IRC log of privacy on 2006-10-17

Timestamps are in UTC.

07:32:13 [RRSAgent]
RRSAgent has joined #privacy
07:32:13 [RRSAgent]
logging to
07:32:31 [tlr]
rrsagent, please make log public
07:33:12 [rigo]
rigo has joined #privacy
07:43:08 [rigo_lap]
rigo_lap has joined #privacy
08:08:33 [tlr]
Topic: Keynote by John Borking
08:08:41 [tlr]
08:09:00 [tlr]
giles: We don't just have folks from the US here, but also Australia, Kuweit, Japan, ... Global audience.
08:09:19 [tlr]
Sören Preibusch: Liked "research has to reach the market" stance. Sometimes, research is done, but not applied.
08:09:41 [tlr]
Borking: Enormous pockets of interesting knowledge in research institutes and universities; then ends with a thesis ...
08:09:49 [tlr]
... only makes it into market for a few activists ...
08:09:57 [tlr]
... economics plays an important role in protecting our privacy ...
08:10:11 [tlr]
... haven't discovered the Delta between privacy protection and no privacy protection ...
08:10:31 [tlr]
Patricia Charlton: ... people might say "we don't worry" ...
08:10:35 [tlr]
... but if you dig deeper, they are ...
08:10:51 [tlr]
... liability for the information ...
08:10:57 [tlr]
... what emerges in the trend ...
08:11:04 [tlr]
... posting information about other people? ...
08:11:16 [tlr]
... have to take that liability issue on ...
08:11:24 [tlr]
... "just ok" because everybody else does it ...
08:11:47 [tlr]
... as industry, help users do the right thing for themselves and their social networking? ...
08:11:52 [tlr]
... "company x does it, so it's ok"??? ...
08:12:07 [tlr]
... who reads the privacy policy after all? ...
08:12:17 [tlr]
borking: In PRIME, also discussion of HCIs ...
08:12:22 [tlr]
... symbols? icons? ...
08:12:34 [tlr]
... reseach done in Karlstad ...
08:12:43 [tlr]
... "not clear enough", people interpret it badly ...
08:12:58 [tlr]
... finding symbols for an area that is subconscious is hard ...
08:13:05 [tlr]
??: cul de sac -- won't get there ...
08:13:08 [rigo]
Johan Hjelm
08:13:18 [tlr]
... perceptions are not conscious ...
08:13:27 [tlr]
... different perceptions of privacy in different situations ...
08:13:39 [tlr]
... would have to hit sth extremely universal if you were to ...
08:13:45 [tlr]
... design such an icon ...
08:14:00 [tlr]
Borking: Maybe teach people about the symbols, like we teach them about traffic signs?
08:14:08 [tlr]
??: road environment is extremely constrained
08:14:14 [tlr]
s/??/Johan Hjelm/
08:14:22 [rigo]
Prof. Popi
08:14:45 [tlr]
Louis-François Pau: Should have listed turn-over generated by
08:14:57 [tlr]
... business proper and making information available ...
08:15:03 [tlr]
... and business generated by privacy protection ...
08:15:20 [tlr]
... privacy protection should become economically attractive ...
08:15:23 [tlr]
s/Prof. Popi//
08:15:42 [tlr]
Pau: Ignoring the economics of it -- you'll be in the same situation.
08:16:28 [tlr]
Topic: Danny Weitzner, End-to-End Accountability for Web Privacy
08:16:34 [tlr]
08:16:51 [tlr]
rrsagent, draft minutes
08:16:51 [RRSAgent]
I have made the request to generate tlr
08:17:42 [tlr]
Meeting: W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement
08:18:10 [tlr]
rrsagent, draft minutes
08:18:10 [RRSAgent]
I have made the request to generate tlr
08:18:29 [tlr]
Chair: Günther Karjoth, Danny Weitzner
08:19:01 [tlr]
s/Sören Preibusch/SoerenPreibusch/
08:19:09 [tlr]
s/Patricia Charlton/PatriciaCharlton/
08:19:19 [tlr]
s/??/Johan Hjelm/g
08:19:33 [tlr]
s/Louis-François Pau/LFPau/
08:19:54 [tlr]
rrsagent, draft minutes
08:19:54 [RRSAgent]
I have made the request to generate tlr
08:21:31 [tlr]
08:21:39 [tlr]
s/Johan Hjelm/JohanHjelm/g
08:21:57 [tlr]
rrsagent, please draft minutes
08:21:57 [RRSAgent]
I have made the request to generate tlr
08:25:38 [Giles]
Giles has joined #privacy
08:29:05 [tlr]
Chair: Guenther Karjoth, Danny Weitzner
08:29:50 [robinwilton]
robinwilton has joined #privacy
08:30:27 [robinwilton]
ty rigo
08:30:42 [robinwilton]
08:34:37 [Giles]
08:34:42 [Giles]
it is cold today
08:34:51 [Giles]
may warm up anyway
08:35:11 [tlr]
08:35:14 [tlr]
s/it is cold today//
08:35:18 [tlr]
s/may warm up anyway//
08:36:52 [rigo]
DJW: we need rules on how personal information can be used, need a language on usage control
08:44:21 [robinwilton]
DJW: there's a sequence of data processing from Collection to Analysis to Usage, which therefore creates multiple *potential* control points.
08:45:22 [robinwilton]
DJW: In a sense, whether or not the Collection phase is effectively regulated, the Usage phase offers a point at which privacy threats can be mitigated.
08:47:01 [tlr]
AnneAnderson: Relationship between architecture & Minsky's law-govt interaction?
08:47:06 [tlr]
djw: haven't looked in detail ...
08:47:13 [tlr]
... in some of the work collaborating with colleagues at MIT ...
08:47:18 [tlr]
... who were Minsky students ...
08:47:27 [tlr]
... they dragged out all kinds of AI systems from 70s ...
08:47:31 [tlr]
... formal purpose algebras ...
08:47:35 [tlr]
... developed 30 years ago ...
08:47:40 [tlr]
... in line with Minsky view ...
08:47:48 [tlr]
... there seems to be some resonance between this view ...
08:47:57 [tlr]
... and more formal approaches from early days of knowledge representation ...
08:48:07 [tlr]
anne: seems like the point of view was the same that everyone has ..
08:48:16 [tlr]
... to agree to abide by some control mechanisms before they ...
08:48:19 [tlr]
... can participate in interaction ...
08:48:29 [tlr]
djw: everybody can't agree to everything ...
08:48:37 [tlr]
.. q is what framework can we expect most of us to agree to ...
08:48:46 [tlr]
... maybe not agree on rules, but on mechanism to evaluate rules ...
08:48:54 [tlr]
anne: criticism of minsky -- lack of flexibility
08:49:05 [tlr]
djw: personal prediction is, will probably never attempt as comprehensive ...
08:49:11 [tlr]
... a definition of a rule set as P3P attempted ...
08:49:23 [tlr]
lfpau: Have some problems with recommendation ...
08:49:26 [tlr]
... fundamental ones ...
08:49:33 [tlr]
... diversity at the usage end ...
08:49:37 [tlr]
... cultural difference ...
08:49:40 [tlr]
... differences in law ...
08:49:43 [tlr]
... it won't work ...
08:49:48 [tlr]
... also, enforceability? ...
08:50:04 [tlr]
... if non-respect of rule is in different legislation ...
08:50:06 [tlr]
... ??? ...
08:50:14 [tlr]
... accountability tracing information ...
08:50:26 [tlr]
... if that point is compromised, the whole thing is going under ...
08:50:28 [tlr]
... concerns ...
08:50:37 [tlr]
djw: not agree on single set of substantive rules ...
08:50:41 [tlr]
... work on framework ...
08:50:49 [tlr]
... to attach ourselves to rules we believe we are accountable to ...
08:50:59 [tlr]
... provide accountability through secure audit mechanisms ...
08:51:04 [tlr]
... then fall back to legal system ...
08:51:09 [tlr]
... there are a lot of secure audit techniques ...
08:51:26 [tlr]
... prepared to sacrifice fair amount of security in order to ...
08:51:32 [tlr]
... have better accountability and privacy ...
08:51:41 [tlr]
... mistake to avoid accountability just to protect accountability ...
08:51:50 [tlr]
... legal & privacy rules might be more important than confidentiality ...
08:52:09 [tlr]
... may have been a mistake to overemphasize security ...
08:52:20 [tlr]
reconvene at 11:15
08:58:04 [rigo]
rigo has joined #privacy
09:18:03 [Giles]
Giles has joined #Privacy
09:19:08 [rigo]
Frank Wagner, T-Systems T-Identity Protector
09:19:23 [tlr]
Topic: Frank Wagner, T-Systems T-Identity Protector
09:20:14 [Giles]
\me it's me
09:20:16 [Danny]
Danny has joined #privacy
09:20:20 [tlr]
ScribeNick: Giles
09:20:27 [tlr]
s/\me it's me//
09:21:40 [robinwilton]
robinwilton has joined #privacy
09:23:41 [tlr]
09:24:41 [Helena]
Helena has joined #privacy
09:25:16 [Helena]
hi giles
09:25:24 [Helena]
09:26:35 [jschallaboeck]
jschallaboeck has joined #privacy
09:26:36 [jash]
jash has joined #privacy
09:29:18 [tlr]
s/hi giles//
09:29:20 [tlr]
09:32:07 [marit]
marit has joined #privacy
09:35:08 [Kriegel]
Kriegel has joined #privacy
09:35:35 [Giles]
Marit: do we have some ideas on what to standardize in the T-identity protector
09:35:52 [xavier]
xavier has joined #privacy
09:35:57 [Giles]
what are the key questions where engineers can get together and standardize
09:36:16 [Giles]
Frank: we have been thinking about how to realize it, not how to standardize
09:36:25 [Giles]
maybe prime can help with this
09:36:40 [rigo]
Sören Preibusch
09:37:02 [rigo]
s/Sören Preibusch/Sören_Preibusch/
09:37:20 [Giles]
some scientists have concluded that not all operations are possible on pseudonymized data
09:37:26 [Giles]
is it just the vision?
09:37:28 [Giles]
Frank: Yes
09:38:01 [Giles]
LF PAU: There are a couple of other operators which take privacy protection as a revenue-generating service
09:38:13 [Giles]
recommends that T-Mobile should do the same thing
09:38:23 [Giles]
see ITU papers
09:38:34 [Giles]
be more ambitious - then T-Systems would take it more seriously
09:38:57 [tlr]
Topic: A Privacy Policy Framework – A position paper for the W3C Workshop of Privacy Policy Negotiation
09:39:01 [tlr]
09:41:03 [Giles]
(change of agenda)
09:45:54 [xavier]
xavier has left #privacy
09:53:36 [rigo]
09:53:54 [Giles]
johan hjelm: This is an intriguing picture (the crossover between preference, technology and legislation)
09:53:58 [tlr]
Interesting analysis @
09:54:11 [Giles]
but the compromise has to be in the technology in the end
09:54:20 [tlr]
s/johan hjelm/Johan_Hjelm/
09:54:33 [Giles]
Robin: There is actually a timeline which the diagram does not show
09:55:01 [Giles]
LF PAU: There is a set of tools in the open bodies SLA handbook.
09:55:09 [tlr]
09:55:10 [Giles]
They also show these 3 levels
09:55:18 [rigo]
s/open bodies/OMG/
09:55:33 [Giles]
The winners in this game are the service providers who manage the SLA's
09:56:02 [Giles]
Robin Wilton: I do actually argue against the application of technology in many cases
09:56:25 [Giles]
we should recognize that in trying to design technology and solutions cross border, we should recognize that in some countries...
09:56:35 [Giles]
everything is left to legislation
09:56:58 [Giles]
whereas in other countries there is a thinner layer of legislation and a thicker layer of best practice
09:57:12 [Giles]
09:57:45 [Giles]
1. P3P does have the ability to express preferences in contrast to what Robin said
09:57:59 [Giles]
Robin: it's just not the best tool for the job
09:58:16 [Giles]
in P3P, you can't do it in isolation - you are bouncing it off a service provider
09:58:52 [Giles]
say I want to display different partial identities to different providers, P3P doesn't work
09:59:05 [Giles]
Soren: it's outside the scope of P3P
09:59:19 [Giles]
Giles: APPEL is NOT a W3C standard
09:59:26 [tlr]
09:59:43 [Giles]
Danny: the semantics of how one would express the usage element in XACML
10:00:08 [Giles]
Robin: defers to Marco
10:00:40 [Giles]
Danny: the syntax in the soap message
10:00:57 [Giles]
Marco: semantics - some preferences expressed by the user - to be carried out by the custodian
10:01:27 [Giles]
P3P can underpin that but it should work in a non-web context.
10:02:28 [Giles]
Robin: the XML snippet is a user using a WS framework and adding his preferences to the initial request
10:03:43 [rigo]
Giles: is it only B2B?
10:03:53 [rigo]
No just a generic mechanism
10:04:11 [Giles]
Ernesto: the architecture reminds me of DRM enforcement
10:04:15 [tlr]
Discussion was about XML snippet on
10:04:21 [Giles]
the custodian comes from an IDM heritage
10:04:27 [Giles]
it supervises the DHP's etc...
10:04:36 [Giles]
it's more or less what happens in DRM
10:04:47 [Giles]
decouple data provider from licence providers and enforcers etc...
10:04:59 [Giles]
But is this model really applicable to IDM and privacy
10:05:02 [Giles]
10:05:08 [tlr]
s/DHP/data handling policy/
10:05:16 [Giles]
Danny: hold it for later - it's an important question
10:06:45 [xavier]
xavier has joined #privacy
10:07:13 [tlr]
Topic: M. Hondo, T. Nadalin, R. Nagaratnam, M. Nudoh, G. Karjoth, B. Pfitzmann, M. Schunter, Position Paper: Privacy Policies as a Component of Policy-enabled Governance
10:07:17 [tlr]
10:08:30 [tlr]
rrsagent, draft minutes
10:08:30 [RRSAgent]
I have made the request to generate tlr
10:10:40 [tlr]
rrsagent, please draft minutes
10:10:40 [RRSAgent]
I have made the request to generate tlr
10:11:51 [tlr]
rrsagent, please draft minutes
10:11:51 [RRSAgent]
I have made the request to generate tlr
10:22:41 [Giles]
John Borking: is what you've presented marketable
10:22:51 [Giles]
Gunther: it's a roadmap not a product
10:23:14 [Giles]
As corporate policy I can't talk about some products
10:23:37 [tlr]
rrsagent, excuse use
10:23:37 [RRSAgent]
I see no action items
10:23:38 [tlr]
rrsagent, excuse us
10:23:38 [RRSAgent]
I see no action items
10:23:41 [RRSAgent]
RRSAgent has joined #privacy
10:23:41 [RRSAgent]
logging to
10:23:44 [Giles]
What is user-centric
10:23:48 [Giles]
10:23:57 [Giles]
10:24:08 [Giles]
Gunther: means user has control over his data
10:24:59 [Giles]
Robin: it's a question which has ballooned - the processing of data with appropriate control and consent
10:25:05 [Giles]
doens't mean user has to HAVE data
10:25:08 [Giles]
e.g. online banking
10:25:25 [Giles]
bank can make automated payments to 3rd parties without you having their details.
10:25:43 [Giles]
also you might ask your bank to notify you if it's asked to approve a line of credit to you
10:25:52 [Giles]
or if a particularly large sum goes out of your account
10:25:58 [Giles]
the user is in the transaction flow
10:26:13 [Giles]
Danny: the US gov't is in the flow, so you might as well be in it too
10:28:29 [tlr]
Topic: Renato Iannella, Karen Henricksen, Ricky Robinson, A Policy Oriented Architecture for the Web: New Infrastructure and New Opportunities
10:28:34 [tlr]
10:36:56 [Johan]
Johan has joined #privacy
10:42:15 [Giles]
10:42:28 [Giles]
Danny: important points
10:42:42 [Giles]
link between DRM and Privacy policy languages
10:42:55 [Giles]
Relation between privacy expressoin and access control expressoin
10:43:06 [Giles]
user-centric versus user-control
10:43:37 [Giles]
Johan Huelm: The reason that DRM and IDM policies are so similar is that we're working on the same problem
10:43:45 [Giles]
controlled usage rules to content
10:43:54 [Giles]
avoid pitfalls of DRM
10:44:10 [Giles]
there were good reasons not to have W3C do DRM
10:44:18 [Giles]
it emerged in the mobile realm
10:44:33 [Giles]
but the lessons from DRM can be very well applied here - especially the pitfalls
10:44:46 [Giles]
we need to enable the control point not to have a central point of failure
10:45:03 [Danny]
Is DRM usage control or access control?
10:45:09 [Johan]
10:45:19 [Giles]
Patricia Charles: in investigating how to support privacy, you look at DRM
10:45:36 [Giles]
users don't like DRM because it violates their privacy and it controls personal decisions
10:45:44 [Giles]
privacy is a decision they make in their own space
10:46:07 [Giles]
Users find DRM complicated
10:46:13 [Giles]
so that needs to be simplified
10:46:29 [Giles]
with networking in p2p, they know who they're networking with
10:46:36 [Giles]
but in commercial environment, they don't
10:46:50 [Giles]
for the applications of the solutions, we have different use-cases
10:46:57 [Giles]
so maybe not a one-fits-all solutoin
10:47:03 [Giles]
it's a very complicated system;
10:47:20 [Giles]
Danny: Relationship between Privacy rules and DRM systems
10:47:25 [Giles]
There are 2 kinds of DRM
10:47:31 [Giles]
access-control oriented
10:47:36 [Giles]
usage-control oriented
10:48:07 [Giles]
the assumption that all the data is out there but what can you do with it
10:48:21 [Giles]
e.g. creative commons
10:48:47 [Giles]
10:48:53 [Giles]
allows 5 times using
10:49:13 [Giles]
Gunther: usage-control and access-control are the same more or less
10:49:26 [Giles]
usage control just adds more info on which to base the access control decision
10:50:05 [Giles]
Work on privacy technologies has stimulated the access-control community to include purpose and obligatoins
10:50:43 [Giles]
Patricia: you could be using the same usage rights to access or copy something
10:50:48 [Giles]
is that what you mean?
10:50:59 [Giles]
Gunther: usage might be the delegation of rights
10:51:14 [Giles]
can I revoke the rights I give on copies of my data
10:52:01 [Giles]
Soren: we heard a lot about XACML - but I think going back to the first talk - privacy is more than Access Control but now we are focussing only on this
10:52:17 [Giles]
perhaps XACML has storage control etc...
10:52:25 [Giles]
let's not narrow down on Access
10:52:35 [Giles]
Anne: XACML came out of AC world
10:52:50 [Giles]
it has been evolving in many ways to a much more generic policy language
10:52:56 [Giles]
will be presented later
10:53:16 [Giles]
Johan Huelm: Access is just a special case of usage
10:53:38 [Giles]
it's an unfortunate fact of such systems that they have to be complex.
10:54:01 [Giles]
a project called mobilife - analysed how this would impact a system of ambient intelligence
10:54:22 [Giles]
enable user-visualizations so that users were not completely scared away from writing their preferences
10:54:59 [Giles]
Ernesto: Certainly there is a convergence between AC, privacy languages and DRM
10:55:04 [Giles]
but there are differences
10:55:23 [Johan]
Johan has joined #privacy
10:55:28 [Giles]
architecturally - on mobile network, there is a tendency to have all the infrastructure as a service
10:55:48 [Giles]
which could also deal with privacy
10:55:49 [Johan]
Johan has joined #privacy
10:56:05 [Giles]
on fixed network, the client controls
10:56:20 [Johan]
Johan has joined #privacy
10:56:37 [Giles]
so architecturally, are we moving towards a world in which all sides are offered as a service
10:57:11 [Giles]
there are a lot of technicalities in the semantics which are different (e.g. cardinality)
10:57:26 [Johan]
Just for completeness (all deliverables are public):
10:59:46 [Giles]
Uni of Kuwait: Usage is the end of a chain of acts on personal information
11:00:13 [Giles]
LF Pau: the negotiation aspect may eliminate some of the candidate language features
11:00:45 [Giles]
agents can do a lot of the job that the proposed languages are talking about
11:02:05 [jasch]
jasch has joined #privacy
12:14:11 [Johan]
Johan has joined #privacy
12:18:04 [Danny]
Danny has joined #privacy
12:21:03 [xavier]
xavier has joined #privacy
12:21:43 [marit]
marit has joined #privacy
12:21:52 [tlr]
tlr has joined #privacy
12:21:55 [Giles]
Giles has joined #privacy
12:22:03 [rigo]
rigo has joined #privacy
12:22:14 [tlr]
Topic: M. Maaser, S. Ortmann, P. Langendörfer, NEPP: Negotiation Enhancements for Privacy Policies
12:22:22 [tlr]
12:23:58 [tlr]
rrsagent, excuse us
12:23:58 [RRSAgent]
I see no action items
12:24:01 [RRSAgent]
RRSAgent has joined #privacy
12:24:01 [RRSAgent]
logging to
12:24:07 [tlr]
rrsagent, please draft minutes
12:24:08 [RRSAgent]
I have made the request to generate tlr
12:25:18 [tlr]
ScribeNick: rigo
12:28:30 [Kriegel]
Kriegel has joined #privacy
12:34:50 [jschallaboeck]
jschallaboeck has joined #privacy
12:34:52 [jash]
jash has joined #privacy
12:34:53 [rigo]
12:35:24 [rigo]
Negotiation is good thing to do, but complicated, both location and price was simple
12:35:49 [rigo]
in ?? people tried to model business processes and was never implemented
12:36:05 [rigo]
it can get arbitrarily complicated
12:36:27 [rigo]
the more you have items the more it gets complicated
12:37:13 [rigo]
transport layer guys thought it was too complicated
12:37:20 [Johan]
12:37:40 [rigo]
Giles: strategies are exchangeble
12:38:13 [tlr]
s/??/IKE and TLS/
12:38:25 [rigo]
answer: strategy is hard coded
12:38:37 [rigo] like a plugin, you can change the plugins
12:39:07 [Johan]
Internet Key Exchange and Transport Layer Security, is what Tscofennig used as example
12:39:07 [rigo]
LFPau, in management science is not like you model negotiation
12:39:17 [tlr]
12:39:29 [tlr]
12:39:35 [rigo] space and other space and each has its utiliy and this is only a search
12:40:10 [rigo]
Guenter: have you looked into WS agreement and such?
12:40:49 [rigo]
answer: we looked into SLA, but not beyond, have looked into using ranges, but considered that some info we want to keep private
12:42:15 [xavier]
xavier has left #privacy
12:42:36 [xavier]
xavier has joined #privacy
12:42:43 [rigo]
Topic: Privacy Negotiations with P3P
12:42:56 [rigo]
12:47:38 [rigo]
12:48:02 [rigo]
Sören_Preibusch == SP
13:05:55 [rigo]
JB: interest in economic background, deferred to general session
13:06:07 [rigo]
...second what is the blinking light
13:06:45 [rigo]
SP: developed by the Post Worldnet, tech is currently on the market, other pilot permission based mobile marketing...
13:06:54 [rigo]
...this will be online in more cities
13:07:14 [rigo]
JB: is this not very vulnerable as embedded in paper?
13:07:23 [rigo]
SP: no, special implementation
13:08:00 [rigo]
Tsch: sticking to specific application, have you encountered issues?
13:08:16 [rigo]
SP: interested in privacy and different offers
13:08:54 [rigo]
Tsch: you might have received different award, a lot of app specific semantics. In P3P you care for privacy and ignore app specific attributes
13:09:06 [rigo]
SP: this goes into SLA
13:09:40 [rigo]
Giles: negotiation works with interaction with user, no automatic, is it deliberate simplification?
13:10:45 [rigo]
SP: There can be negotiation support systems, like XPref, then the negotiation support may choose the right contract on my part
13:10:56 [rigo]
Giles: would not work off the shelf
13:11:18 [rigo]
SP: no, we have no way of specifying benefits
13:11:53 [Johan]
ebxml was also mentioned as an example
13:12:02 [rigo]
RW: why not using <Consequence>
13:12:30 [rigo]
SP: Consequence includes human readable explanation...
13:12:56 [rigo]
...Consequence has to be always in line with the other elements
13:13:27 [rigo]
Topic: Piero A. Bonatti, Flexible and Usable Policies
13:13:40 [rigo]
13:13:51 [rigo]
Piero Bonatti == PB
13:29:02 [rigo]
Final Discussion:
13:29:39 [rigo]
HT: very specific pricing aspects, is it just example
13:30:11 [rigo]
PB; expect the framework be general, but started the example implementation with pricing
13:31:24 [rigo]
LFPau: refer to our PP, agents with reasoning, it is scalable up to 4 Mio users, pragmatic way forward, also can be basis for auction type exchange
13:31:59 [rigo]
PB: Carnegie Mellon had a project on position with filters, jazz, based on Java, confirms feasibility
13:32:08 [Johan]
Prof. Norman Sadeh
13:32:22 [rigo]
Patricia: what does lightweight mean in terms of policy/ontology?
13:32:24 [Giles]
13:33:07 [rigo]
PB: we do not have enough examples to get an idea of complexity, lightweight means some syntactic restriction to limit data complexity
13:33:31 [rigo]
Patricia: lightweight in terms of inference, but no result on data complexity
13:33:41 [rigo]
PB: tried to reduce as much as possible
13:34:55 [Johan]
Radius and Diameter are examples of charging systems with negotiation; SIP Payment using XACML assertions
13:34:56 [rigo]
HT: AAA infrastructure is also heavily used for access control, also IDF work that uses SAML and would be interesting to combine as they produce also rules
13:35:51 [rigo]
LFPau: comment leightweight, it raises an issue, how deep and how wide will interactions with all the parties span which is fundamental for the compliance across jurisdictions e.g.
13:36:24 [rigo] can branch out and can eliminate some parts, because the inference is implemented, a gain in scope and a gain in span
13:36:41 [rigo]
John: Economic models question from beforehand
13:36:59 [rigo]
SP: have a case study
13:37:08 [rigo]
GK: will be tomorrow in the afternoon
13:37:56 [rigo]
SP: are their alternatives was the starting point, also generic vs specific as a starting point, We have a discrete number of service provides, so no finite matching
13:38:43 [rigo]
...think of as highly personalized search engine and if you don't want it you can just use the generic search engine...
13:39:05 [rigo] seems _the_ approach to reconcile personalization and data protection..
13:39:40 [rigo] in a way that users are not disclosed as marginally privacy concerned or not
13:39:55 [rigo]
John: have you also considered lack of transparency of the market?
13:41:09 [rigo]
SP: offerings of the Web are increasing and increasing amount of information of the user, and user wants to know the difference. The service is not the question for commodities, so there are non-functional issues and privacy is one of them
13:42:18 [rigo]
...sales brokers could cover different services and offer different offers
13:42:51 [rigo]
Ann: ??
13:43:00 [Johan]
CMU privacy aware search engine: PrivacyFinder,
13:43:06 [rigo]
MM: could use them on the server side as well
13:43:16 [rigo]
MM: goal is to find an exact value
13:43:47 [rigo]
MM is giving use case
13:43:56 [rigo]
MM == Michael Maser
13:44:54 [rigo]
Ernesto: comment: very nice on fine grained position thing, but this is what we have to do...
13:45:15 [rigo]
...we have the experience with...
13:45:42 [rigo]
...if you tried the approach with different possibilities, some time the performance goes down...
13:46:06 [rigo]
...some prefixed would take a way some of the complexity, but in praxis I have doubt, whether this could work
13:46:32 [Johan]
the issue is that if you have too fine grained negotiation, it becomes computationally comples; and his suggestion was to use "blocks" of preferences
13:46:47 [rigo]
HT: performance question: is there a low that we need negotiation per transaction?
13:47:12 [rigo]
LFPau: when you bundle content and service and you end up paying one price for what you want, this is the price
13:48:13 [rigo]
GK: people focus on different areas, negotiation systems, other on language attributes and others and what part shall be standardized and what part should be left open for competition
13:48:21 [rigo]
GK: closing session
14:12:36 [Johan]
Johan has joined #privacy
14:17:35 [Johan]
Anne Anderson:,
14:17:59 [Johan]
Luis-Francois Pau = LP
14:17:59 [Johan]
Anne Andersson = AA
14:17:59 [Johan]
Danny Weitzner = DW
14:17:59 [Johan]
Gnter Karjoth = GK
14:17:59 [Johan]
Rigo Wenning = RW
14:18:00 [Johan]
John Borking = JB
14:18:02 [Johan]
Hannes Tschofenig = HT
14:19:33 [Johan]
DW: Final panel - 3 speakers; after that reflection time; all of you: Raise the most significant issues, which you want to raise tomorrow during the discussion of next steps
14:19:57 [xavier]
xavier has joined #privacy
14:19:57 [tlr]
Topic: Anne Anderson, Sun Position Paper
14:20:03 [tlr]
14:21:44 [jschallaboeck]
jschallaboeck has joined #privacy
14:21:44 [jash]
jash has joined #privacy
14:22:17 [marit]
marit has joined #privacy
14:27:57 [tlr]
rrsagent, please draft minutes
14:27:57 [RRSAgent]
I have made the request to generate tlr
14:28:55 [Johan]
14:29:02 [tlr]
ScribeNick: Johan
14:29:44 [tlr]
14:29:48 [Johan]
DW asks how the datastructure is defined (AA answers: It can be RDF
14:30:22 [Johan]
DW: Is there a function to express subclasses?
14:30:35 [Johan]
AA: There is for attributes; it could be generic.
14:30:48 [Johan]
HT: There is a format for location
14:31:00 [Johan]
AA: this was an example only; it does not have to be hierarchical
14:32:01 [Johan]
AA notes that WS-XACML was released last week
14:36:06 [Johan]
DW: That was too fast! don't you have more?
14:37:05 [Johan]
AA: There could e.g. be a way for a system to intersect the requirements with the client capabilities and only give out the required capabilities
14:37:19 [Johan]
RW: How far are you inspired by the client-server model?
14:37:36 [Johan]
RW: Transporting a flow of personal data which has to be augmented by constraints?
