Re: [BH] Comments on draft-ietf-geopriv-reqs-03

Joe,

Let me offer my 2 cents in reaction to your comments. Then, for the
benefit of the "beyond http" P3P task force in the W3C (a new effort
that I am just joining within the W3C), I will add at the end of this
message my quick personal overview of where geopriv is now and where
it is likely to go. I encourage anyone on the geopriv list to
correct or supplement my overview.

John Morris

At 3:13 PM -0400 4/9/03, Joseph Reagle wrote:
>I've reviewed [1] as part of my background research for the "Beyond-HTTP"
>P3P taskforce [2]. I'm not presently able to draw any conclusions with
>respect to [2] but I think it's an interesting document and have two
>comments.
>
>[1] http://www.ietf.org/internet-drafts/draft-ietf-geopriv-reqs-03.txt
>[2] http://www.w3.org/P3P/2003/04-beyond-http.html
>
>[[[
> 5.2. The Location Object and Using Protocol
> ...
> Location Object (LO): This data contains the Location Information
> of the Target, and other fields including an identity or
> pseudonym of the Target, time information, core Privacy Rules,
> authenticators, etc. ...
>
> Nothing is said about the semantics of a missing field. For
> instance, a partially filled object MAY be understood implicitly as
> the request to complete it....
>]]]
>
>Since a LO contains the core Privacy Rules, one should *not* permit the
>absence of the privacy rule syntax to result in ambigous semantic
>interpretation [3].
>
>[3] http://www.w3.org/TR/md-policy-design#_Semantic_Clarity

I agree -- and I think that the working assumption of the geopriv WG
addresses this point. I believe there is agreement in the WG that
the default rule is that location should receive a high level of
privacy protection in the absence of rules to the contrary. In other
words, the protocol will default to "do not disclose" unless a
Privacy Rule (in the LO or external) would permit disclosure.

But having said that, I cannot locate anywhere where this default
assumption is clearly articulated in a WG document. If it is not, we
need to add it.

>[[[
> 5.5. Privacy Rules
> ...A full set of Privacy Rules will likely include both rules that have
> only one possible technical meaning, and rules that will be affected
> by a locality's prevailing laws and customs.
>]]]
>
>This, and the example, makes it sound as if these were disjoint sets. "You
>may not store my location for more than 2 days" is very clear even if it is
>overridden by other (legal) rules. This paragraph seems to be confusing the
>articulation of a non-ambiguous rule with the an a posteriori
>interpretation of all operative rules that might exceed the knowledge of
>the Rule Maker or Location Recipient beforehand.

I agree that this discussion warrants clarification. The goal was
not to suggest two exclusive sets:

        1. technically unambiguous rules, and
        2. rules that will be affected by local law, etc.

Instead, the goal was to acknowledge that (a) some rules can be
expressed in technically unambiguous terms, while (b) other rules
will not be clear without resort to an applicable legal norm. But
both types of rules (a+b) can certainly be affected or overridden by
a local law. What we were concerned about was to make clear that
the set of (b) rules were still valuable to include even if they did
not have a single unambiguous technical meaning. But in any event,
the clarification you suggest is worthwhile. I'll work on some
specific language to address the two points raised here.

Let me change gears and give the BH/P3P task force a quick overview of geopriv:

Greatly summarizing the geopriv charter [4], the mission of the WG is
to create a privacy protecting protocol to be used when location
information is transmitted. In the language of the WG, the WG is
creating a "Location Object" [LO] which will be able to contain both
location information and privacy rules (or a pointer to external
privacy rules). The protocol must be usable in situations with
constrained devices with low bandwidth and/or computing power. The
WG is approaching a final requirements draft [5].

That draft says that the Location Object must be able to carry a
limited set of privacy rules, and must be able to refer to an
external set of rules as well. There is not final agreement on
precisely what privacy rules will be built into a LO, but the most
recent proposal of some WG participants (including me) is found at
[6]. Even a couple of elements in that version, however, are in a
state of flux (something that I will try to bring back to the geopriv
list shortly).

Looking more broadly, the WG has NOT decided on the format for the
expression of the LO, but XML has certainly been discussed as a
strong candidate. Even more generally, I think that many in the
geopriv WG would be open to using, or at least being compatible with,
P3P, so long as that goal did not slow down geopriv's already slow
(but significantly accelerating) progress to date.

Let me know if there are more specific points about geopriv that the
public-p3p-spec@w3.org wants to know at this point..... John

[4] http://www.ietf.org/html.charters/geopriv-charter.html
[5] http://www.ietf.org/internet-drafts/draft-ietf-geopriv-reqs-03.txt
[6] http://www.ietf.org/internet-drafts/draft-morris-geopriv-core-01.txt
Received on Wed Apr 9 18:15:35 2003