- From: Joseph Hui <jhui@digisle.net>
- Date: Thu, 14 Mar 2002 18:43:11 -0800
- To: "Hugo Haas" <hugo@w3.org>
- Cc: <www-ws-arch@w3.org>
Hugo,
Thanks for coming forward.
(I was beginning to wonder if people got carried
away with their own interpretations of Privacy, say
incognito == incommunicado. :-)
To me, what you said clearly re-affirms that Privacy
deserves its own goal, separate from Security a la D-AG006.
Incidentally, I think the "protection against tracking
of users" use case you mentioned fits the Aaxx and xaxx
scenarios in the Privacy tabulation embedded in the
following (indented) Privacy text I've snagged from [1].
(I'm adding Aaxx in order to capture your example fully.)
<Privacy_Text_snagged_from_[1]>
We need to pin down what Privacy is supposed to mean in our
WS-Arch first. Was it tided over from P3P?
I'm of the opinion that Privacy should be separate from Security.
Mindful of a privacy role in commercial transactions, I've
tabulated a set of scenarios where "privacy" is synonymous with
"anonymity," i.e. hiding one's identity from others. (Note that
hiding one's data/message from other is Confidentiality, which
we already address in the Security section.)
Here's a web service model involving Alice as the provider and
Bob as the consumer. Alice is aka "A" to the public and "a" to Bob.
Bob is aka "B" to the public and "b" to Alice. Both Alice and Bob
are members of the public.
A privacy tabulation:
AaBb: no anonymity (ACLU's nightmare ;-)
The IDs of Alice and Bob are publicly known.
Alice and Bob know each other's IDs.
Aaxb: partial anonymity
Alice's ID is publicly known.
Bob's ID is not publicly known.
Alice and Bob know each other's IDs.
Aaxx: partial anonymity
Alice's ID is publicly known.
Alice's ID is known to Bob.
Bob's ID is not publicly known.
Bob's ID is not known to Alice.
(Aaxx is added to capture the
protection-against-tracking-of-user
case in Hugo's comment in [2].)
xaxb: partial anonymity
Alice's ID is not publicly known.
Bob's ID is not publicly known.
Alice and Bob know each other's IDs.
xaxx: partial anonymity
Alice's ID is not publicly known.
Bob's ID is not publicly known.
Bob's ID is not known to Alice.
xxxb: partial anonymity
Alice's ID is not publicly known.
Bob's ID is not publicly known.
Alice's ID is not known to Bob.
(Buyer doesn't know seller. Escrow may be needed.)
Bob's ID is known to Alice. (Seller knows buyer.)
xxxx: total anonymity (drug dealers' dreams come true ;-)
Alice's ID is not publicly known.
Bob's ID is not publicly known.
Bob's ID is not known to Alice. (Seller doesn't know buyer.)
Alice's ID is not known to Bob. (Buyer doesn't know seller.)
My math says I can make (4**2) sixteen combinations out of AaBb.
I've only picked out what I think the interesting ones in this
rough cut. Please feel free to add.
If we're on track with the privacy definition (in our WS-Arch
context), then we may start picking some from the tabulation to
throw into a "bucket," so later we can use them for requirements.
</Privacy_Text_snagged_from_[1]>
Now, looks like we've got two bits in the bucket.
So the time is right for someone to champion for it.
(Hugo shouldn't get stuck with this if he doesn't care to
volunteer. More work is no way to reward good deeds.
Where are the privacy advocates when we need them, huh? ;-)
Well, in light of the scanty responses on Privacy,
my take is the following.
It would be great if someone picks up Privacy and run with it.
If not, then we need to start preparing for its eventuality.
IMHO, it's alright that we don't swing our bat at every pitch.
Privacy's beginnig to look like a wild pitch, to me at least.
Here's one exist strategy we may consider,
comprising two options:
1) punt Privacy to AG0016, e.g. doc it as a "gap"; or
2) delete it from the charter.
Option 1 ruins our chances to flunk AG0016, the one
goal that we should strive for its failure. ;-)
Option 2 comes across as traumatic.
Either is workable; neither is palatable.
New proposals are welcome.
(Please, no quixotic one-liners.
Accompany your proposal with analysis/reasoning.)
So to Privacy,
cheers,
Joe Hui
Exodus, a Cable & Wireless service
[1] http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0136.html
======================================================================
> -----Original Message-----
> From: Hugo Haas [mailto:hugo@w3.org]
> Sent: Thursday, March 14, 2002 11:31 AM
> To: www-ws-arch@w3.org
> Subject: Re: Status of D-AG006
>
>
> * Joseph Hui <jhui@digisle.net> [2002-03-13 14:53-0800]
> > Privacy:
> > Privacy can mean different things in different contexts.
> > We had no clue how it got into the charter to begin with.
> > We tried to get a clarification from anyone who might give
> > a definition of what privacy as stated next to security in
> > the WG charter was supposed to mean in the context of WS
> > architecture. Nobody's come forward yet.
> > An educated guess, coupled with a tabulation of some possible
> > privacy scenarios where "privacy" was presumed to be synonymous
> > with "anonymity," was set up to troll for responses. No luck
> > there. So, unless someone comes forward to stake out a
> > position for privacy, it may not get addressed in WS-Arch.
> > As of now, it's fair to presume privacy work, if any is to
> > be done at all in W3C's WS-Arch, will not be done under the
> > auspices of D-AG006.
>
> Due to a huge email backlog, I might have missed that, but I haven't
> seen the thread where it was discussed.
>
> Anyway, with Web service composition, long running transactions,
> maintenance of a context for operations involving several parties, I
> think that privacy (protection against tracking of users, etc) is
> important. One can think for example of the use of P3P[1] in the
> context of Web services.
>
> Regards,
>
> Hugo
>
> 1. http://www.w3.org/P3P/
> --
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ -
> tel:+1-617-452-2092
>
>
Received on Thursday, 14 March 2002 21:43:44 UTC