- From: Hugo Haas <hugo@w3.org>
- Date: Tue, 7 May 2002 16:15:44 -1000
- To: www-ws-arch@w3.org
* Hugo Haas <hugo@w3.org> [2002-05-07 15:28-1000] [..] > > And now this seems to be more of a requirement than a CSF. > > > > ORCL: Shouldn't this be stated as a requirement. A service consumer > > MUST be able to deterimine the privacy policies ..... > > It actually was supposed to be phrased as a requirement as mentionned > in [1]. Retrospectively, D-AC020.1 should indeed be D-AR020.1. I just realized that I got confused. There *is* a requirement D-AR020.1 which comes from the D-AC020.1 CSF. The current text reads: + D-AC020.1 Is it possible for a service consumer to know the privacy policies of the service provider(s) that it is going to deal with? (eg. hooks for P3P) + D-AR020.1 It must be possible to advertise privacy policies for Web Services I think that there are two problems: - a Web service provider should advertize its privacy policy. - a Web service provider must be able to access them. It seems to me that D-AC020.1 talks about the second point while D-AR020.1 addresses the first one. The rewording discussion for D-AC020.1 and the above comments go in the direction of transforming D-AC020.1 into the following D-AR020.2: A service provider MUST disclose its privacy policies (in manners that can be easily understood?) to the consumers. Roger may come up with a different proposed wording[2]. 2. http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0124.html -- Hugo Haas - W3C mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
Received on Tuesday, 7 May 2002 22:15:47 UTC