14:38:15 [Johan]
RW: For the moment, it looks more like access control than preferences management (a la P3P); there is a big difference in computing terms
14:38:46 [Johan]
AA: Requirements could be for each of the P3P catagories, you could specify which values you require in conjuncition with each type of information access
14:39:25 [Johan]
AA: Another assertion could have a different set of preferences for what you require the service to satisfy in conjunction with a different type of request
14:40:00 [Johan]
AA: One partys requriements could say "I am willing to give you my credit card number IF you delete it within 30 days AND do not give out it to someone else"
14:40:18 [Johan]
and the service could say "I am willing to obligate myself to do this"
14:40:53 [Johan]
LP: Long-time practitioner of constraint based languages; do you know the iLog solution. Has advantage: You incapsulate client control on client level
14:41:17 [Johan]
LP: Large scale in this class of language there is a scalability problem
14:41:33 [Johan]
AA: In conjunction with semantic information you can map it onto the more detailed information when applying
14:41:54 [Johan]
AA: This is for the web services model; the information you publish is only a subset of your total access control
14:42:21 [Johan]
AA: By publishing the minimal set of requirements you can filter out clients which do not want to fulfill this
14:42:40 [Johan]
??: Doublecheck - this type of language is somewhere between declarative and code
14:42:51 [tlr]
14:43:02 [Johan]
Depending on where you place the constraint in the code, it will be used differently
14:43:20 [Johan]
when you write a condition in one place, it will be reasoned about; in another place, it will only be evaluated
14:44:00 [Johan]
AA: XACML core spec does the valuation, by a standard engine, regardless of variables, using the standard datatype
14:44:14 [Johan]
AA: The semantics of negotiation is in the XACML specification
14:44:27 [Johan]
PB: Do I have to write the policy differently?
14:44:52 [Johan]
AA: No, your policy can be the same, e.g. students form universities who have to supply credentials to a bookstore
14:45:25 [Johan]
Topic: Ernesto Damiani Privacy Enhanced Authorizations and Data Handling
14:45:25 [Johan], slides:
14:45:47 [Johan]
Ernesto Damiani = ED
14:57:23 [Johan]
HT: You have to look at the IDF work, since it will cover some of the example; you may want to look on OCG for location-based DRM
14:57:32 [Johan]
ED also mentioned he had a patent on location-based DRM
14:59:22 [Johan]
Repeat: Legislation may force you to do something but it has to be based on the minimum rights of the user;
14:59:40 [Johan]
... the minimum rights may be soemthing the user does not state for himself, but is externally given
15:03:03 [Johan]
ED: There are many hidden sources of complexity in what we have discussed today
15:05:31 [Johan]
ED: The list of topics in the "conclusion" slide must be taken into account.
15:05:53 [Johan]
ED: There is a risk of a: overstandardizing, b: introducing hidden sources of complexity
15:06:35 [Johan]
HT: Did not understand encryption issue
15:06:49 [Johan]
ED: You want to ask conditions on encrypted data that can be verified
15:06:59 [Johan]
HT: Key assertion in SAML
15:07:30 [Johan]
Topic: Marco Casassa Mont, On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Handling Practices
15:07:30 [Johan], slides:
15:08:00 [Johan]
Marco Cassassa Mont = MT
15:09:08 [Johan]
s/ MT/MM
15:11:54 [rigo]
Marco Cassassa Mont = MT
15:14:42 [rigo]
15:16:33 [Johan]
MT stresses that his slides are oversimplifying (slide 17)
15:20:06 [Johan]
HT: What do you mean by "ensure compatibility..." in slide 20 (Requirements 2/2)
15:20:37 [Giles]
Giles has joined #privacy
15:20:55 [Johan]
MT: The state of the art solutions can gather profiles from the end-user; do not design from scratch
15:21:07 [Johan]
HT: Provisioning and single-sign-on are decoupled
15:21:12 [Johan]
MT: More and more integrated
15:21:26 [Johan]
HT and MT note that they have to talk more
15:21:41 [Johan]
MT: The authorization and authentication feeds the provisioning
15:25:34 [Johan]
Giles: What does AA think about obligations in XACML
15:26:04 [Johan]
AA: Almost in policy of events. You could have events as targets, and a mechanism which feeds events into policy evaluation engine
15:26:17 [Johan]
AA: These would be policies targeted for specific types of events
15:26:27 [Johan]
AA: Not an ideal language, but it can be done; like the idea
15:26:49 [Johan]
DW: MT, can you say about concern of subordination to access control? Practical example
15:27:19 [Johan]
MT: Obligation "delete data after period of time". If you do from access control, does not capture event time.
15:27:41 [Johan]
... simple obligation needs react to purely time-based events, without access to data
15:27:58 [Johan]
... access control needs access.
15:28:43 [Johan]
Long-haired guy from T-systems: How to prevent server-side negotiaton multipled. If my value is 10, does not match policy, how to prevent server ask me again for some reason?
15:29:04 [Johan]
By doing this, they can investigate the range of my values (and check for completeness)
15:29:24 [tlr]
s/Long-haired guy from T-systems/FrankWagner/
15:29:27 [Johan]
AA: WOuld check how many requests come from the same user; verify not used as probes, no way of preventing
15:29:46 [rigo]
15:30:12 [Johan]
Soren??: Talking P3P, Prime, standardize - impression, model/paradigm is simple(?). Privacy prefs is not where XACML is working.
15:30:26 [tlr]
15:30:31 [tlr]
15:30:37 [Danny]
Xavier, my mistake
15:30:44 [Johan]
... e-government is working in XACML already, different model, trusted party (privacy commissioner).
15:31:10 [Johan]
... afraid thinking in terms of privacy preferences only. Need to take into account data protection officer as well as legislation.
15:31:33 [Johan]
AA: Can include this in the computation, and intersect with CPO requirements again, and meet all three.
15:32:09 [Johan]
ED: When have good privacy prefs, not equivalent to have server policy, conditions as acess control request.
15:32:43 [Johan]
ED: Do we want a mapping on policy and conditions to be evaluated at request; can convert P3P into privacy profile in XACML.
15:33:09 [Johan]
ED: Do we want to evaluate preference or not? The client may never need to evaluate the pferences. Need a mapping.
15:33:32 [Johan]
ED: Mapping from preferences to conditions. If not these mechanisms, why an access control on client side - for what?
15:33:41 [Johan]
AA: Are we answering the question?
15:33:50 [Johan]
XH: No, but it sounds nice
15:34:17 [Johan]
XH: One idea behind egov in belgium, the idea is to reuse data, maximally. Single collection, maximum reuse.
15:34:54 [Johan]
XH: Registry says ok, sources ok, whole architecture in place; but policy of data protection commissioner is only on paper.
15:35:11 [Johan]
... not enforced. How to put into architecture.
15:35:30 [Johan]
... thinking of preferences from user perspective, not service provider.
15:35:56 [Johan]
MT: Goverment is not willing to give out data after time. Just matter of tuning policies, prefs.
15:36:03 [Johan]
XH: HOw to make policies sticky?
15:36:37 [Johan]
RW: Translation between preferences and policies - washed away and mangled up every time.
15:36:48 [Johan]
... Think Marco now understands after Prime disc.
15:37:26 [Johan]
RW: P3P policy gets uploaded, matches with preferences if fulfills. Did not work to evaluate P3P policy against P3P policy - needed APPL.
15:37:52 [Johan]
RW: This is where obligations come in. Can only glue preferences to data, not policy. Upside down. Obvious example:
15:38:22 [Johan]
... supermarket: Look at price and buy. Now go to supermarket, give cashier your shopping list, see if shopping gets done.
15:38:38 [Johan]
ED: Reverse transformation. Can not make policies sticky, but preferences sticky.
15:39:57 [Johan]
PB: What should be standardized. Look like definiing orginal ontologies. Sticky policies apply to so many things - DRM, location, etc.
15:40:24 [Johan]
PB: Put together more complex things from simple ones. Miss a chance, define e.g. density - number of people in a location.
15:40:55 [Johan]
... standard becomes global. Can reach without changing. Not currently done. Combinator operators, algorthmically. No algebra of operators.
15:41:27 [Johan]
PB: Benefit - would be according to experience wth protune, put togehter many things and combine, e.g. rules
15:41:49 [Johan]
... facilitate so many things, e.g. natural language front ends, etc. Composition operators as first class citizens.
15:42:21 [Johan]
AA: It would be nice to be able to define. But realistcally, unlikely that most companies would put in efforts in standardize this,
15:42:35 [Johan]
... since things are meeting their needs now. Which companeis would adopt, even if standard?
15:42:49 [Johan]
AA: You can think of better langauges, but you have to live with what you have.
15:43:26 [Johan]
DW: 2 critical observations: Something required for interoperability. Minimum set of conditions. 2nd Annes point, some reasonably foreseeable implementation effort.
15:43:37 [Johan]
DW: Framework we have to live in.
15:44:17 [Johan]
HT: Location privacy. Few easy and difficult parts. Easy part is have access control mechanism, simple notion.
15:44:44 [Johan]
... difficult is to agree on some of the application-specific attributes. Not easy to come up with all potential attributes.
15:45:31 [Johan]
... Other complicated part is we realize you have to come up with part of carrying location around. Had to look at what SIP could support, since focussed on SIP.
15:45:59 [Johan]
Giles: Great danger in model data itself. Abstract away the concepts of privacy and id management, can be applied to any data.
15:46:25 [Johan]
... can divide data to sensitive and not sensitive, infinite number of types - infinite amount of work.
15:46:52 [Johan]
Giles: Exensibility is to let implementors in a context take care of that.
15:47:11 [Johan]
DW: Now, thoughts what we have heard during the day.
15:48:24 [Johan]
end of minutes, Danny will take notes in slides.
15:48:43 [rigo]
15:48:51 [tlr]
rrsagent, please draft minutes
15:48:51 [RRSAgent]
I have made the request to generate tlr
15:49:17 [rigo]
Session on conclusions from the first day, Notes by Günter Karjoth on Danny's PC
15:52:55 [tlr]
ScribeNick: tlr
15:52:56 [tlr]
15:53:07 [tlr]
SoerenPreibusch: Important questions for tomorrow ...
15:53:20 [tlr]
... what's user-centric? ...
15:53:45 [tlr]
... maybe in a better position tomorrow to answer that ...
15:54:08 [tlr]
Topic: discussion
15:54:16 [tlr]
xavier: What is beyond the data protection directive?
15:54:23 [tlr]
danny: what do you mean -- internationally, or?
15:54:31 [tlr]
xavier: A lot of what we're talking about is about EU data protection ...
15:54:39 [tlr]
... in particular if make the context broad enough ...
15:54:46 [tlr]
danny: Marco's slides answered that
15:54:54 [tlr]
... US policy rules in health and financial services area ...
15:55:04 [tlr]
xavier: data protection vs privacy. What is "privacy" here?
15:55:37 [tlr]
danny: anyone want to nominate requirements beyond OECD fair info practices?
15:56:03 [tlr]
borking: 6 major legal systems in the world. Islamic, socialistic, communist, US, Europe, ...
15:56:11 [tlr]
... globalization ...
15:56:16 [tlr]
... difficulty of what's applicable ...
15:56:21 [tlr]
... standardization? ...
15:56:31 [tlr]
... it's a way to get certain values and norms accepted on world-wide basis ...
15:56:39 [tlr]
... might be worthwhile looking into other legal systems ...
15:56:43 [tlr]
... some ideas might never fit in ...
15:56:51 [tlr]
... folks in other legal systems are 2/3 of world population ...
15:56:57 [tlr]
... we might actually find ourselves in minority ...
15:57:07 [tlr]
danny: a lot of the work that has been done is framed by EU and US frameworks ...
15:57:11 [tlr]
... they define a lot of marketplace ...
15:57:16 [tlr]
... those have been source of requirements ...
15:57:25 [tlr]
... question seems to be: Other requirements we're missing?
15:57:29 [tlr]
borking: China?
15:57:44 [tlr]
HelenaLind: re privacy beyond EU regulation -- OECD guidelines are basis in Europe ...
15:58:00 [tlr]
... purpose of P3P (rigo might chop head off) was to provide protection to non-EU countries ...
15:58:07 [tlr]
... privacy beyond data protection is user preferences ...
15:58:10 [tlr]
... real right to be left alone ...
15:58:14 [tlr]
... who cares about privacy? ...
15:58:17 [tlr]
... who doesn't? ...
15:58:21 [tlr]
... what's the difference? ...
15:58:26 [tlr]
... suggest focus on user preferences ...
15:58:36 [tlr]
... difference between individuals is individual preferences ...
15:58:41 [tlr]
... not on legal basis ...
15:58:56 [tlr]
SoerenPreibusch: suggest that name of workshop is focused on ...
