- From: Jonathan A Rees <rees@mumble.net>
- Date: Sun, 23 Sep 2012 16:49:17 -0400
- To: www-tag@w3.org
ACTION-650: Review what provenance WG is doing with an eye to application to privacy issues https://www.w3.org/2001/tag/group/track/actions/650 As I remember, I suggested looking at this to help close a TAG discussion of privacy that was ending with no clear direction for further discussion. What I had in mind was to ask whether the Provenance WG would deliver specifications that could support accountability workflows of the kind advocated by TAMI ( http://dig.csail.mit.edu/TAMI/ ). The hypothesis behind TAMI is, briefly, that core to any effective implementation of privacy policy is accountability. Suppose that some entity A has access to B's private information, and A makes public *other* information that has the appearance of potential for violating some agreed privacy policy. It would be nice if the burden of proof of policy adherence were on A, and if A had some way to satisfy such a burden without violating such policy. The question asked by this action is, does anything coming from the provenance WG assist in any way in the management or expression of such proofs? Indeed, the TAMI idea was listed among the original provenance XG use cases: http://www.w3.org/2005/Incubator/prov/wiki/Use_Cases ... and documented here: http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_private_data_use ... but was not really addressed in any XG output: http://www.w3.org/2005/Incubator/prov/XGR-prov-20101214/#Original_Use_Cases I did a quick scan of the WG's working drafts (as listed here: http://www.w3.org/2011/prov/wiki/Main_Page ) and did not find any evidence that this use case, or even any specific consideration of privacy or accountability, survived to figure into WG's goals or designs. That is not to say there is no applicability; and I have not digested the working drafts to the point I could asses that question. My purpose here is mainly educational. I feel that whenever privacy comes up in the TAG, we tend to wander off into the relative comfort zone of security, which is only one part of achieving privacy goals. Where privacy gets interesting and hard is around the question not of *access* to data, but of how someone who has access can learn what uses are permitted (policy communication, see Geolocation debate), and convince themselves or others that any actual use of the data conforms to policy. That is not a security question (given current technology). The state of the art, in fact, is legal (see Larry's governance work). TAMI is a research effort to move some of the non-security (i.e. use policy) aspects back into a technical space, so I think TAG members should be aware of it. Set PENDING REVIEW. Jonathan
Received on Sunday, 23 September 2012 20:49:44 UTC