OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp-security message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [wsrp-security] [wsrp][security] minutes from last call and agendafor 7/24 telecon


I think P3P should not impact the WSRP protocol; it addresses the
interaction between user agents and servers directly accessed by the user
agent but doesn't address intermediaries, right ? If this is the case, we
shoud not extrapolate P3P and not tie WSRP with P3P.

In legal terms, I think in any case the portal/consumer a user registers
with is responsable/liable for whatever happens with that user's personal
data. As a result I think the owner of a portal using a producer and
passing data would need a legally binding contract with the producer
regulating what the producer may do with any transmitted user information.
I think just technically exchanging P3P information a producer may or may
not adhere to is not sufficient.

For data gathered by the producer's UI, it should be the producer's
responsibility to display its privacy policies (i.e. the producer renders
the markup for the producer policy). This might e.g. be done inline or by
using pop-up windows, transparently for the consumer. The consumer would
indirectly display markup for the policy of the producer, but would not
need to be aware of the semantics.

Whether or not the consumer supports P3P is irrelevant to the WSRP
protocol; that is only one particular way how the consumer may subset the
amount of user profile info being passed to producers.

Best regards,

Thomas



"Cassidy, Mark" <mcassidy@Netegrity.com> on 07/23/2002 08:46:16 PM

To:    "'wsrp-security@lists.oasis-open.org'"
       <wsrp-security@lists.oasis-open.org>
cc:
Subject:    [wsrp-security] [wsrp][security] minutes from last call and
       agenda for 7/24 telec  on



Attached are the minutes from the 7/10 telecon.  As noted in the minutes, I
took an action to review existing standards for user profile data and see
what we can re-use.  Attached is a document that gives a rough comparison
of
the userdata attributes defined in various standards:  passport, vcard &
x.520, rfc2256(LDAPv.3).  I reviewed the Liberty docs and it turns out that
those specs do not define any standard userdata attributes; that's left for
a later rev of the spec.  Turns out that P3P has a pretty good userdata
schema defined and my recommendation is to adopt this for WSRP's user
profile data object.

Agenda for tomorrow's call then will be:

1.  review/discussion of user profile data comparison document
2.  P3P impacts on WSRP protocol(see followup comments in minutes from last
telecon)

If time permits, we can pick up the discussion on role scoping  and
how/whether roles and profile are related.


Call logistics:
Time:  8:00 a.m. PST(11:00 a.m. EST, 5:00 p.m. CET)
Reservationless-Plus Toll Free Dial-In Number: 877.450.3529
Reservationless-Plus International Dial-In Number: +1.706.679.6653
Conference Code: 4254674195

 <<wsrp security minutes 710 .htm>>  <<profiledata.htm>>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC