- From: Joseph Hui <jhui@digisle.net>
- Date: Wed, 20 Mar 2002 10:33:35 -0800
- To: "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
Hi Hugo, I was just laying out an exit strategy in case we failed to garner support for Privacy in WSAWG. That wasn't the same as suggesting to ignore Privacy per se. Rest assured that Privacy is a legitimate issue. (The issue at hand is whether we want to address it in WSAWG. And if yes, to what extent?) On the new goal you're proposing -- protecting comsumers' private data from exploitation, I tend to think legislative bodies (instead of technological standard bodies) can be much much more effective in privacy areas. E.g. I don't know of any effective technical mechanism that can prevent a merchant from whom a consumer has purchased goods from using the consumer's shipping address for promotional mails. But if the laws says the merchant must provide a checkbox for consumers to exclude themselves from potential spams, then the problem (which is only one of many privacy problems) is pretty solved, as it's technologically trivial to add such anti-spam feature (i.e. stopping spams at their sources). The above said was just my $0.02. Hope it doesn't discourage anyone from thinking about championing for the newly proposed Privacy goal. I'd also suggest that as we're starting to deliberate Privacy, we need to *define* (de Javu?) what Privacy means in the WSAWG context, so we know what we're getting ourselves into. Cheers, Joe Hui Exodus, a Cable & Wireless service =============================== -----Original Message----- From: Hugo Haas [mailto:hugo@w3.org] Sent: Wed 3/20/2002 8:29 AM To: www-ws-arch@w3.org Cc: Subject: Re: WS Privacy [Was RE: Status of D-AG006] Hi Joe and Zahid. * Joseph Hui <jhui@digisle.net> [2002-03-14 18:43-0800] [..] > It would be great if someone picks up Privacy and run with it. > If not, then we need to start preparing for its eventuality. > IMHO, it's alright that we don't swing our bat at every pitch. > Privacy's beginnig to look like a wild pitch, to me at least. > > Here's one exist strategy we may consider, > comprising two options: > 1) punt Privacy to AG0016, e.g. doc it as a "gap"; or > 2) delete it from the charter. > > Option 1 ruins our chances to flunk AG0016, the one > goal that we should strive for its failure. ;-) > Option 2 comes across as traumatic. > Either is workable; neither is palatable. > New proposals are welcome. > (Please, no quixotic one-liners. > Accompany your proposal with analysis/reasoning.) I don't think that ignoring privacy is an option. Web services will not be able to succeed for private use, as opposed to corporate use, if privacy protection is not addressed. Moreover, there are, in Europe for example, legal issues about privacy. There was a legal track at XML Europe 2001, and there were interrogations about whether Web services would meet legal requirements (see xmlhack's report[1]). We need to ensure that the answer is yes. * Ahmed, Zahid <zahid.ahmed@commerceone.com> [2002-03-14 19:03-0800] [..] > I mentioned previously: > >In my opinion privacy policies is web services application > >dependent and is part of the domain of the web services > >operation environment. Confidentiality policies need to be > >addressed between a web services producer and consumer. > > My proposal is that we limit any features/reqmnts that do > not fall under above scope control criteria. Some features > may need to be addressed post WSA 1.0 outputs. Hmmm... I wonder whether security wouldn't fit into that too, since in a way it also is Web services application dependent. Note that I am not questioning whether we should address security, I am just trying to legitimize privacy. Putting privacy hooks at the right place will keep us from trouble. I think that we need to add a goal in the spirit of D-AG0006 about privacy: enables privacy protection of the consumer of a Web service across domains and services. "across domains and services" refers here to the case where the consumer interacts with a series of individual services, as part of a transaction. Comments? Regards, Hugo 1. http://www.xmlhack.com/read.php?item=1234 -- Hugo Haas - W3C mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
Received on Wednesday, 20 March 2002 13:33:41 UTC