07:32:13 ScribeNick: tlr 07:32:13 RRSAgent has joined #privacy 07:32:13 logging to http://www.w3.org/2006/10/17-privacy-irc 07:32:31 rrsagent, please make log public 07:33:12 rigo has joined #privacy 07:43:08 rigo_lap has joined #privacy 08:08:33 Topic: Keynote by John Borking 08:08:41 http://www.w3.org/2006/07/privacy-ws/presentations/borking-keynote.pdf 08:09:00 giles: We don't just have folks from the US here, but also Australia, Kuweit, Japan, ... Global audience. 08:09:19 Sören Preibusch: Liked "research has to reach the market" stance. Sometimes, research is done, but not applied. 08:09:41 Borking: Enormous pockets of interesting knowledge in research institutes and universities; then ends with a thesis ... 08:09:49 ... only makes it into market for a few activists ... 08:09:57 ... economics plays an important role in protecting our privacy ... 08:10:11 ... haven't discovered the Delta between privacy protection and no privacy protection ... 08:10:31 Patricia Charlton: ... people might say "we don't worry" ... 08:10:35 ... but if you dig deeper, they are ... 08:10:51 ... liability for the information ... 08:10:57 ... what emerges in the trend ... 08:11:04 ... posting information about other people? ... 08:11:16 ... have to take that liability issue on ... 08:11:24 ... "just ok" because everybody else does it ... 08:11:47 ... as industry, help users do the right thing for themselves and their social networking? ... 08:11:52 ... "company x does it, so it's ok"??? ... 08:12:07 ... who reads the privacy policy after all? ... 08:12:17 borking: In PRIME, also discussion of HCIs ... 08:12:22 ... symbols? icons? ... 08:12:34 ... reseach done in Karlstad ... 08:12:43 ... "not clear enough", people interpret it badly ... 08:12:58 ... finding symbols for an area that is subconscious is hard ... 08:13:05 ??: cul de sac -- won't get there ... 08:13:08 Johan Hjelm 08:13:18 ... perceptions are not conscious ... 08:13:27 ... different perceptions of privacy in different situations ... 08:13:39 ... would have to hit sth extremely universal if you were to ... 08:13:45 ... design such an icon ... 08:14:00 Borking: Maybe teach people about the symbols, like we teach them about traffic signs? 08:14:08 ??: road environment is extremely constrained 08:14:14 s/??/Johan Hjelm/ 08:14:22 Prof. Popi 08:14:45 Louis-François Pau: Should have listed turn-over generated by 08:14:57 ... business proper and making information available ... 08:15:03 ... and business generated by privacy protection ... 08:15:20 ... privacy protection should become economically attractive ... 08:15:23 s/Prof. Popi// 08:15:42 Pau: Ignoring the economics of it -- you'll be in the same situation. 08:16:28 Topic: Danny Weitzner, End-to-End Accountability for Web Privacy 08:16:34 http://dig.csail.mit.edu/2006/Talks/1017-privacy-e2e-acccountability/ 08:16:51 rrsagent, draft minutes 08:16:51 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 08:17:42 Meeting: W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement 08:18:10 rrsagent, draft minutes 08:18:10 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 08:18:29 Chair: Günther Karjoth, Danny Weitzner 08:19:01 s/Sören Preibusch/SoerenPreibusch/ 08:19:09 s/Patricia Charlton/PatriciaCharlton/ 08:19:19 s/??/Johan Hjelm/g 08:19:33 s/Louis-François Pau/LFPau/ 08:19:54 rrsagent, draft minutes 08:19:54 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 08:21:31 s/??/JohanHjelm/g 08:21:39 s/Johan Hjelm/JohanHjelm/g 08:21:57 rrsagent, please draft minutes 08:21:57 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 08:25:38 Giles has joined #privacy 08:29:05 Chair: Guenther Karjoth, Danny Weitzner 08:29:50 robinwilton has joined #privacy 08:30:27 ty rigo 08:30:42 k 08:34:37 ok 08:34:42 it is cold today 08:34:51 may warm up anyway 08:35:11 s/ok// 08:35:14 s/it is cold today// 08:35:18 s/may warm up anyway// 08:36:52 DJW: we need rules on how personal information can be used, need a language on usage control 08:44:21 DJW: there's a sequence of data processing from Collection to Analysis to Usage, which therefore creates multiple *potential* control points. 08:45:22 DJW: In a sense, whether or not the Collection phase is effectively regulated, the Usage phase offers a point at which privacy threats can be mitigated. 08:47:01 AnneAnderson: Relationship between architecture & Minsky's law-govt interaction? 08:47:06 djw: haven't looked in detail ... 08:47:13 ... in some of the work collaborating with colleagues at MIT ... 08:47:18 ... who were Minsky students ... 08:47:27 ... they dragged out all kinds of AI systems from 70s ... 08:47:31 ... formal purpose algebras ... 08:47:35 ... developed 30 years ago ... 08:47:40 ... in line with Minsky view ... 08:47:48 ... there seems to be some resonance between this view ... 08:47:57 ... and more formal approaches from early days of knowledge representation ... 08:48:07 anne: seems like the point of view was the same that everyone has .. 08:48:16 ... to agree to abide by some control mechanisms before they ... 08:48:19 ... can participate in interaction ... 08:48:29 djw: everybody can't agree to everything ... 08:48:37 .. q is what framework can we expect most of us to agree to ... 08:48:46 ... maybe not agree on rules, but on mechanism to evaluate rules ... 08:48:54 anne: criticism of minsky -- lack of flexibility 08:49:05 djw: personal prediction is, will probably never attempt as comprehensive ... 