See also: IRC log; Workshop home page; agenda; minutes of day 2
GH: We don't just have folks from the US here, but also Australia, Kuweit, Japan, ... Global audience.
SP: Liked "research has to reach the market" stance. Sometimes, research is done, but not applied.
JJB:
Enormous pockets of interesting knowledge in research institutes and
universities; then ends with a thesis ...
... only makes it into market for a few activists ...
... economics plays an important role in protecting our privacy ...
... haven't discovered the Delta between privacy protection and no privacy
protection ...
PC: ...
people might say "we don't worry" ...
... but if you dig deeper, they are ...
... liability for the information ...
... what emerges in the trend ...
... posting information about other people? ...
... have to take that liability issue on ...
... "just ok" because everybody else does it ...
... as industry, help users do the right thing for themselves and their
social networking? ...
... "company x does it, so it's ok"? ...
... who reads the privacy policy after all? ...
JJB: In
PRIME, also discussion of HCIs ...
... symbols? icons? ...
... reseach done in Karlstad ...
... "not clear enough", people interpret it badly ...
... finding symbols for an area that is subconscious is hard ...
JH: cul de sac
-- won't get there ...
... perceptions are not conscious ...
... different perceptions of privacy in different situations ...
... would have to hit something extremely universal if you were to ...
... design such an icon ...
JJB: Maybe teach people about the symbols, like we teach them about traffic signs?
JH: road environment is extremely constrained
LFP:
Should have listed turn-over generated by ...
... business proper and making information available ...
... and business generated by privacy protection ...
... privacy protection should become economically attractive ...
... Ignoring the economics of it -- you'll be in the same situation.
<rigo> DJW: we need rules on how personal information can be used, need a language on usage control
<robinwilton> DJW: there's a sequence of data processing from Collection to Analysis to Usage, which therefore creates multiple *potential* control points.
<robinwilton> DJW: In a sense, whether or not the Collection phase is effectively regulated, the Usage phase offers a point at which privacy threats can be mitigated.
AA: Relationship between architecture & Minsky's law-government interaction?
DJW:
haven't looked in detail ...
... in some of the work collaborating with colleagues at MIT ...
... who were Minsky students ...
... they dragged out all kinds of AI systems from 70s ...
... formal purpose algebras ...
... developed 30 years ago ...
... in line with Minsky view ...
... there seems to be some resonance between this view ...
... and more formal approaches from early days of knowledge representation
...
AA: seems
like the point of view was the same that everyone has ..
... to agree to abide by some control mechanisms before they ...
... can participate in interaction ...
DJW:
everybody can't agree to everything ...
... question is what framework can we expect most of us to agree to ...
... maybe not agree on rules, but on mechanism to evaluate rules ...
AA: criticism of minsky -- lack of flexibility
DJW:
personal prediction is, will probably never attempt as comprehensive ...
... a definition of a rule set as P3P attempted ...
LFP:
Have some problems with recommendation ...
... fundamental ones ...
... diversity at the usage end ...
... cultural difference ...
... differences in law ...
... it won't work ...
... also, enforceability? ...
... if non-respect of rule is in different legislation ...
... ??? ...
... accountability tracing information ...
... if that point is compromised, the whole thing is going under ...
... concerns ...
DJW: not
agree on single set of substantive rules ...
... work on framework ...
... to attach ourselves to rules we believe we are accountable to ...
... provide accountability through secure audit mechanisms ...
... then fall back to legal system ...
... there are a lot of secure audit techniques ...
... prepared to sacrifice fair amount of security in order to ...
... have better accountability and privacy ...
... mistake to avoid accountability just to protect confidentiality (?)
...
... legal & privacy rules might be more important than confidentiality
...
... may have been a mistake to overemphasize security ...
MH: do we
have some ideas on what to standardize in the T-identity protector...
... what are the key questions where engineers can get together and
standardize
FW: we have
been thinking about how to realize it, not how to standardize ...
... maybe prime can help with this ...
SP: some
scientists have concluded that not all operations ...
... are possible on pseudonymized data...
... is it just the vision?
FW: Yes
LFP:
There are a couple of other operators ...
... which take privacy protection as a revenue-generating service ...
... recommend that T-Mobile should do the same thing ...
... see ITU papers ...
... be more ambitious - then T-Systems would take it more seriously ...
JH: This is an intriguing picture (the crossover between preference, technology and legislation)...
<tlr> Interesting analysis on slide 10
... but the compromise has to be in the technology in the end...
RWL: There is actually a timeline which the diagram does not show
LFP:
There is a set of tools in the OMG SLA handbook...
... They also show these 3 levels ...
... The winners in this game are the service providers who manage the
SLA's...
RWL: I do
actually argue against the application of technology ...
... in many cases we should recognize that in trying to design technology
...
... and solutions cross border, we should recognize that in some
countries...
... everything is left to legislation ...
... whereas in other countries there is a thinner layer...
... of legislation and a thicker layer of best practice
DJW:1. P3P does have the ability to express preferences in contrast to what Robin said
RWL: it's
just not the best tool for the job...
... in P3P, you can't do it in isolation - you are bouncing it off a service
provider...
... say I want to display different partial identities to different
providers, P3P doesn't work ...
SP: it's outside the scope of P3P
GH: APPEL is NOT a W3C standard
DJW: the semantics of how one would express the usage element in XACML
RWL: defers to Marco
RWL: the syntax in the soap message
MCM:
semantics - some preferences expressed by the user - to be carried out by the
custodian ...
... P3P can underpin that but it should work in a non-web context. ...
RWL: the XML snippet is a user using a WS framework and adding his preferences to the initial request
GH: is it only B2B?
RWL: No just a generic mechanism
ED: the architecture reminds me of DRM enforcement
<tlr> Discussion was about XML snippet on slide 5 of Wilton's presentation
ED: the
custodian comes from an IDM heritage...
... it supervises the data handling policy's etc...
... it's more or less what happens in DRM ...
... decouple data provider from licence providers and enforcers etc...
... But is this model really applicable to IDM and privacy?
DJW: hold it for later - it's an important question
JJB: is what you've presented marketable
GKA:it's
a roadmap not a product ...
SP: What is user-centric?
GKA: means user has control over his data
RWL: it's a
question which has ballooned - the processing of data ...
... with appropriate control and consent doens't mean user has to HAVE data
...
... e.g. online banking ...
... bank can make automated payments to third parties without you having
their details. ...
... also you might ask your bank to notify you if it's asked to approve a
line of credit to you ...
... or if a particularly large sum goes out of your account ...
... the user is in the transaction flow ...
DJW: the US govt is in the flow, so you might as well be in it too
DJW:
important points ...
... link between DRM and Privacy policy languages ...
... Relation between privacy expressoin and access control expression ...
... user-centric versus user-control ...
JH: The reason
that DRM and IDM policies are so similar is ...
... that we're working on the same problem...
... controlled usage rules to content...
... avoid pitfalls of DRM ...
... there were good reasons not to have W3C do DRM ...
... it emerged in the mobile realm but the lessons from DRM can be very well
applied here...
... especially the pitfalls ...
... we need to enable the control point not to have a central point of
failure ...
<Danny> Is DRM usage control or access control?
PC: in
investigating how to support privacy, you look at DRM
... users don't like DRM because it violates their privacy and it controls
personal decisions ...
... privacy is a decision they make in their own space ...
... Users find DRM complicated ...
... so that needs to be simplified ...
... with networking in p2p, they know who they're networking with ...
... but in commercial environment, they don't ...
... for the applications of the solutions, we have different use-cases ...
... so maybe not a one-fits-all solution ...
... it's a very complicated system; ...
DJW:
Relationship between Privacy rules and DRM systems...
... There are 2 kinds of DRM ...
... access-control oriented ...
... usage-control oriented ...
... the assumption that all the data is out there but what can you do with it
...
... e.g. creative commons ...
... itunes ...
... allows 5 times using ...
GKA:
usage-control and access-control are the same more or less
... usage control just adds more info on which to base the access control
decision ...
... Work on privacy technologies has stimulated the access-control community
to include purpose and obligatoins
PC: you
could be using the same usage rights to access or copy something
... is that what you mean? ...
GKA:
usage might be the delegation of rights
... can I revoke the rights I give on copies of my data ...
SP: we
heard a lot about XACML - ...
... but I think going back to the first talk - ...
... privacy is more than Access Control ...
... but now we are focussing only on this...
... perhaps XACML has storage control etc...
... let's not narrow down on Access ...
AA: XACML
came out of access-control world...
... it has been evolving in many ways to a much more generic policy
language...
... will be presented later...