15:59:00 [tlr]
... technology, not meta questions ...
15:59:11 [tlr]
... appreciate these questions are important, but maybe out of scope ...
15:59:22 [tlr]
... would like to think about that today we have people from P3P WG ...
15:59:29 [tlr]
... maybe aligned with the 2nd P3P WS in Kiel ...
15:59:35 [tlr]
... maybe take up open points that were left open there ...
15:59:44 [tlr]
... answers now? future directions for development of P3P? ...
15:59:49 [tlr]
... integrate negotiation or other points? ...
16:00:01 [tlr]
AnneAnderson: Talking about two kinds of policies ...
16:00:07 [tlr]
... (1) things driven by govt regulation ...
16:00:18 [tlr]
... do we have tech capability to support supplying minimal set of information ...
16:00:22 [tlr]
... need to talk about that ...
16:00:32 [tlr]
... (2) privacy agreements & requirements within closed group ...
16:00:53 [tlr]
... interactions there could go far beyond what govt requirements are in that context ...
16:01:04 [tlr]
FrankWagner: From poor user's point of view, ...
16:01:15 [tlr]
... talking about difference ...
16:01:30 [tlr]
... how to define user profile? ...
16:01:33 [tlr]
... pre-defined user profiles? ...
16:01:37 [tlr]
danny: easier to implement?
16:01:39 [tlr]
... yep ...
16:02:08 [tlr]
GuyFromKuwait: different from information privacy ...
16:02:12 [tlr]
... prof? in Oxford ..
16:02:27 [tlr]
... excessive interest in policy, languages, technolog y...
16:02:30 [tlr]
... natural given the title ...
16:02:35 [tlr]
... but maybe a corner for other issues? ...
16:02:43 [tlr]
... personal information ...
16:02:45 [tlr]
... ontologies ....
16:02:58 [tlr]
... have a paper in canada 2y ago -- how to calculate information in privacy (?) ...
16:03:07 [tlr]
... other issue -- purpose, nature of purpose, ...
16:03:14 [tlr]
... non-Internet operations ...
16:03:24 [tlr]
... private information ewallet ...
16:03:43 [tlr]
... personal information ethics ...
16:03:50 [tlr]
... personal information has moral values ...
16:04:18 [tlr]
... common model for privacy? ...
16:04:35 [tlr]
danny: question I hear from answers is q about breadth of foundation that's needed?
16:04:51 [tlr]
patricia: relationship with DRM ...
16:04:54 [tlr]
... access usage ...
16:04:56 [tlr]
... rights ...
16:05:02 [tlr]
... agency negotiation ...
16:05:22 [tlr]
borking: Is W3C also looking into ambient intelligence?
16:05:28 [tlr]
... effect on what we're doing here ...
16:05:33 [tlr]
... what are the findings? ...
16:05:48 [tlr]
rigo: Ubiquitous Web workshop
16:06:00 [tlr]
danny: what do you mean by ambient intelligence?
16:06:01 [tlr]
16:06:05 [tlr]
ubiquitous computing
16:06:11 [tlr]
danny: that's question we had with P3P ...
16:06:18 [tlr]
... web from a large perspective ...
16:06:21 [tlr]
... important question ...
16:06:27 [tlr]
... it's a requirements question ...
16:06:34 [tlr]
... do we meet the requirements of these environments? ...
16:06:45 [tlr]
xavier: to add to Anne, might be good to just bring sth from FIDIS into discussion ...
16:07:03 [tlr]
... FIDIS made difference between privacy & data protection as follows ...
16:07:07 [tlr]
... privacy -- opacity ...
16:07:14 [tlr]
... data protection accountability ...
16:07:25 [tlr]
... balance between user and service provider ...
16:07:36 [tlr]
... right and interest to keep things private ...
16:07:38 [tlr]
... anonymity ...
16:07:41 [tlr]
... pseudonymity ...
16:07:46 [tlr]
... important tools to help user ...
16:07:53 [tlr]
... data protection as transparency tool ...
16:08:01 [tlr]
16:08:21 [tlr]
danny: understand question now... take it to be: what's the balance between transparency vs. confidentiality?
16:08:29 [tlr]
... using transparency term as in fair info practices ...
16:08:38 [tlr]
... lots of these words have cultural connotations ...
16:08:43 [tlr]
... transparency v opacity is important ...
16:08:56 [tlr]
xavier: in Europe, privacy is diff from data protection
16:09:13 [tlr]
danny: talked in the beginning about relationship between ...
16:09:44 [tlr]
... access control rules and usage control rules ...
16:09:47 [tlr]
... common framework? ...
16:09:52 [tlr]
... commensurate or incommensurate? ...
16:09:58 [tlr]
... balance? ...
16:10:03 [tlr]
... what are the different functions?
16:10:16 [tlr]
patricia: negotiation ...
16:10:19 [tlr]
... consider DRM ...
16:10:24 [tlr]
... consider ongoing activities, previous work ...
16:10:38 [tlr]
... how do we want to work / use access rights and usage rights that have been defined in commercial content systems ...
16:10:56 [tlr]
soerenpreibusch: industry focus. What does industry want?
16:11:00 [tlr]
... we have some industry here ...
16:11:05 [tlr]
... network companies, content companies ...
16:11:16 [tlr]
... add to question what needs to be standardised ...
16:11:27 [tlr]
... what kind of amount needs to be standardized ...
16:11:30 [tlr]
... what alternatives? ...
16:11:53 [tlr]
xavier: business cases...
16:11:57 [tlr]
... industry is here ...
16:12:10 [tlr]
... discuss tomorrow what drives entities like govts or industry companies to implement this kind of tech ...
16:12:46 [tlr]
johan: how do we make sure these things get implemented and used.
16:12:54 [tlr]
xavier: take into account what exists already.
16:13:02 [tlr]
danny: thanks. adjourned
16:13:06 [tlr]
rrsagent, please draft minutes
16:13:06 [RRSAgent]
I have made the request to generate tlr
16:14:48 [xavier]
xavier has left #privacy
16:24:54 [guenter]
guenter has joined #privacy
16:25:24 [xavier]
xavier has joined #privacy
16:25:30 [xavier]
hello guenter
16:25:36 [guenter]
hello xavier
16:25:42 [xavier]
xavier has left #privacy