RE: D-AG0020 Privacy (was Re: WS Privacy) from Joseph Hui on 2002-03-26 (www-ws-arch@w3.org from March 2002)

From: Joseph Hui <jhui@digisle.net>
Date: Tue, 26 Mar 2002 12:59:28 -0800
To: "Hugo Haas" <hugo@w3.org>, <www-ws-arch@w3.org>
Cc: "Rigo Wenning" <rigo@w3.org>
Message-ID: <C153D39717E5F444B81E7B85018A460B081B2789@ex-sj-5.digisle.com>

Hi Hugo,

Bravo!
I'm very gratified that you've decided to take on the task.

I have no issues with the D-AG0020 goal statement as-is.

On the second CSF, 
>   - Data provision during Web services transactions should be
>     minimized.
>     (in order to avoid consumer tracking)
I'd like to suggest adding "private"
or "personal" to "Data provision" to avoid
a paradox between D-AG0018 and D-AG0020.  
D-AG0018, having to do with diagnostic instrumentation,
is prone to maximizing data collection.
Also, I wouldn't mind not seeing the "(in order to
avoid consumer tracking)" text in our formal document.
Arguments can be made for "consumer tracking" being
not necessarily a bad thing.  Not all merchants are
in the business of privacy invasion.  Consumer tracking
can be an effective means for merchants to improve their
services, which is quite alright for consumers at large,
**so long as the consumers can opt out at will**.  
Thus it follows that it will be critical to design into
the WS-Arch some privacy related opt-out features.
Therefore, I'd suggest the second CSF be modified to:

    - Private data provision during a Web service transaction
      should not exceed the consumer's consent, where the
      consumer must be provided with reasonable means for
      opt-out.

Cheers,

Joe Hui
Exodus, a Cable & Wireless service
============================================

> -----Original Message-----
> From: Hugo Haas [mailto:hugo@w3.org]
> Sent: Monday, March 25, 2002 1:39 PM
> To: www-ws-arch@w3.org
> Cc: Rigo Wenning
> Subject: D-AG0020 Privacy (was Re: WS Privacy)
> 
> 
> [ I am hereby claiming number 0020 for the privacy goal; it seems that
>   nobody used it until now. ]
> 
> Following up on Rigo's email, I would like to try and summarize the
> privacy discussion by proposing the following goal:
> 
>   enables privacy protection of the consumer of a Web service across
>   domains and services.
> 
> This is the goal that I proposed earlier[1] in the thread, and I think
> that Rigo answered Joe's concerns[2].
> 
> Borrowing from Rigo's email, I would list the following critical
> success factors:
> 
>   - Is it possible for a service consumer to know the privacy policies
>     of the service provider(s) that it is going to deal with?
>     (a.k.a. hooks for P3P)
> 
>   - Data provision during Web services transactions should be
>     minimized.
>     (in order to avoid consumer tracking)
> 
> As noted before in this tread, D-AG0020 is related no AG0006 since
> confidentiality is part both of security and privacy.
> 
> Regards,
> 
> Hugo
> 
>   1. http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0336.html
>   2. http://lists.w3.org/Archives/Public/www-ws-arch/2002Mar/0341.html
> -- 
> Hugo Haas - W3C
> mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - 
> tel:+1-617-452-2092
> 
>

Received on Tuesday, 26 March 2002 16:25:28 UTC