08:49:11 ... a definition of a rule set as P3P attempted ... 08:49:23 lfpau: Have some problems with recommendation ... 08:49:26 ... fundamental ones ... 08:49:33 ... diversity at the usage end ... 08:49:37 ... cultural difference ... 08:49:40 ... differences in law ... 08:49:43 ... it won't work ... 08:49:48 ... also, enforceability? ... 08:50:04 ... if non-respect of rule is in different legislation ... 08:50:06 ... ??? ... 08:50:14 ... accountability tracing information ... 08:50:26 ... if that point is compromised, the whole thing is going under ... 08:50:28 ... concerns ... 08:50:37 djw: not agree on single set of substantive rules ... 08:50:41 ... work on framework ... 08:50:49 ... to attach ourselves to rules we believe we are accountable to ... 08:50:59 ... provide accountability through secure audit mechanisms ... 08:51:04 ... then fall back to legal system ... 08:51:09 ... there are a lot of secure audit techniques ... 08:51:26 ... prepared to sacrifice fair amount of security in order to ... 08:51:32 ... have better accountability and privacy ... 08:51:41 ... mistake to avoid accountability just to protect accountability ... 08:51:50 ... legal & privacy rules might be more important than confidentiality ... 08:52:09 ... may have been a mistake to overemphasize security ... 08:52:20 reconvene at 11:15 08:58:04 rigo has joined #privacy 09:18:03 Giles has joined #Privacy 09:19:08 Frank Wagner, T-Systems T-Identity Protector 09:19:23 Topic: Frank Wagner, T-Systems T-Identity Protector 09:20:14 \me it's me 09:20:16 Danny has joined #privacy 09:20:20 ScribeNick: Giles 09:20:27 s/\me it's me// 09:21:40 robinwilton has joined #privacy 09:23:41 http://www.w3.org/2006/07/privacy-ws/presentations/20-wagner-tip 09:24:41 Helena has joined #privacy 09:25:16 hi giles 09:25:24 :-) 09:26:35 jschallaboeck has joined #privacy 09:26:36 jash has joined #privacy 09:29:18 s/hi giles// 09:29:20 s/:-)// 09:32:07 marit has joined #privacy 09:35:08 Kriegel has joined #privacy 09:35:35 Marit: do we have some ideas on what to standardize in the T-identity protector 09:35:52 xavier has joined #privacy 09:35:57 what are the key questions where engineers can get together and standardize 09:36:16 Frank: we have been thinking about how to realize it, not how to standardize 09:36:25 maybe prime can help with this 09:36:40 Sören Preibusch 09:37:02 s/Sören Preibusch/Sören_Preibusch/ 09:37:20 some scientists have concluded that not all operations are possible on pseudonymized data 09:37:26 is it just the vision? 09:37:28 Frank: Yes 09:38:01 LF PAU: There are a couple of other operators which take privacy protection as a revenue-generating service 09:38:13 recommends that T-Mobile should do the same thing 09:38:23 see ITU papers 09:38:34 be more ambitious - then T-Systems would take it more seriously 09:38:57 Topic: A Privacy Policy Framework – A position paper for the W3C Workshop of Privacy Policy Negotiation 09:39:01 http://www.w3.org/2006/07/privacy-ws/presentations/28-madsen-framework.pdf 09:41:03 (change of agenda) 09:45:54 xavier has left #privacy 09:53:36 Johan_Hjelm 09:53:54 johan hjelm: This is an intriguing picture (the crossover between preference, technology and legislation) 09:53:58 Interesting analysis @ http://www.w3.org/2006/07/privacy-ws/presentations/28-madsen-framework.pdf#page10 09:54:11 but the compromise has to be in the technology in the end 09:54:20 s/johan hjelm/Johan_Hjelm/ 09:54:33 Robin: There is actually a timeline which the diagram does not show 09:55:01 LF PAU: There is a set of tools in the open bodies SLA handbook. 09:55:09 s/LF PAU/LFPau/ 09:55:10 They also show these 3 levels 09:55:18 s/open bodies/OMG/ 09:55:33 The winners in this game are the service providers who manage the SLA's 09:56:02 Robin Wilton: I do actually argue against the application of technology in many cases 09:56:25 we should recognize that in trying to design technology and solutions cross border, we should recognize that in some countries... 09:56:35 everything is left to legislation 09:56:58 whereas in other countries there is a thinner layer of legislation and a thicker layer of best practice 09:57:12 Danny: 09:57:45 1. P3P does have the ability to express preferences in contrast to what Robin said 09:57:59 Robin: it's just not the best tool for the job 09:58:16 in P3P, you can't do it in isolation - you are bouncing it off a service provider 09:58:52 say I want to display different partial identities to different providers, P3P doesn't work 09:59:05 Soren: it's outside the scope of P3P 09:59:19 Giles: APPEL is NOT a W3C standard 09:59:26 s/Soren/Soeren/ 09:59:43 Danny: the semantics of how one would express the usage element in XACML 10:00:08 Robin: defers to Marco 10:00:40 Danny: the syntax in the soap message 10:00:57 Marco: semantics - some preferences expressed by the user - to be carried out by the custodian 10:01:27 P3P can underpin that but it should work in a non-web context. 10:02:28 Robin: the XML snippet is a user using a WS framework and adding his preferences to the initial request 10:03:43 Giles: is it only B2B? 10:03:53 No just a generic mechanism 10:04:11 Ernesto: the architecture reminds me of DRM enforcement 10:04:15 Discussion was about XML snippet on http://www.w3.org/2006/07/privacy-ws/papers/28-madsen-framework/#page5 10:04:21 the custodian comes from an IDM heritage 10:04:27 it supervises the DHP's etc... 10:04:36 it's more or less what happens in DRM 10:04:47 decouple data provider from licence providers and enforcers etc... 10:04:59 But is this model really applicable to IDM and privacy 10:05:02 ? 10:05:08 s/DHP/data handling policy/ 10:05:16 Danny: hold it for later - it's an important question 10:06:45 xavier has joined #privacy 10:07:13 Topic: M. Hondo, T. Nadalin, R. Nagaratnam, M. Nudoh, G. Karjoth, B. Pfitzmann, M. Schunter, Position Paper: Privacy Policies as a Component of Policy-enabled Governance 10:07:17 http://www.w3.org/2006/07/privacy-ws/presentations/11-schunter-governance.pdf 10:08:30 rrsagent, draft minutes 10:08:30 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 10:10:40 rrsagent, please draft minutes 10:10:40 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 10:11:51 rrsagent, please draft minutes 10:11:51 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 10:22:41 John Borking: is what you've presented marketable 10:22:51 Gunther: it's a roadmap not a product 10:23:14 As corporate policy I can't talk about some products 10:23:37 rrsagent, excuse use 10:23:37 I see no action items 10:23:38 rrsagent, excuse us 10:23:38 I see no action items 10:23:41 RRSAgent has joined #privacy 10:23:41 logging to http://www.w3.org/2006/10/17-privacy-irc 10:23:44 What is user-centric 10:23:48 ? 10:23:57 (Soren) 10:24:08 Gunther: means user has control over his data 10:24:59 Robin: it's a question which has ballooned - the processing of data with appropriate control and consent 10:25:05 doens't mean user has to HAVE data 10:25:08 e.g. online banking 10:25:25 bank can make automated payments to 3rd parties without you having their details. 10:25:43 also you might ask your bank to notify you if it's asked to approve a line of credit to you 10:25:52 or if a particularly large sum goes out of your account 10:25:58 the user is in the transaction flow 10:26:13 Danny: the US gov't is in the flow, so you might as well be in it too 10:28:29 Topic: Renato Iannella, Karen Henricksen, Ricky Robinson, A Policy Oriented Architecture for the Web: New Infrastructure and New Opportunities 10:28:34 http://www.w3.org/2006/07/privacy-ws/presentations/05-iannella-policy-oriented-architecture.pdf 10:36:56 Johan has joined #privacy 10:42:15 DISCUSSION 10:42:28 Danny: important points 10:42:42 link between DRM and Privacy policy languages 10:42:55 Relation between privacy expressoin and access control expressoin 10:43:06 user-centric versus user-control 10:43:37 Johan Huelm: The reason that DRM and IDM policies are so similar is that we're working on the same problem 10:43:45 controlled usage rules to content 10:43:54 avoid pitfalls of DRM 10:44:10 there were good reasons not to have W3C do DRM 10:44:18 it emerged in the mobile realm 10:44:33 but the lessons from DRM can be very well applied here - especially the pitfalls 10:44:46 we need to enable the control point not to have a central point of failure 10:45:03 Is DRM usage control or access control? 10:45:09 s/Hjelm 10:45:19 Patricia Charles: in investigating how to support privacy, you look at DRM 10:45:36 users don't like DRM because it violates their privacy and it controls personal decisions 10:45:44 privacy is a decision they make in their own space 10:46:07 Users find DRM complicated 10:46:13 so that needs to be simplified 10:46:29 with networking in p2p, they know who they're networking with 10:46:36 but in commercial environment, they don't 10:46:50 for the applications of the solutions, we have different use-cases 10:46:57 so maybe not a one-fits-all solutoin 10:47:03 it's a very complicated system; 10:47:20 Danny: Relationship between Privacy rules and DRM systems 10:47:25 There are 2 kinds of DRM 10:47:31 access-control oriented 10:47:36 usage-control oriented 10:48:07 the assumption that all the data is out there but what can you do with it 10:48:21 e.g. creative commons 10:48:47 itunes 10:48:53 allows 5 times using 10:49:13 Gunther: usage-control and access-control are the same more or less 10:49:26 usage control just adds more info on which to base the access control decision 10:50:05 Work on privacy technologies has stimulated the access-control community to include purpose and obligatoins 10:50:43 Patricia: you could be using the same usage rights to access or copy something 10:50:48 is that what you mean? 10:50:59 Gunther: usage might be the delegation of rights 10:51:14 can I revoke the rights I give on copies of my data 10:52:01 Soren: we heard a lot about XACML - but I think going back to the first talk - privacy is more than Access Control but now we are focussing only on this 10:52:17 perhaps XACML has storage control etc... 10:52:25 let's not narrow down on Access 10:52:35 Anne: XACML came out of AC world 10:52:50 it has been evolving in many ways to a much more generic policy language 10:52:56 will be presented later 10:53:16 Johan Huelm: Access is just a special case of usage 10:53:38 it's an unfortunate fact of such systems that they have to be complex. 10:54:01 a project called mobilife - analysed how this would impact a system of ambient intelligence 10:54:22 enable user-visualizations so that users were not completely scared away from writing their preferences 10:54:59 Ernesto: Certainly there is a convergence between AC, privacy languages and DRM 10:55:04 but there are differences 10:55:23 Johan has joined #privacy 10:55:28 architecturally - on mobile network, there is a tendency to have all the infrastructure as a service 10:55:48 which could also deal with privacy 10:55:49 Johan has joined #privacy 10:56:05 on fixed network, the client controls 10:56:20 Johan has joined #privacy 10:56:37 so architecturally, are we moving towards a world in which all sides are offered as a service 10:57:11 there are a lot of technicalities in the semantics which are different (e.g. cardinality) 10:57:26 Just for completeness (all deliverables are public): http://www.ist-mobilife.org 10:59:46 Uni of Kuwait: Usage is the end of a chain of acts on personal information 11:00:13 LF Pau: the negotiation aspect may eliminate some of the candidate language features 11:00:45 agents can do a lot of the job that the proposed languages are talking about 11:02:05 jasch has joined #privacy 12:14:11 Johan has joined #privacy 12:18:04 Danny has joined #privacy 12:21:03 xavier has joined #privacy 12:21:43 marit has joined #privacy 12:21:52 tlr has joined #privacy 12:21:55 Giles has joined #privacy 12:22:03 rigo has joined #privacy 12:22:14 Topic: M. Maaser, S. Ortmann, P. Langendörfer, NEPP: Negotiation Enhancements for Privacy Policies 12:22:22 http://www.w3.org/2006/07/privacy-ws/presentations/12-ortmann-negotiation.pdf 12:23:58 rrsagent, excuse us 12:23:58 I see no action items 12:24:01 RRSAgent has joined #privacy 12:24:01 logging to http://www.w3.org/2006/10/17-privacy-irc 12:24:07 rrsagent, please draft minutes 12:24:08 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 12:25:18 ScribeNick: rigo 12:28:30 Kriegel has joined #privacy 12:34:50 jschallaboeck has joined #privacy 12:34:52 jash has joined #privacy 12:34:53 Tschoefennig 12:35:24 Negotiation is good thing to do, but complicated, both location and price was simple 12:35:49 in ?? people tried to model business processes and was never implemented 12:36:05 it can get arbitrarily complicated 12:36:27 the more you have items the more it gets complicated 12:37:13 transport layer guys thought it was too complicated 12:37:20 IKE and TLS 12:37:40 Giles: strategies are exchangeble 12:38:13 s/??/IKE and TLS/ 12:38:25 answer: strategy is hard coded 12:38:37 ..is like a plugin, you can change the plugins 12:39:07 Internet Key Exchange and Transport Layer Security, is what Tscofennig used as example 12:39:07 LFPau, in management science is not like you model negotiation 12:39:17 s/answer:maser:/ 12:39:29 s/answer:/maser:/ 12:39:35 ...one space and other space and each has its utiliy and this is only a search 12:40:10 Guenter: have you looked into WS agreement and such? 12:40:49 answer: we looked into SLA, but not beyond, have looked into using ranges, but considered that some info we want to keep private 12:42:15 xavier has left #privacy 12:42:36 xavier has joined #privacy 12:42:43 Topic: Privacy Negotiations with P3P 12:42:56 http://www.w3.org/2006/07/privacy-ws/presentations/24-preibusch-negotiation-p3p.pdf 12:47:38 s/answer:/maser:/ 12:48:02 Sören_Preibusch == SP 13:05:55 JB: interest in economic background, deferred to general session 13:06:07 ...second what is the blinking light 13:06:45 SP: developed by the Post Worldnet, tech is currently on the market, other pilot permission based mobile marketing... 13:06:54 ...this will be online in more cities 13:07:14 JB: is this not very vulnerable as embedded in paper? 13:07:23 SP: no, special implementation 13:08:00 Tsch: sticking to specific application, have you encountered issues? 13:08:16 SP: interested in privacy and different offers 13:08:54 Tsch: you might have received different award, a lot of app specific semantics. In P3P you care for privacy and ignore app specific attributes 13:09:06 SP: this goes into SLA 13:09:40 Giles: negotiation works with interaction with user, no automatic, is it deliberate simplification? 13:10:45 SP: There can be negotiation support systems, like XPref, then the negotiation support may choose the right contract on my part 13:10:56 Giles: would not work off the shelf 13:11:18 SP: no, we have no way of specifying benefits 13:11:53 ebxml was also mentioned as an example 13:12:02 RW: why not using 13:12:30 SP: Consequence includes human readable explanation... 13:12:56 ...Consequence has to be always in line with the other elements 13:13:27 Topic: Piero A. Bonatti, Flexible and Usable Policies 13:13:40 http://www.w3.org/2006/07/privacy-ws/presentations/16-bonatti-flexible-and-usable.pdf 13:13:51 Piero Bonatti == PB 13:29:02 Final Discussion: 13:29:39 HT: very specific pricing aspects, is it just example 13:30:11 PB; expect the framework be general, but started the example implementation with pricing 13:31:24 LFPau: refer to our PP, agents with reasoning, it is scalable up to 4 Mio users, pragmatic way forward, also can be basis for auction type exchange 13:31:59 PB: Carnegie Mellon had a project on position with filters, jazz, based on Java, confirms feasibility 13:32:08 Prof. Norman Sadeh 13:32:22 Patricia: what does lightweight mean in terms of policy/ontology? 13:32:24 jess 13:33:07 PB: we do not have enough examples to get an idea of complexity, lightweight means some syntactic restriction to limit data complexity 13:33:31 Patricia: lightweight in terms of inference, but no result on data complexity 13:33:41 PB: tried to reduce as much as possible 13:34:55 Radius and Diameter are examples of charging systems with negotiation; SIP Payment using XACML assertions 13:34:56 HT: AAA infrastructure is also heavily used for access control, also IDF work that uses SAML and would be interesting to combine as they produce also rules 13:35:51 LFPau: comment leightweight, it raises an issue, how deep and how wide will interactions with all the parties span which is fundamental for the compliance across jurisdictions e.g. 13:36:24 ...you can branch out and can eliminate some parts, because the inference is implemented, a gain in scope and a gain in span 13:36:41 John: Economic models question from beforehand 13:36:59 SP: have a case study 13:37:08 GK: will be tomorrow in the afternoon 13:37:56 SP: are their alternatives was the starting point, also generic vs specific as a starting point, We have a discrete number of service provides, so no finite matching 13:38:43 ...think of A9.com as highly personalized search engine and if you don't want it you can just use the generic search engine... 13:39:05 ...it seems _the_ approach to reconcile personalization and data protection.. 13:39:40 ...design in a way that users are not disclosed as marginally privacy concerned or not 13:39:55 John: have you also considered lack of transparency of the market? 13:41:09 SP: offerings of the Web are increasing and increasing amount of information of the user, and user wants to know the difference. The service is not the question for commodities, so there are non-functional issues and privacy is one of them 13:42:18 ...sales brokers could cover different services and offer different offers 13:42:51 Ann: ?? 13:43:00 CMU privacy aware search engine: PrivacyFinder, http://search.privacybird.com/?faq=1 13:43:06 MM: could use them on the server side as well 13:43:16 MM: goal is to find an exact value 13:43:47 MM is giving use case 13:43:56 MM == Michael Maser 13:44:54 Ernesto: comment: very nice on fine grained position thing, but this is what we have to do... 13:45:15 ...we have the experience with... 13:45:42 ...if you tried the approach with different possibilities, some time the performance goes down... 13:46:06 ...some prefixed would take a way some of the complexity, but in praxis I have doubt, whether this could work 13:46:32 the issue is that if you have too fine grained negotiation, it becomes computationally comples; and his suggestion was to use "blocks" of preferences 13:46:47 HT: performance question: is there a low that we need negotiation per transaction? 13:47:12 LFPau: when you bundle content and service and you end up paying one price for what you want, this is the price 13:48:13 GK: people focus on different areas, negotiation systems, other on language attributes and others and what part shall be standardized and what part should be left open for competition 13:48:21 GK: closing session 14:12:36 Johan has joined #privacy 14:17:35 Anne Anderson: http://www.w3.org/2006/07/privacy-ws/papers/17-anderson-position, http://www.w3.org/2006/07/privacy-ws/presentations/17-anderson-position.pdf 14:17:59 Luis-Francois Pau = LP 14:17:59 Anne Andersson = AA 14:17:59 Danny Weitzner = DW 14:17:59 Günter Karjoth = GK 14:17:59 Rigo Wenning = RW 14:18:00 John Borking = JB 14:18:02 Hannes Tschofenig = HT 14:19:33 DW: Final panel - 3 speakers; after that reflection time; all of you: Raise the most significant issues, which you want to raise tomorrow during the discussion of next steps 14:19:57 xavier has joined #privacy 14:19:57 Topic: Anne Anderson, Sun Position Paper 14:20:03 http://www.w3.org/2006/07/privacy-ws/presentations/17-anderson-position.pdf 14:21:44 jschallaboeck has joined #privacy 14:21:44 jash has joined #privacy 14:22:17 marit has joined #privacy 14:27:57 rrsagent, please draft minutes 14:27:57 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 14:28:55 Jepp 14:29:02 ScribeNick: Johan 14:29:44 s/Jepp// 14:29:48 DW asks how the datastructure is defined (AA answers: It can be RDF 14:30:22 DW: Is there a function to express subclasses? 14:30:35 AA: There is for attributes; it could be generic. 14:30:48 HT: There is a format for location 14:31:00 AA: this was an example only; it does not have to be hierarchical 14:32:01 AA notes that WS-XACML was released last week 14:36:06 DW: That was too fast! don't you have more? 14:37:05 AA: There could e.g. be a way for a system to intersect the requirements with the client capabilities and only give out the required capabilities 14:37:19 RW: How far are you inspired by the client-server model? 14:37:36 RW: Transporting a flow of personal data which has to be augmented by constraints? 14:38:15 RW: For the moment, it looks more like access control than preferences management (a la P3P); there is a big difference in computing terms 14:38:46 AA: Requirements could be for each of the P3P catagories, you could specify which values you require in conjuncition with each type of information access 14:39:25 AA: Another assertion could have a different set of preferences for what you require the service to satisfy in conjunction with a different type of request 14:40:00 AA: One partys requriements could say "I am willing to give you my credit card number IF you delete it within 30 days AND do not give out it to someone else" 14:40:18 and the service could say "I am willing to obligate myself to do this" 14:40:53 LP: Long-time practitioner of constraint based languages; do you know the iLog solution. Has advantage: You incapsulate client control on client level 14:41:17 LP: Large scale in this class of language there is a scalability problem 14:41:33 AA: In conjunction with semantic information you can map it onto the more detailed information when applying 14:41:54 AA: This is for the web services model; the information you publish is only a subset of your total access control 14:42:21 AA: By publishing the minimal set of requirements you can filter out clients which do not want to fulfill this 14:42:40 ??: Doublecheck - this type of language is somewhere between declarative and code 14:42:51 s/??