It would be helpful to identify such policy languages or means of
specification. As I tried to explain in a previous note, this problem is
in general intractable short of writing a programming language. If this
is what the WG wants to do, it should get busy soon. To make things more
complicated, as discussed during the non-meeting, policy for location
information is likely to tied to revealing, e.g., various presence state
information. It makes little technical sense, in my view, to treat one
specific piece of data about an identifier different from another.
One existing, but very limited, approach is CPL. Abstracted from the
concrete parameters, it effectively allows to restrict information based
on querier identity, time of day, and various protocol headers. It does
not allow things that require state such as "only allow if same person
hasn't asked less than ten minutes ago" or "only allow query no more
than ten times a day" or "only allow if the other person has also
allowed viewing this information". I suspect that a similar level of
stateless policy is doable in reasonable time scales, but most likely
needs to be integrated with other policy, e.g., for approving presence
subscriptions.
> minimum contain a bare bones privacy instruction/rule, and might also
Given limits on message size, including a complete policy description
may not be particularly realistic in common scenarios.
Received on Wed Mar 20 12:43:43 2002
This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST