- From: David Fallside <fallside@us.ibm.com>
- Date: Wed, 16 Oct 2002 10:41:38 -0700
- To: "Lorrie Cranor" <lorrie@research.att.com>
- Cc: <xmlp-comments@w3.org>, <www-ws-cg@w3.org>, "P3P Specification Group" <w3c-p3p-specification@w3.org>, "Hugo Haas" <hugo@w3.org>
Lorrie, as you requested, I will put your issue on the WS CG's next telcon agenda. I think the crux of this issue is that someone needs to take on the work of actually demonstrating and specifying how a policy is associated with a SOAP meesage. Regards, David ............................................ David C. Fallside, IBM Ext Ph: 530.477.7169 Int Ph: 544.9665 fallside@us.ibm.com Wednesday, October 16, 2002 10:28 AM To: "Hugo Haas" <hugo@w3.org> cc: <xmlp-comments@w3.org>, <www-ws-cg@w3.org>, "P3P Specification Group" <w3c-p3p-specification@w3.org> From: "Lorrie Cranor" <lorrie@research.att.com> Subject: Re: XMLP WG Issue 240 Resolution While I am quite glad to see the presence of AC020 in the web services architecture requirements document, I have two concerns: 1) We understood the XMLP requirement to mean that specific mechanisms would be specified, while the working group has instead intepreted it to mean simply to create a spec which would make it possible for someone else to specify specific mechanisms. Since AC020 uses the term "enable" I fear that this requirement may be interpreted in a similar way, and it might be argued that the requirement has already been met since nothing in the proposed architecture prevents mechanisms from being built to do these things -- there for it enables privacy protection. Therefore, I would like to see a requirement that actually mandates that a working group create something rather than just develop an architecture absent of obstacles to the future creation of something. 2) I am concerned about your statement "the Web Services Architecture Working Group will tackle the problem, or at least place some requirements on a Working Group which will craft a concrete solution to it." I think that it is important that privacy get built into web services sooner than later. Privacy protection can be relatively easy to build into systems when it is built in from the beginning, while retrofitting systems later tends to make it more expensive. Since web services technology is already being deployed, we need to get privacy built into it as soon as possible. We need someone to take on this task in the short term, and not leave open the possibility that a working group will think about this for a while and then delegate it to another working group. Lorrie ----- Original Message ----- From: "Hugo Haas" <hugo@w3.org> To: "Lorrie Cranor" <lorrie@research.att.com> Cc: <xmlp-comments@w3.org>; <www-ws-cg@w3.org>; "P3P Specification Group" <w3c-p3p-specification@w3.org> Sent: Wednesday, October 16, 2002 11:33 AM Subject: Re: XMLP WG Issue 240 Resolution > Hi Lorrie. > > * Lorrie Cranor <lorrie@research.att.com> [2002-10-16 09:40-0400] > > The P3P Specification working group is not satisfied with > > the resolution to issue 240 [2]. We do not believe the XMLP > > group has met the requirement that it be possible "to associate > > a P3P Privacy Policy with an XMLP message." Nonetheless, > > given that the XMLP working group does not believe that > > further work on this issue is within their charter, we would > > be satisfied if the issue would be assigned to another web > > services working group which does have a charter that > > permits it to work on this. > > > > The P3P Specification working group hereby requests that > > the issue we raised with the XMLP group in [2] > > be considered by the WS CG so that a process can be > > put in place by which this issue can be resolved. It is critical > > that this issue not fall between the cracks simply because > > no group believes it fits within their charter. The P3P > > Specification working group would be happy to assist one > > of the web services groups in resolving this issue. Perhaps > > this issue could be resolved most expediantly by appointing > > a cross-group task force that inclues a couple of members > > from the P3P group and a couple of members from one of the > > web services groups. > > To understand the issue a little better, how does your request relate > to the Web services architecture requirement AR020.5[3]: > > The WSA must enable delegation and propagation of privacy policy. > > It seems that this requirement covers this, and therefore that the Web > Services Architecture Working Group will tackle the problem, or at > least place some requirements on a Working Group which will craft a > concrete solution to it. > > AR020.5 came out of the following scenario, which needs to be > integrated into the Web Services Architecture Usage Scenarios > document: > > http://lists.w3.org/Archives/Public/www-ws-arch/2002Jul/0368.html > > This scenario doesn't explicitely call out for a P3P policy concretely > traveling along with a message, but I think that it covers the > situations. > > Regards, > > Hugo > > 3. http://www.w3.org/TR/2002/WD-wsa-reqs-20021011#AC020 > -- > Hugo Haas - W3C > mailto:hugo@w3.org - http://www.w3.org/People/Hugo/ >
Received on Wednesday, 16 October 2002 13:44:52 UTC