JH: Access is
just a special case of usage...
... it's an unfortunate fact of such systems that they have to be complex.
...
... a project called mobilife - analysed how this would impact a system of
ambient intelligence ...
... enable user-visualizations so that users were not completely scared away
from writing their preferences ...
ED:
Certainly there is a convergence between AC, privacy languages and DRM
... but there are differences ...
... architecturally - on mobile network, there is a tendency to have all the
infrastructure as a service ...
... which could also deal with privacy ...
... on fixed network, the client controls ...
... so architecturally, are we moving towards a world in which all sides are
offered as a service ...
... there are a lot of technicalities in the semantics which are different
(e.g. cardinality)...
<Johan> Just for completeness (all deliverables are public): http://www.ist-mobilife.org
SAF: Usage is the end of a chain of acts on personal information
LFP:
the negotiation aspect may eliminate some of the candidate language
features...
... agents can do a lot of the job that the proposed languages are talking
about ...
HT:
Negotiation is good thing to do, but complicated, both location and price was
simple...
... in IKE and TLS people tried to model business processes and was never
implemented ...
... it can get arbitrarily complicated ...
... the more you have items the more it gets complicated ...
... transport layer guys thought it was too complicated ...
GH: strategies are exchangeble
MM:
strategy is hard coded ...
... is like a plugin, you can change the plugins ...
<Johan> Internet Key Exchange and Transport Layer Security, is what Tschofenig used as example
LFP: in management science is not like you model negotiation
??MM: one space and other space and each has its utiliy and this is only a search
GKA: have you looked into WS agreement and such?
MM: we
looked into SLA, but not beyond, have looked into using ranges,...
... but considered that some info we want to keep private ...
JJB:
interest in economic background, deferred to general session
... second what is the blinking light
SP:
developed by the Post Worldnet, tech is currently on the market, ...
... other pilot permission based mobile marketing...
... this will be online in more cities
JJB: is this not very vulnerable as embedded in paper?
SP: no, special implementation
HT: sticking to specific application, have you encountered issues?
SP: interested in privacy and different offers
HT: you
might have received different award, a lot of app specific semantics. ...
... In P3P you care for privacy and ignore app specific attributes ...
SP: this goes into SLA
GH: negotiation works with interaction with user, no automatic, is it deliberate simplification?
SP: There
can be negotiation support systems, like XPref, ...
... then the negotiation support may choose the right contract on my part
...
GH: would not work off the shelf
SP: no, we have no way of specifying benefits
<Johan> ebxml was also mentioned as an example
RW: why not using <Consequence>
SP:
Consequence includes human readable explanation...
... Consequence has to be always in line with the other elements
HT: very
specific pricing aspects, is it just example
PB: expect the framework be
general, but started the example implementation with pricing
LFP:
refer to our PP, agents with reasoning, it is scalable up to 4 Mio users,
...
... pragmatic way forward, also can be basis for auction type exchange ...
PB: Carnegie Mellon had a project on position with filters, jess, based on Java, confirms feasibility
<Johan> Prof. Norman Sadeh
PC: what does lightweight mean in terms of policy/ontology?
<Giles> jess
PB: we do
not have enough examples to get an idea of complexity, ...
... lightweight means some syntactic restriction to limit data complexity
...
PC: lightweight in terms of inference, but no result on data complexity
PB: tried to reduce as much as possible
<Johan> Radius and Diameter are examples of charging systems with negotiation; SIP Payment using XACML assertions
HT: AAA
infrastructure is also heavily used for access control,
... also IETF work that uses SAML and would be interesting to combine as they
produce also rules
LFP:
comment leightweight, it raises an issue, how deep and how wide ...
... will interactions with all the parties span which is fundamental for the
compliance across jurisdictions e.g. ...
... you can branch out and can eliminate some parts, because the inference is
implemented,...
... a gain in scope and a gain in span
JH: Economic models question from beforehand
SP: have a case study
GKA: will be tomorrow in the afternoon
SP: are
there alternatives was the starting point, ...
... also generic vs specific as a starting point ...
... We have a discrete number of service provides, so no finite matching
...
... think of A9.com as highly personalized search engine ...
... and if you don't want it you can just use the generic search engine...
... it seems the approach to reconcile personalization and data
protection..
... design in a way that users are not disclosed as marginally privacy
concerned or not
JJB: have you also considered lack of transparency of the market?
