[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wsrp-security] [wsrp][security] minutes from last call and agendafor 7/24 telecon
I think P3P should not impact the WSRP protocol; it addresses the interaction between user agents and servers directly accessed by the user agent but doesn't address intermediaries, right ? If this is the case, we shoud not extrapolate P3P and not tie WSRP with P3P. In legal terms, I think in any case the portal/consumer a user registers with is responsable/liable for whatever happens with that user's personal data. As a result I think the owner of a portal using a producer and passing data would need a legally binding contract with the producer regulating what the producer may do with any transmitted user information. I think just technically exchanging P3P information a producer may or may not adhere to is not sufficient. For data gathered by the producer's UI, it should be the producer's responsibility to display its privacy policies (i.e. the producer renders the markup for the producer policy). This might e.g. be done inline or by using pop-up windows, transparently for the consumer. The consumer would indirectly display markup for the policy of the producer, but would not need to be aware of the semantics. Whether or not the consumer supports P3P is irrelevant to the WSRP protocol; that is only one particular way how the consumer may subset the amount of user profile info being passed to producers. Best regards, Thomas "Cassidy, Mark" <mcassidy@Netegrity.com> on 07/23/2002 08:46:16 PM To: "'wsrp-security@lists.oasis-open.org'" <wsrp-security@lists.oasis-open.org> cc: Subject: [wsrp-security] [wsrp][security] minutes from last call and agenda for 7/24 telec on Attached are the minutes from the 7/10 telecon. As noted in the minutes, I took an action to review existing standards for user profile data and see what we can re-use. Attached is a document that gives a rough comparison of the userdata attributes defined in various standards: passport, vcard & x.520, rfc2256(LDAPv.3). I reviewed the Liberty docs and it turns out that those specs do not define any standard userdata attributes; that's left for a later rev of the spec. Turns out that P3P has a pretty good userdata schema defined and my recommendation is to adopt this for WSRP's user profile data object. Agenda for tomorrow's call then will be: 1. review/discussion of user profile data comparison document 2. P3P impacts on WSRP protocol(see followup comments in minutes from last telecon) If time permits, we can pick up the discussion on role scoping and how/whether roles and profile are related. Call logistics: Time: 8:00 a.m. PST(11:00 a.m. EST, 5:00 p.m. CET) Reservationless-Plus Toll Free Dial-In Number: 877.450.3529 Reservationless-Plus International Dial-In Number: +1.706.679.6653 Conference Code: 4254674195 <<wsrp security minutes 710 .htm>> <<profiledata.htm>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC