "self" a privacy object and thereby invoke a instance that is an agreement or contract. I would like to see a 'fast ported' protocol, on its own TCP port, and a augmentation to SMTP, as well as HTTP. All capable of achieving the same results between parties to the privacy agreement. The second is to support the form of persona that I have been proposing - to keep clear it is really only part of the implementation of a persona, so we can call it a "persona's privacy policy, or PPP." There should be a way to express a privacy policy that includes variables to be filled in by the client or server agents. Furthermore, it should be possible to specify that these variables are authenticated or not (e.g., that a XML authentication or X.509v3 can establish that the person is who he says he is). Finally, we should be able to name a policy with a persona name and these should be globally unique. There should be an "Amazon Shopper" persona, for example. With this people can build simple software that allows people to build privacy policies for groups of people and organizations but applying to individuals. A PPP should also have provision for digital signing by all the parties to a transaction and therefore should have offered signature authorities (an ordered set of certificates, for example) for each signator as well as any agents (proxies) who may be operating on behalf of client or server agents. That's about it. Thanks to everybody involved for the good work. I wholeheartedly back the continuation of the P3P efforts. Regards, Bob
Received on Thursday, 7 February 2002 00:14:48 UTC