SP:
offerings of the Web are increasing and increasing amount of
information...
... of the user, and user wants to know the difference. ...
... The service is not the question for commodities, ...
... so there are non-functional issues and privacy is one of them ...
... sales brokers could cover different services and offer different
offers
AA: ??
<Johan> CMU privacy aware search engine: PrivacyFinder
MM: could
use them on the server side as well
... goal is to find an exact value
(MM is giving use case)
ED:
comment: very nice on fine grained position thing,...
... but this is what we have to do...
... we have the experience with...
... if you tried the approach with different possibilities, some time the
performance goes down...
... some prefixed would take a way some of the complexity, but in praxis I
have doubt, whether this could work
<Johan> the issue is that if you have too fine grained negotiation, it becomes computationally complex; and his suggestion was to use "blocks" of preferences
HT: performance question: is there a low that we need negotiation per transaction?
LFP: when you bundle content and service and you end up paying one price for what you want, this is the price
GKA:
people focus on different areas, negotiation systems, ...
... other on language attributes and others and what part shall be
standardized ...
... and what part should be left open for competition
... closing session
DJW: how is the datastructure defined?
AA: It can be RDF
DJW: Is there a function to express subclasses?
AA: There is for attributes; it could be generic.
HT: There is a format for location
AA: this was
an example only; it does not have to be hierarchical...
... WS-XACML was released last week...
DJW: That was too fast! don't you have more?
AA: There
could e.g. be a way for a system to intersect ...
... the requirements with the client capabilities and only give out the
required capabilities
RW: How far
are you inspired by the client-server model? ...
... Transporting a flow of personal data which has to be augmented by
constraints? ...
... For the moment, it looks more like access control than preferences
management ...
... (a la P3P); there is a big difference in computing terms
AA:
Requirements could be for each of the P3P catagories, you could specify which
values you require in conjuncition with each type of information access
... Another assertion could have a different set of preferences for what you
require the service to satisfy in conjunction with a different type of
request
... One partys requriements could say "I am willing to give you my credit
card number IF you delete it within 30 days AND do not give out it to someone
else"...
... and the service could say "I am willing to obligate myself to do this"
LFP:
Long-time practitioner of constraint based languages; do you know the iLog
solution. ...
... Has advantage: You incapsulate client control on client level...
... Large scale in this class of language there is a scalability problem
AA: In
conjunction with semantic information you can map it onto the more detailed
information when applying
... This is for the web services model; the information you publish is only a
subset of your total access control
... By publishing the minimal set of requirements you can filter out clients
which do not want to fulfill this
PB: Double
check - this type of language is somewhere between declarative and code
...
... Depending on where you place the constraint in the code, it will be used
differently ...
... when you write a condition in one place, it will be reasoned about; in
another place, it will only be evaluated ...
AA: XACML
core spec does the evaluation, by a standard engine, regardless of variables,
...
... using the standard datatype ...
... The semantics of negotiation is in the XACML specification
PB: Do I have to write the policy differently?
AA: No, your
policy can be the same, ...
... e.g. students form universities who have to supply credentials to a
bookstore
HT: You have to look at the IETF work, since it will cover some of the example; you may want to look on OCG for location-based DRM
ED also mentioned he had a patent on location-based DRM
??: Repeat: Legislation may force you to do
...
... something but it has to be based on the minimum rights of the user;
...
... the minimum rights may be soemthing the user does not state for himself,
but is externally given
ED: There
are many hidden sources of complexity in what we have discussed today
... The list of topics in the "conclusion" slide must be taken into
account.
... There is a risk of a: overstandardizing, b: introducing hidden sources of
complexity
HT: Did not understand encryption issue
ED: You want to ask conditions on encrypted data that can be verified
HT: Key assertion in SAML
MCM stresses that his slides are oversimplifying (in particular slide 17.)
HT: What do you mean by "ensure compatibility..." in slide 20 (Requirements 2/2)
MCM: The state of the art solutions can gather profiles from the end-user; do not design from scratch
HT: Provisioning and single-sign-on are decoupled
MCM: More and more integrated
HT and MCM note that they have to talk more.
MCM: The authorization and authentication feeds the provisioning
GH: What does AA think about obligations in XACML
AA: Almost
in policy of events. You could have events as targets, ...
... and a mechanism which feeds events into policy evaluation engine ...
... These would be policies targeted for specific types of events ...
... Not an ideal language, but it can be done; like the idea
DJW: Marco, can you say more about concern of subordination to access control? Practical example
MCM:
Obligation "delete data after period of time". ...
... If you do from access control, does not capture event time. ...
... simple obligation needs react to purely time-based events, without access
to data ...
... access control needs access.
FW: How to prevent server-side negotiaton multiplied. If my value is 10, does not match policy, how to prevent server ask me again for some reason?
MCM: By doing this, they can investigate the range of my values (and check for completeness)
AA: Would check how many requests come from the same user; verify not used as probes, no way of preventing
XH: Talking P3P, Prime, standardize - impression, model/paradigm is simple(?). Privacy prefs is not where XACML is working.
<Danny> Xavier, my mistake
XH:
e-government is working in XACML already, different model, trusted party
(privacy commissioner).
... afraid thinking in terms of privacy preferences only. Need to take into
account data protection officer as well as legislation.
AA: Can include this in the computation, and intersect with CPO requirements again, and meet all three.
ED: When
have good privacy prefs, not equivalent to have server policy, conditions as
acess control request.
... Do we want a mapping on policy and conditions to be evaluated at request;
can convert P3P into privacy profile in XACML.
... Do we want to evaluate preference or not? The client may never need to
evaluate the pferences. Need a mapping.
... Mapping from preferences to conditions. If not these mechanisms, why an
access control on client side - for what?
AA: Are we answering the question?
XH: No,
but it sounds nice
... One idea behind egov in belgium, the idea is to reuse data, maximally.
Single collection, maximum reuse.
... Registry says ok, sources ok, whole architecture in place; but policy of
data protection commissioner is only on paper.
... not enforced. How to put into architecture.
... thinking of preferences from user perspective, not service provider.
MCM: Goverment is not willing to give out data after time. Just matter of tuning policies, prefs.
XH: How to make policies sticky?
RW:
Translation between preferences and policies - washed away and mangled up
every time.
... Think Marco now understands after Prime disc. ...
... P3P policy gets uploaded, matches with preferences if fulfills. ...
... Did not work to evaluate P3P policy against P3P policy - needed APPEL.
... This is where obligations come in. Can only glue preferences to data, not
policy. Upside down. Obvious example:
... supermarket: Look at price and buy. Now go to supermarket, give cashier
your shopping list, see if shopping gets done.
ED: Reverse transformation. Can not make policies sticky, but preferences sticky.
PB: What
should be standardized. Look like defining orginal ontologies. Sticky
policies apply to so many things - DRM, location, etc.
... Put together more complex things from simple ones. Miss a chance, define
e.g. density - number of people in a location.
... standard becomes global. Can reach without changing. Not currently done.
Combinator operators, algorthmically. No algebra of operators.
... Benefit - would be according to experience wth protune, put togehter many
things and combine, e.g. rules
... facilitate so many things, e.g. natural language front ends, etc.
Composition operators as first class citizens.
AA: It would
be nice to be able to define. But realistcally, unlikely that most companies
would put in efforts in standardize this,
... since things are meeting their needs now. Which companies would adopt,
even if standard?
... You can think of better langauges, but you have to live with what you
have.
DJW: 2
critical observations: Something required for interoperability. Minimum set
of conditions. 2nd Annes point, some reasonably foreseeable implementation
effort.
... Framework we have to live in.
HT:
Location privacy. Few easy and difficult parts. Easy part is have access
control mechanism, simple notion.
... difficult is to agree on some of the application-specific attributes. Not
easy to come up with all potential attributes.
... Other complicated part is we realize you have to come up with part of
carrying location around. Had to look at what SIP could support, since
focussed on SIP.
GH: Great
danger in model data itself. Abstract away the concepts of privacy and id
management, ...
... can be applied to any data. ..
... can divide data to sensitive and not sensitive, infinite number of types
- infinite amount of work. ...
... Exensibility is to let implementors in a context take care of that.
DJW: Now, thoughts on what we have heard during the day.
XH: What is beyond the data protection directive?
DJW: what do you mean -- internationally, or?
XH: A lot
of what we're talking about is about EU data protection ...
... in particular if make the context broad enough ...
DJW:
Marco's slides answered that
... US policy rules in health and financial services area ...
XH: data protection vs privacy. What is "privacy" here?
DJW: anyone want to nominate requirements beyond OECD fair info practices?
JJB: 6
major legal systems in the world. ...
... Islamic, socialistic, communistic, US, Europe, ??? ...
... globalization ...
... difficulty of what's applicable ...
... standardization? ...
... it's a way to get certain values and norms accepted on world-wide basis
...
... might be worthwhile looking into other legal systems ...
... some ideas might never fit in ...
... folks in other legal systems are 2/3 of world population ...
... we might actually find ourselves in minority ...
DJW: a
lot of the work that has been done is framed by EU and US frameworks ...
... they define a lot of marketplace ...
... those have been source of requirements ...
... question seems to be: Other requirements we're missing?
JJB: China?
HL: re privacy
beyond EU regulation -- OECD guidelines are basis in Europe ...
... purpose of P3P (rigo might chop my head off) was to provide protection to
non-EU countries ...
... privacy beyond data protection is user preferences ...
... real right to be left alone ...
... who cares about privacy? ...
... who doesn't? ...
... what's the difference? ...
... suggest focus on user preferences ...
... difference between individuals is individual preferences ...
... not on legal basis ...
SP:
suggest that name of workshop is focused on ...
... technology, not meta questions ...
... appreciate these questions are important, but maybe out of scope ...
... would like to think about that today we have people from P3P WG ...
... maybe aligned with the 2nd P3P WS in Kiel ...
... maybe take up open points that were left open there ...
... answers now? future directions for development of P3P? ...
... integrate negotiation or other points? ...
AA: Talking
about two kinds of policies ...
... (1) things driven by government regulation ...
... do we have tech capability to support supplying minimal set of
information ...
... need to talk about that ...
... (2) privacy agreements & requirements within closed group ...
... interactions there could go far beyond what government requirements are
in that context ...
FW: From poor
user's point of view, ...
... talking about difference ...
... how to define user profile? ...
... pre-defined user profiles? ...
DJW:
easier to implement?
... yep ...
SAF:
different from information privacy ...
... prof? in Oxford ..
... excessive interest in policy, languages, technology...
... natural given the title ...
... but maybe a corner for other issues? ...
... personal information ...
... ontologies ....
... have a paper in canada 2 years ago -- how to calculate information in
privacy (?) ...
... other issue -- purpose, nature of purpose, ...
... non-Internet operations ...
... private information ewallet ...
... personal information ethics ...
... personal information has moral values ...
... common model for privacy? ...
DJW: question I hear from answers is q about breadth of foundation that's needed?
PC:
relationship with DRM ...
... access usage ...
... rights ...
... agency negotiation ...
JJB: Is W3C
also looking into ambient intelligence?
... effect on what we're doing here ...
... what are the findings? ...
RW: Ubiquitous Web workshop
DJW: what do you mean by ambient intelligence? ...
??: ubiquitous computing
DJW:
that's question we had with P3P ...
... web from a large perspective ...
... important question ...
... it's a requirements question ...
... do we meet the requirements of these environments? ...
XH: to add
to Anne, might be good to just bring sth from FIDIS into discussion ...
... FIDIS made difference between privacy & data protection as follows
...
... privacy -- opacity ...
... data protection accountability ...
... balance between user and service provider ...
... right and interest to keep things private ...
... anonymity ...
... pseudonymity ...
... important tools to help user ...
... data protection as transparency tool ...
...
DJW:
understand question now...
... take it to be: what's the balance between transparency vs.
confidentiality?
... using transparency term as in fair info practices ...
... lots of these words have cultural connotations ...
... transparency v opacity is important ...
XH: in Europe, privacy is different from data protection
DJW:
talked in the beginning about relationship between ...
... access control rules and usage control rules ...
... common framework? ...
... commensurate or incommensurate? ...
... balance? ...
... what are the different functions?
PC:
negotiation ...
... consider DRM ...
... consider ongoing activities, previous work ...
... how do we want to work / use access rights and usage rights that have
been defined in commercial content systems ...
SP:
industry focus. What does industry want?
... we have some industry here ...
... network companies, content companies ...
... add to question what needs to be standardized ...
... what kind of amount needs to be standardized ...
... what alternatives? ...
XH:
business cases...
... industry is here ...
... discuss tomorrow what drives entities like governments ...
... or industry companies to implement this kind of technology ...
JH: how do we make sure these things get implemented and used?
XH: take into account what exists already.
DJW: thanks. adjourned