[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [ebxml-cppa] Post-V2 (privacy)
I think P3P is also being relevant in Services space and may not be
limited
to B2C interactions. Services can have privacy policies associated
with them
which may be relevant for consumers of service. This privacy policy
for now may be as simple as "knowing the requesting service URL" which
could get more complex down the road
-hima
-------------------------------------------------
Exact critical success factor statement says:
To develop a standard reference architecture for Web Services that enables privacy protection for the consumer of a Web service across multiple domains and services.
D-AC020.1 Is it possible for a service consumer to know the privacy policies of the service provider(s) that it is going to deal with? (eg. hooks for P3P)
D-AC020.1 Private data provision during a Web service transaction SHOULD NOT exceed the consumer's consent, where the consumer must be provided with reasonable means for opt-out.
D-AR020.1 It must be possible to advertise privacy policies for Web Services
http://www.w3.org/TR/2002/WD-wsa-reqs-20020429#AC020
---------------------------------------------------------------------
Dale Moberg wrote:
I thought we had previously discussed p3p and determined thatit was primarily concerned with personal privacyand more in the b2c space. That is, p3p is mainly something that browserscan use to see whether web sites are going to sell your email addressto a marketing or spam department :-).Also p3p announced its intent to eventually get around toalternative policy announcements and a way to select(semi-automatically?) the preferred privacy policy.Is there a b2b use case for p3p? Or should browser usageof p3p be sufficient to warrant investigation?I think this topic would be under the CPPA.next subteam, andwe have not gotten people signed up to lead this effort yet!!Dale-----Original Message-----I don't recall seeing the privacy topic on our list of possible Post-V2 topics. Given that P3P is at Recommendation level, perhaps we need to do something about it.
From: Martin W Sachs [mailto:mwsachs@us.ibm.com]
Sent: Tuesday, June 25, 2002 8:28 AM
To: ebxml-cppa@lists.oasis-open.org
Subject: [ebxml-cppa] Post-V2 (privacy)
I think there are three parts:
1. Expressing privacy policies and requirements (external document?)
2. Matching party A's policy requirements with Party B's privacy policy and vice versa (probably comes under negotiation).
3. Somehow monitoring that a party is following its stated policy (maybe outside the scope of a standard).Regards,
Marty
*************************************************************************************
Martin W. Sachs
IBM T. J. Watson Research Center
P. O. B. 704
Yorktown Hts, NY 10598
914-784-7287; IBM tie line 863-7287
Notes address: Martin W Sachs/Watson/IBM
Internet address: mwsachs @ us.ibm.com
*************************************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC