- From: Hugo Haas <hugo@w3.org>
- Date: Wed, 20 Mar 2002 11:29:24 -0500
- To: www-ws-arch@w3.org
Hi Joe and Zahid. * Joseph Hui <jhui@digisle.net> [2002-03-14 18:43-0800] [..] > It would be great if someone picks up Privacy and run with it. > If not, then we need to start preparing for its eventuality. > IMHO, it's alright that we don't swing our bat at every pitch. > Privacy's beginnig to look like a wild pitch, to me at least. > > Here's one exist strategy we may consider, > comprising two options: > 1) punt Privacy to AG0016, e.g. doc it as a "gap"; or > 2) delete it from the charter. > > Option 1 ruins our chances to flunk AG0016, the one > goal that we should strive for its failure. ;-) > Option 2 comes across as traumatic. > Either is workable; neither is palatable. > New proposals are welcome. > (Please, no quixotic one-liners. > Accompany your proposal with analysis/reasoning.) I don't think that ignoring privacy is an option. Web services will not be able to succeed for private use, as opposed to corporate use, if privacy protection is not addressed. Moreover, there are, in Europe for example, legal issues about privacy. There was a legal track at XML Europe 2001, and there were interrogations about whether Web services would meet legal requirements (see xmlhack's report[1]). We need to ensure that the answer is yes. * Ahmed, Zahid <zahid.ahmed@commerceone.com> [2002-03-14 19:03-0800] [..] > I mentioned previously: > >In my opinion privacy policies is web services application > >dependent and is part of the domain of the web services > >operation environment. Confidentiality policies need to be > >addressed between a web services producer and consumer. > > My proposal is that we limit any features/reqmnts that do > not fall under above scope control criteria. Some features > may need to be addressed post WSA 1.0 outputs. Hmmm... I wonder whether security wouldn't fit into that too, since in a way it also is Web services application dependent. Note that I am not questioning whether we should address security, I am just trying to legitimize privacy. Putting privacy hooks at the right place will keep us from trouble. I think that we need to add a goal in the spirit of D-AG0006 about privacy: enables privacy protection of the consumer of a Web service across domains and services. "across domains and services" refers here to the case where the consumer interacts with a series of individual services, as part of a transaction. Comments? Regards, Hugo 1. http://www.xmlhack.com/read.php?item=1234 -- Hugo Haas - W3C mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
Received on Wednesday, 20 March 2002 11:29:24 UTC