lightly edited TAG input to DAP WG per 8 Oct and tell Noah

ACTION-321



I dropped the ball on this, I'm afraid. Here's my attempt at

editing the note from Ashok[1] based on our discussion in

October [2] I hope I captured the sense we wanted.



[1] http://lists.w3.org/Archives/Public/www-tag/2009Sep/0073.html

[2] http://www.w3.org/2001/tag/2009/10/08-minutes#item05





Larry





===============================================================



The W3C Policy Languages Interest Group maintains a Wiki which contains

real world cases where personal information has been compromised due to

inadequate policy or poor/nonexistent enforcement:

http://www.w3.org/Policy/pling/wiki/InterestingCases. One of these cases

describes how Virgin Mobile used photos that it found on Flickr in a

national advertising program.  The photos appeared on large billboards,

much to the surprise of the owner and the subject.



In the public mind, issues related to the management and protection of

user information in Web Applications, Device access over the Web and

Services provided over the Web loom large and must be addressed.  The

TAG, therefore, urges WGs working in these areas to include in their

architecture the ability to use policy information to control access

to user data, retention of user data and related concerns. Addressing

these concerns should be a requirement, although the details of how

they are addressed may vary by application. For example, a working

group might provide mechanisms for including policy information in API

calls in a flexible manner.



There has been some dialog in this area.  The IETF GeoPriv WG has

requested the W3C Geolocation WG to add additional support for user

privacy.  See:

http://lists.w3.org/Archives/Public/public-geolocation/2009Aug/0006.html



There is a discussion thread on this subject on the Geolocation Mailing

list:

http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/thread.html#msg98