07:02:49 RRSAgent has joined #privacy 07:02:49 logging to http://www.w3.org/2006/10/18-privacy-irc 07:03:04 Meeting: Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement 07:03:14 Chair: Guenther Karjoth, Danny Weitzner 07:05:33 Marit will take minutes and send them to rigo and tlr 07:07:19 Topic: Patricia Charlton, Jonathan Teh, Supporting the users’ privacy preferences when sharing personal content 07:07:27 http://www.w3.org/2006/07/privacy-ws/presentations/15-charlton-preferences.pdf 07:10:05 jschallaboeck has joined #privacy 07:20:14 xavier has joined #privacy 07:28:23 Giles has joined #privacy 07:29:05 ?? University of Trento 07:32:27 Topic: Giles Hogben, An open assertion and evidence exchange and query language – requirements and abstract syntax 07:32:33 http://www.w3.org/2006/07/privacy-ws/presentations/14-hogben-assertion-and-evidence.pdf 07:35:08 s/??/Pirelli Giuliano/ 07:40:08 rrsagent, please make this record public 07:54:10 jschallaboeck has joined #privacy 07:59:45 Topics: Jan Camenisch, Thomas Groß, Dieter Sommer, A General Certification Framework with Applications to Privacy-Enhancing Certificate Infrastructures 07:59:51 http://www.w3.org/2006/07/privacy-ws/presentations/09-camenisch-credentials.pdf 08:41:20 xavier has joined #privacy 08:42:15 guenter has joined #privacy 08:45:13 xavier has joined #privacy 08:45:20 guenter has joined #privacy 09:02:50 jschallaboeck has joined #privacy 09:03:24 ScribeNick: rigo 09:03:46 Topic: Makoto Hatakeyama, Hidehito Gomi, Privacy Policy Negotiation Framework for Attribute Exchange 09:03:51 http://www.w3.org/2006/07/privacy-ws/presentations/22-hatakeyama-attribute-exchange.pdf 09:04:07 ScribeNick: jschallaboeck 09:04:49 xavier has joined #privacy 09:07:48 me says will scribe 09:10:58 Topic: Makoto Hatakeyama, Hidehito Gomi, Privacy Policy Negotiation Framework for Attribute Exchange 09:11:32 http://www.w3.org/2006/07/privacy-ws/presentations/22-hatakeyama-attribute-exchange.pdf 09:11:46 I have made the request to generate http://www.w3.org/2006/10/18-privacy-minutes.html tlr 09:12:34 s/me says will scribe// 09:12:44 Giles has joined #privacy 09:18:33 soeren: privacy policy comparison seems to be key element of approach, provide tech details 09:18:59 our approach is only protocol, do not work about policy comparison... 09:19:12 s/our approach/makoto: our approach/ 09:19:14 ... use p3p, compare p3p policies 09:20:58 Rigo: There was a project from nnda around p3p, that use hashed poicies, that were registered wit m.t.... 09:21:08 s/m.t/MITI/ 09:21:16 ... are you using the findings of this project? 09:21:21 Mokoto: no, not aware 09:21:35 s/Mokoto/Makoto/ 09:21:44 ??2: have to consider policy is not the contract... 09:21:56 s/??2/LFPau/ 09:22:19 you cannot define fixed sets, they are oftn changed in the couse of negotiation. 09:22:50 Mokoto: Framework works for mobile carriers. 09:22:55 s/Mokoto/Makoto/ 09:24:31 ??3:in us and european consumer protection laws the question is, what is the consumer reasonably believed 09:24:43 s/??3/Danny/ 09:25:31 AnneAnderson: Are your policies specific to a particular set, do you have different policies for each p3p-option? 09:25:57 Mokoto:It is a complete set of p3p-options. 09:26:16 Hannes Tschofenig, Henning Schulzrinne, Andrew Newton, Jon Peterson, The IETF Geopriv and Presence Architecture Focusing on Location Privacy 09:26:20 s/Mokoto/Makoto/g 09:26:27 http://www.w3.org/2006/07/privacy-ws/presentations/26-tschofenig-geopriv.pdf 09:26:42 Topic: Hannes Tschofenig, Henning Schulzrinne, Andrew Newton, