Re: D-AC020.1 discussion points

* Hugo Haas <hugo@w3.org> [2002-05-07 15:28-1000]
[..]
> > And now this seems to be more of a requirement than a CSF.
> > 
> > ORCL: Shouldn't this be stated as a requirement. A service consumer
> > MUST be able to deterimine the privacy policies .....
> 
> It actually was supposed to be phrased as a requirement as mentionned
> in [1]. Retrospectively, D-AC020.1 should indeed be D-AR020.1.

I just realized that I got confused.

There *is* a requirement D-AR020.1 which comes from the D-AC020.1 CSF.
The current text reads:

  + D-AC020.1 Is it possible for a service consumer to know the
    privacy policies of the service provider(s) that it is going to
    deal with? (eg. hooks for P3P)

  + D-AR020.1 It must be possible to advertise privacy policies for
    Web Services

I think that there are two problems:
- a Web service provider should advertize its privacy policy.
- a Web service provider must be able to access them.

It seems to me that D-AC020.1 talks about the second point while
D-AR020.1 addresses the first one.

The rewording discussion for D-AC020.1 and the above comments go in
the direction of transforming D-AC020.1 into the following D-AR020.2:

  A service provider MUST disclose its privacy policies (in manners
  that can be easily understood?) to the consumers.

Roger may come up with a different proposed wording[2].

  2. http://lists.w3.org/Archives/Public/www-ws-arch/2002May/0124.html
-- 
Hugo Haas - W3C
mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ - tel:+1-617-452-2092

Received on Tuesday, 7 May 2002 22:15:47 UTC