/PieroBonatti/ 14:43:02 Depending on where you place the constraint in the code, it will be used differently 14:43:20 when you write a condition in one place, it will be reasoned about; in another place, it will only be evaluated 14:44:00 AA: XACML core spec does the valuation, by a standard engine, regardless of variables, using the standard datatype 14:44:14 AA: The semantics of negotiation is in the XACML specification 14:44:27 PB: Do I have to write the policy differently? 14:44:52 AA: No, your policy can be the same, e.g. students form universities who have to supply credentials to a bookstore 14:45:25 Topic: Ernesto Damiani Privacy Enhanced Authorizations and Data Handling 14:45:25 http://www.w3.org/2006/07/privacy-ws/papers/31-samarati-privacy-enhanced-authorizations, slides: http://www.w3.org/2006/07/privacy-ws/presentations/31-samarati-privacy-enhanced-authorizations.pdf 14:45:47 Ernesto Damiani = ED 14:57:23 HT: You have to look at the IDF work, since it will cover some of the example; you may want to look on OCG for location-based DRM 14:57:32 ED also mentioned he had a patent on location-based DRM 14:59:22 Repeat: Legislation may force you to do something but it has to be based on the minimum rights of the user; 14:59:40 ... the minimum rights may be soemthing the user does not state for himself, but is externally given 15:03:03 ED: There are many hidden sources of complexity in what we have discussed today 15:05:31 ED: The list of topics in the "conclusion" slide must be taken into account. 15:05:53 ED: There is a risk of a: overstandardizing, b: introducing hidden sources of complexity 15:06:35 HT: Did not understand encryption issue 15:06:49 ED: You want to ask conditions on encrypted data that can be verified 15:06:59 HT: Key assertion in SAML 15:07:30 Topic: Marco Casassa Mont, On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Handling Practices 15:07:30 http://www.w3.org/2006/07/privacy-ws/papers/03-casassa-mont-obligations, slides:http://www.w3.org/2006/07/privacy-ws/presentations/03-casassa-mont-obligations.pdf 15:08:00 Marco Cassassa Mont = MT 15:09:08 s/ MT/MM 15:11:54 Marco Cassassa Mont = MT 15:14:42 s/Maser/Maaser/g 15:16:33 MT stresses that his slides are oversimplifying (slide 17) 15:20:06 HT: What do you mean by "ensure compatibility..." in slide 20 (Requirements 2/2) 15:20:37 Giles has joined #privacy 15:20:55 MT: The state of the art solutions can gather profiles from the end-user; do not design from scratch 15:21:07 HT: Provisioning and single-sign-on are decoupled 15:21:12 MT: More and more integrated 15:21:26 HT and MT note that they have to talk more 15:21:41 MT: The authorization and authentication feeds the provisioning 15:25:34 Giles: What does AA think about obligations in XACML 15:26:04 AA: Almost in policy of events. You could have events as targets, and a mechanism which feeds events into policy evaluation engine 15:26:17 AA: These would be policies targeted for specific types of events 15:26:27 AA: Not an ideal language, but it can be done; like the idea 15:26:49 DW: MT, can you say about concern of subordination to access control? Practical example 15:27:19 MT: Obligation "delete data after period of time". If you do from access control, does not capture event time. 15:27:41 ... simple obligation needs react to purely time-based events, without access to data 15:27:58 ... access control needs access. 15:28:43 Long-haired guy from T-systems: How to prevent server-side negotiaton multipled. If my value is 10, does not match policy, how to prevent server ask me again for some reason? 15:29:04 By doing this, they can investigate the range of my values (and check for completeness) 15:29:24 s/Long-haired guy from T-systems/FrankWagner/ 15:29:27 AA: WOuld check how many requests come from the same user; verify not used as probes, no way of preventing 15:29:46 Xavier: 15:30:12 Soren??: Talking P3P, Prime, standardize - impression, model/paradigm is simple(?). Privacy prefs is not where XACML is working. 15:30:26 s/Soren??/XavierHuysmans/ 15:30:31 s/Xavier:// 15:30:37 Xavier, my mistake 15:30:44 ... e-government is working in XACML already, different model, trusted party (privacy commissioner). 15:31:10 ... afraid thinking in terms of privacy preferences only. Need to take into account data protection officer as well as legislation. 15:31:33 AA: Can include this in the computation, and intersect with CPO requirements again, and meet all three. 15:32:09 ED: When have good privacy prefs, not equivalent to have server policy, conditions as acess control request. 15:32:43 ED: Do we want a mapping on policy and conditions to be evaluated at request; can convert P3P into privacy profile in XACML. 15:33:09 ED: Do we want to evaluate preference or not? The client may never need to evaluate the pferences. Need a mapping. 15:33:32 ED: Mapping from preferences to conditions. If not these mechanisms, why an access control on client side - for what? 15:33:41 AA: Are we answering the question? 