RE: Privacy Document from IETF

Thanks for the clarification. 

> It's now been clarified that Ashok was referencing in the
> context of Robin's work on Privacy by Design in APIs [1], and I think we've 
> all agreed that the next time we should discuss that is when Robin has a 
> new draft, or requests a session.
...
> I'm certainly glad to give this agenda time either way, but I'm curious as 
> to whether you see the above as being within the scope of [1], and if not, 
> what you know about how you'd like to organize TAG work on privacy beyond 
> what's called for in [1].

Ashok was referencing  [3].
[3] has one normative reference, [2].

 [3] and [2] should be in scope for discussing [1] since [1] purports to
address privacy threats, and [3] enumerates considerations for privacy
threats using the terminology defined in [2].  If there are different
sources of definitions and threat framework you would prefer, that's
ok with me, but this is the best I've seen so far.

My concern about the TAG taking on [1] in the first place was the possible
lack of agreement about terminology and threats.

I'm OK with delaying any discussion of [3] or [2] to a discussion of [1]
or any other discussion of privacy.  

[1] http://www.w3.org/2001/tag/products/apiminimization-2012-02-02.html 
   Privacy by Design in Javascript APIs (was API Minimization)

[2] http://tools.ietf.org/html/draft-iab-privacy-terminology
   Privacy Terminology and Concepts, work in progress, September 13, 2012

[3] http://tools.ietf.org/html/draft-iab-privacy-considerations
    Privacy Considerations for Internet Protocols, work in progress, September 13, 2012

   
Larry


-----Original Message-----
From: Noah Mendelsohn [mailto:nrm@arcanedomain.com] 
Sent: Wednesday, May 16, 2012 8:17 AM
To: Larry Masinter
Cc: ashok.malhotra@oracle.com; www-tag@w3.org
Subject: Re: Privacy Document from IETF


Let's try to sort this out and move ahead:

* It's now been clarified that Ashok was referencing
in the
context of Robin's work on Privacy by Design in APIs [1], and I think we've 
all agreed that the next time we should discuss that is when Robin has a 
new draft, or requests a session.

Larry wrote:

> If we are going to talk about "privacy by design", if we're going to discuss whether "SPDY's use of SSL offers a promise of improved privacy on the web", if we're going to do anything at all about privacy,
>
> THEN
>
> we need to come to an agreement on what we mean by "privacy", since it was clear to me during previous discussions that TAG members had very different ideas about what the word meant.
>
> And yes, I think it needs separate agenda time to agree that this is the vocabulary we want to use, and if not, which one.

...

> I'm sorry, I didn't double check Ashok's note.
>
>
>
> In fact, the document I was proposing for TAG reading was a very different document:
>
>
>
>                 http://tools.ietf.org/html/draft-iab-privacy-terminology  [2]


I'm certainly glad to give this agenda time either way, but I'm curious as 
to whether you see the above as being within the scope of [1], and if not, 
what you know about how you'd like to organize TAG work on privacy beyond 
what's called for in [1].

In any case, I will at least tentatively plan to put a telcon session on 
privacy and, if appropriate [2] in particular, on our telcon agenda for 24 
May. If there are proposals for privacy work beyond APIs, that's fine too, 
but I would like to take a look at why our other recent work on privacy had 
to be abandoned after significant effort, and why things are likely to go 
better if we re-engage.

Thank you.

Noah


 [2] http://tools.ietf.org/html/draft-iab-privacy-terminology

Received on Wednesday, 16 May 2012 18:46:15 UTC