- From: Larry Masinter <masinter@adobe.com>
- Date: Wed, 16 May 2012 11:45:00 -0700
- To: Noah Mendelsohn <nrm@arcanedomain.com>
- CC: "ashok.malhotra@oracle.com" <ashok.malhotra@oracle.com>, Robin Berjon <robin@berjon.com>, "www-tag@w3.org" <www-tag@w3.org>
Thanks for the clarification.
> It's now been clarified that Ashok was referencing in the
> context of Robin's work on Privacy by Design in APIs [1], and I think we've
> all agreed that the next time we should discuss that is when Robin has a
> new draft, or requests a session.
...
> I'm certainly glad to give this agenda time either way, but I'm curious as
> to whether you see the above as being within the scope of [1], and if not,
> what you know about how you'd like to organize TAG work on privacy beyond
> what's called for in [1].
Ashok was referencing [3].
[3] has one normative reference, [2].
[3] and [2] should be in scope for discussing [1] since [1] purports to
address privacy threats, and [3] enumerates considerations for privacy
threats using the terminology defined in [2]. If there are different
sources of definitions and threat framework you would prefer, that's
ok with me, but this is the best I've seen so far.
My concern about the TAG taking on [1] in the first place was the possible
lack of agreement about terminology and threats.
I'm OK with delaying any discussion of [3] or [2] to a discussion of [1]
or any other discussion of privacy.
[1] http://www.w3.org/2001/tag/products/apiminimization-2012-02-02.html
Privacy by Design in Javascript APIs (was API Minimization)
[2] http://tools.ietf.org/html/draft-iab-privacy-terminology
Privacy Terminology and Concepts, work in progress, September 13, 2012
[3] http://tools.ietf.org/html/draft-iab-privacy-considerations
Privacy Considerations for Internet Protocols, work in progress, September 13, 2012
Larry
-----Original Message-----
From: Noah Mendelsohn [mailto:nrm@arcanedomain.com]
Sent: Wednesday, May 16, 2012 8:17 AM
To: Larry Masinter
Cc: ashok.malhotra@oracle.com; www-tag@w3.org
Subject: Re: Privacy Document from IETF
Let's try to sort this out and move ahead:
* It's now been clarified that Ashok was referencing
in the
context of Robin's work on Privacy by Design in APIs [1], and I think we've
all agreed that the next time we should discuss that is when Robin has a
new draft, or requests a session.
Larry wrote:
> If we are going to talk about "privacy by design", if we're going to discuss whether "SPDY's use of SSL offers a promise of improved privacy on the web", if we're going to do anything at all about privacy,
>
> THEN
>
> we need to come to an agreement on what we mean by "privacy", since it was clear to me during previous discussions that TAG members had very different ideas about what the word meant.
>
> And yes, I think it needs separate agenda time to agree that this is the vocabulary we want to use, and if not, which one.
...
> I'm sorry, I didn't double check Ashok's note.
>
>
>
> In fact, the document I was proposing for TAG reading was a very different document:
>
>
>
> http://tools.ietf.org/html/draft-iab-privacy-terminology [2]
I'm certainly glad to give this agenda time either way, but I'm curious as
to whether you see the above as being within the scope of [1], and if not,
what you know about how you'd like to organize TAG work on privacy beyond
what's called for in [1].
In any case, I will at least tentatively plan to put a telcon session on
privacy and, if appropriate [2] in particular, on our telcon agenda for 24
May. If there are proposals for privacy work beyond APIs, that's fine too,
but I would like to take a look at why our other recent work on privacy had
to be abandoned after significant effort, and why things are likely to go
better if we re-engage.
Thank you.
Noah
[2] http://tools.ietf.org/html/draft-iab-privacy-terminology
Received on Wednesday, 16 May 2012 18:46:15 UTC