70 likes | 184 Views
W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement. Report Hannes Tschofenig IETF 67, San Diego, November 2006. Workshop Details. 17 and 18 October 2006 -- Ispra/Italy hosted by the Joint Research Center (JRC) of the European Commission
E N D
W3C Workshop onLanguages for Privacy Policy Negotiation and Semantics-Driven Enforcement Report Hannes Tschofenig IETF 67, San Diego, November 2006
Workshop Details • 17 and 18 October 2006 -- Ispra/Italy hosted by the Joint Research Center (JRC) of the European Commission • Webpage: http://www.w3.org/2006/07/privacy-ws/ • Agenda (including papers and slides): http://www.w3.org/2006/07/privacy-ws/agenda • Participants from W3C, research community (e.g., EU funded research project PRIME), companies • A few pictures: http://www.tschofenig.com/workshop/w3c-privacy/
Our Contribution to the Workshop: Geopriv/Presence Overview Paper • Paper Title: “The IETF Geopriv and Presence Architecture Focusing on Location Privacy”http://www.w3.org/2006/07/privacy-ws/papers/26-tschofening-geopriv • Slides: http://www.w3.org/2006/07/privacy-ws/presentations/26-tschofenig-geopriv.pdf • Authors: Hannes Tschofenig, Henning Schulzrinne, Andrew Newton, Jon Peterson, Allison Mankin
Feedback #1: Intended Recipient Not Explicit • Without S/MIME the intended recipient of the location information is not explicitly specified. • Already raised during discussions: http://www1.ietf.org/mail-archive/web/sip/current/msg14356.html • Suggestion: Add text to Geopriv using protocols (in particular to the SIP Location Conveyance draft) to address this aspect.
Feedback #2: Sticky Policies only for Loc-Info • Basic Geopriv privacy policies (=stick policies) defined only for Location Info • Travel always with PIDF-LO • Question: Why only available for Location Info? Other information is also privacy sensitive. • For discussion: Should we define privacy policies also for PIDF object? Note: The term “sticky policies” is used by the W3C to refer to policies that travel with the privacy sensitive data.
Feedback #3: Policy Push vs. Policy Pull • Geopriv Basic Policies are pushed to the recipient. Assumption: Recipient acts in the anticipated way (as expressed in the policies) • P3P realize a pull principle. • Perceived problem: Privacy policies of recipient unknown. • For further discussion: • Consider a profiled version of P3P policies as an extension for SIP • Use vocabulary and not protocol framework of P3P • For example: Derive usage from P3P compact policies http://www.w3.org/TR/P3P/#compact_policies
Next Steps • Determine how to process received feedback. • Establish a closer relationship with W3C. • Participate in upcoming Policy Frameworks Interest Group (PFIG).