- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 24 Jul 2002 13:40:35 +0200
- To: Joseph Hui <Joseph.Hui@exodus.net>
- Cc: Hugo Haas <hugo@w3.org>, www-ws-arch@w3.org
As far as I understand, CSF's are more important than requirements ;) Does the switch from CSF to requirement mean, privacy is not important? I think no. But it should be clear, that the P3P-Group will watch out that the requirement won't be watered down. As for the wording: We took the term 'user' instead of 'consumer' because it has less legal connotations. So the wording spin-doctored by Hugo, Danny Weitzner has some of those tweaks. As for the P3P-Policy traveling with the request, we have the same issue with SOAP and it will be probably solved the same way.. I find the usage scenario described by Hugo is accurate. Best, Rigo On Mon, Jul 22, 2002 at 08:14:16PM -0700, Joseph Hui wrote: > Hugo, > > Frankly I could happily and still can live with > the original wording of D-AR020.5. > It floated quite naturally, as opposed to the > "new and improved" version, which comes across > as, well: overworked. :-) > > Joe Hui > Exodus, a Cable & Wireless service > ===================================== > > -----Original Message----- > From: Hugo Haas [mailto:hugo@w3.org] > Sent: Mon 7/22/2002 1:43 PM > To: www-ws-arch@w3.org > Cc: Rigo Wenning > Subject: Re: AG004 Closure Sought > > > [ Copying Rigo Wenning since the proposal originated from a discussion > I had with him. ] > > * Joseph Hui <Joseph.Hui@exodus.net> [2002-07-14 23:39-0700] > > 5) Privacy requirements to be solidified. > > During the last F2F we did not get around to finalize > > the verbiage for the Privacy req's. So there seems > > to be still considerable req-related work to be done. > > Joseph asked me to champion AC020[1]. > > At the last face-to-face meeting[2], we accepted AC020, AC020.1, > AC020.2, AC020.3, rejected AC020.4, and proposed AC020.5 > > I would like to request two minor editorial change: > - AC020.3: I was told that it was better to use "user" instead of > "consumer", because it was more general (at least in US law): > | + AC020.3 The Web Services Architecture MUST enable a user > | to access a Web Service's advertised privacy policy > | statement. > - it seems that AC020.[1235] are more requirements than CSFs; it > probably would be better to name them AR020.[1235]. > > So we need to get consensus on the proposed D-AC020.5 (or D-AR020.5). > The text reads: > > | + D-AC020.5 The Web Services Architecture MUST enable > | delegation and propagation of privacy policy. > > This requirements is trying to address the following problem: a Web > service A may use other Web services to fulfill a request. If a user U > and A do business based on a particular privacy policy P, any Web > service contacted by A in order to process U's request should not > violate P. > > This is why P should be propagated along with any processing. > > People seemed generally happy about this idea at the face-to-face > meeting, but I had echoes on the security task-force call that the > wording was obscure. > > Maybe it comes from "delegation", which is actually confusing me too. > What about (two choices): > > The Web Services Architecture MUST enable propagation of privacy > policy [during delegation of processing | across Web services]. > > Well, it's not crystal clear either, but we can use that as a starting > point. > > Regards, > > Hugo > > 1. http://www.w3.org/2002/ws/arch/2/06/wd-wsa-reqs-20020605.html#AC020 > 2. http://www.w3.org/2002/ws/arch/2/06/f2f-minutes#Review > -- > Hugo Haas - W3C > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092 > > > >
Received on Wednesday, 24 July 2002 07:47:45 UTC