15:33:50 XH: No, but it sounds nice 15:34:17 XH: One idea behind egov in belgium, the idea is to reuse data, maximally. Single collection, maximum reuse. 15:34:54 XH: Registry says ok, sources ok, whole architecture in place; but policy of data protection commissioner is only on paper. 15:35:11 ... not enforced. How to put into architecture. 15:35:30 ... thinking of preferences from user perspective, not service provider. 15:35:56 MT: Goverment is not willing to give out data after time. Just matter of tuning policies, prefs. 15:36:03 XH: HOw to make policies sticky? 15:36:37 RW: Translation between preferences and policies - washed away and mangled up every time. 15:36:48 ... Think Marco now understands after Prime disc. 15:37:26 RW: P3P policy gets uploaded, matches with preferences if fulfills. Did not work to evaluate P3P policy against P3P policy - needed APPL. 15:37:52 RW: This is where obligations come in. Can only glue preferences to data, not policy. Upside down. Obvious example: 15:38:22 ... supermarket: Look at price and buy. Now go to supermarket, give cashier your shopping list, see if shopping gets done. 15:38:38 ED: Reverse transformation. Can not make policies sticky, but preferences sticky. 15:39:57 PB: What should be standardized. Look like definiing orginal ontologies. Sticky policies apply to so many things - DRM, location, etc. 15:40:24 PB: Put together more complex things from simple ones. Miss a chance, define e.g. density - number of people in a location. 15:40:55 ... standard becomes global. Can reach without changing. Not currently done. Combinator operators, algorthmically. No algebra of operators. 15:41:27 PB: Benefit - would be according to experience wth protune, put togehter many things and combine, e.g. rules 15:41:49 ... facilitate so many things, e.g. natural language front ends, etc. Composition operators as first class citizens. 15:42:21 AA: It would be nice to be able to define. But realistcally, unlikely that most companies would put in efforts in standardize this, 15:42:35 ... since things are meeting their needs now. Which companeis would adopt, even if standard? 15:42:49 AA: You can think of better langauges, but you have to live with what you have. 15:43:26 DW: 2 critical observations: Something required for interoperability. Minimum set of conditions. 2nd Annes point, some reasonably foreseeable implementation effort. 15:43:37 DW: Framework we have to live in. 15:44:17 HT: Location privacy. Few easy and difficult parts. Easy part is have access control mechanism, simple notion. 15:44:44 ... difficult is to agree on some of the application-specific attributes. Not easy to come up with all potential attributes. 15:45:31 ... Other complicated part is we realize you have to come up with part of carrying location around. Had to look at what SIP could support, since focussed on SIP. 15:45:59 Giles: Great danger in model data itself. Abstract away the concepts of privacy and id management, can be applied to any data. 15:46:25 ... can divide data to sensitive and not sensitive, infinite number of types - infinite amount of work. 15:46:52 Giles: Exensibility is to let implementors in a context take care of that. 15:47:11 DW: Now, thoughts what we have heard during the day. 15:48:24 end of minutes, Danny will take notes in slides. 15:48:43 ============================== 15:48:51 rrsagent, please draft minutes 15:48:51 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 15:49:17 Session on conclusions from the first day, Notes by Günter Karjoth on Danny's PC 15:52:55 ScribeNick: tlr 15:52:56 ... 15:53:07 SoerenPreibusch: Important questions for tomorrow ... 15:53:20 ... what's user-centric? ... 15:53:45 ... maybe in a better position tomorrow to answer that ... 15:54:08 Topic: discussion 15:54:16 xavier: What is beyond the data protection directive? 15:54:23 danny: what do you mean -- internationally, or? 15:54:31 xavier: A lot of what we're talking about is about EU data protection ... 15:54:39 ... in particular if make the context broad enough ... 15:54:46 danny: Marco's slides answered that 15:54:54 ... US policy rules in health and financial services area ... 15:55:04 xavier: data protection vs privacy. What is "privacy" here? 15:55:37 danny: anyone want to nominate requirements beyond OECD fair info practices? 15:56:03 borking: 6 major legal systems in the world. Islamic, socialistic, communist, US, Europe, ... 15:56:11 ... globalization ... 15:56:16 ... difficulty of what's applicable ... 15:56:21 ... standardization? ... 15:56:31 ... it's a way to get certain values and norms accepted on world-wide basis ... 15:56:39 ... might be worthwhile looking into other legal systems ... 15:56:43 ... some ideas might never fit in ... 15:56:51 ... folks in other legal systems are 2/3 of world population ... 15:56:57 ... we might actually find ourselves in minority ... 15:57:07 danny: a lot of the work that has been done is framed by EU and US frameworks ... 15:57:11 ... they define a lot of marketplace ... 15:57:16 ... those have been source of requirements ... 15:57:25 ... question seems to be: Other requirements we're missing? 15:57:29 borking: China? 15:57:44 HelenaLind: re privacy beyond EU regulation -- OECD guidelines are basis in Europe ... 15:58:00 ... purpose of P3P (rigo might chop head off) was to provide protection to non-EU countries ... 15:58:07 ... privacy beyond data protection is user preferences ... 15:58:10 ... real right to be left alone ... 