- From: Hugo Haas <hugo@w3.org>
- Date: Tue, 7 May 2002 16:15:44 -1000
- To: www-ws-arch@w3.org
* Hugo Haas <hugo@w3.org> [2002-05-07 15:28-1000]
[..]
> > And now this seems to be more of a requirement than a CSF.
> >
> > ORCL: Shouldn't this be stated as a requirement. A service consumer
> > MUST be able to deterimine the privacy policies .....
>
> It actually was supposed to be phrased as a requirement as mentionned
> in [1]. Retrospectively, D-AC020.1 should indeed be D-AR020.1.
I just realized that I got confused.
There *is* a requirement D-AR020.1 which comes from the D-AC020.1 CSF.
The current text reads:
+ D-AC020.1 Is it possible for a service consumer to know the
privacy policies of the service provider(s) that it is going to
deal with? (eg. hooks for P3P)
+ D-AR020.1 It must be possible to advertise privacy policies for
Web Services
I think that there are two problems:
- a Web service provider should advertize its privacy policy.
- a Web service provider must be able to access them.
It seems to me that D-AC020.1 talks about the second point while
D-AR020.1 addresses the first one.
The rewording discussion for D-AC020.1 and the above comments go in
the direction of transforming D-AC020.1 into the following D-AR020.2:
A service provider MUST disclose its privacy policies (in manners
that can be easily understood?) to the consumers.
Roger may come up with a different proposed wording[2].
2. http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0124.html
--
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092
Received on Tuesday, 7 May 2002 22:15:47 UTC