15:58:14 ... who cares about privacy? ... 15:58:17 ... who doesn't? ... 15:58:21 ... what's the difference? ... 15:58:26 ... suggest focus on user preferences ... 15:58:36 ... difference between individuals is individual preferences ... 15:58:41 ... not on legal basis ... 15:58:56 SoerenPreibusch: suggest that name of workshop is focused on ... 15:59:00 ... technology, not meta questions ... 15:59:11 ... appreciate these questions are important, but maybe out of scope ... 15:59:22 ... would like to think about that today we have people from P3P WG ... 15:59:29 ... maybe aligned with the 2nd P3P WS in Kiel ... 15:59:35 ... maybe take up open points that were left open there ... 15:59:44 ... answers now? future directions for development of P3P? ... 15:59:49 ... integrate negotiation or other points? ... 16:00:01 AnneAnderson: Talking about two kinds of policies ... 16:00:07 ... (1) things driven by govt regulation ... 16:00:18 ... do we have tech capability to support supplying minimal set of information ... 16:00:22 ... need to talk about that ... 16:00:32 ... (2) privacy agreements & requirements within closed group ... 16:00:53 ... interactions there could go far beyond what govt requirements are in that context ... 16:01:04 FrankWagner: From poor user's point of view, ... 16:01:15 ... talking about difference ... 16:01:30 ... how to define user profile? ... 16:01:33 ... pre-defined user profiles? ... 16:01:37 danny: easier to implement? 16:01:39 ... yep ... 16:02:08 GuyFromKuwait: different from information privacy ... 16:02:12 ... prof? in Oxford .. 16:02:27 ... excessive interest in policy, languages, technolog y... 16:02:30 ... natural given the title ... 16:02:35 ... but maybe a corner for other issues? ... 16:02:43 ... personal information ... 16:02:45 ... ontologies .... 16:02:58 ... have a paper in canada 2y ago -- how to calculate information in privacy (?) ... 16:03:07 ... other issue -- purpose, nature of purpose, ... 16:03:14 ... non-Internet operations ... 16:03:24 ... private information ewallet ... 16:03:43 ... personal information ethics ... 16:03:50 ... personal information has moral values ... 16:04:18 ... common model for privacy? ... 16:04:35 danny: question I hear from answers is q about breadth of foundation that's needed? 16:04:51 patricia: relationship with DRM ... 16:04:54 ... access usage ... 16:04:56 ... rights ... 16:05:02 ... agency negotiation ... 16:05:22 borking: Is W3C also looking into ambient intelligence? 16:05:28 ... effect on what we're doing here ... 16:05:33 ... what are the findings? ... 16:05:48 rigo: Ubiquitous Web workshop 16:06:00 danny: what do you mean by ambient intelligence? 16:06:01 ... 16:06:05 ubiquitous computing 16:06:11 danny: that's question we had with P3P ... 16:06:18 ... web from a large perspective ... 16:06:21 ... important question ... 16:06:27 ... it's a requirements question ... 16:06:34 ... do we meet the requirements of these environments? ... 16:06:45 xavier: to add to Anne, might be good to just bring sth from FIDIS into discussion ... 16:07:03 ... FIDIS made difference between privacy & data protection as follows ... 16:07:07 ... privacy -- opacity ... 16:07:14 ... data protection accountability ... 16:07:25 ... balance between user and service provider ... 16:07:36 ... right and interest to keep things private ... 16:07:38 ... anonymity ... 16:07:41 ... pseudonymity ... 16:07:46 ... important tools to help user ... 16:07:53 ... data protection as transparency tool ... 16:08:01 ... 16:08:21 danny: understand question now... take it to be: what's the balance between transparency vs. confidentiality? 16:08:29 ... using transparency term as in fair info practices ... 16:08:38 ... lots of these words have cultural connotations ... 16:08:43 ... transparency v opacity is important ... 16:08:56 xavier: in Europe, privacy is diff from data protection 16:09:13 danny: talked in the beginning about relationship between ... 16:09:44 ... access control rules and usage control rules ... 16:09:47 ... common framework? ... 16:09:52 ... commensurate or incommensurate? ... 16:09:58 ... balance? ... 16:10:03 ... what are the different functions? 16:10:16 patricia: negotiation ... 16:10:19 ... consider DRM ... 16:10:24 ... consider ongoing activities, previous work ... 16:10:38 ... how do we want to work / use access rights and usage rights that have been defined in commercial content systems ... 16:10:56 soerenpreibusch: industry focus. What does industry want? 16:11:00 ... we have some industry here ... 16:11:05 ... network companies, content companies ... 16:11:16 ... add to question what needs to be standardised ... 16:11:27 ... what kind of amount needs to be standardized ... 16:11:30 ... what alternatives? ... 16:11:53 xavier: business cases... 16:11:57 ... industry is here ... 16:12:10 ... discuss tomorrow what drives entities like govts or industry companies to implement this kind of tech ... 16:12:46 johan: how do we make sure these things get implemented and used. 16:12:54 xavier: take into account what exists already. 16:13:02 danny: thanks. adjourned 16:13:06 rrsagent, please draft minutes 16:13:06 I have made the request to generate http://www.w3.org/2006/10/17-privacy-minutes.html tlr 16:14:48 xavier has left #privacy 16:24:54 guenter has joined #privacy 16:25:24 xavier has joined #privacy 16:25:30 hello guenter 16:25:36 hello xavier 16:25:42 xavier has left #privacy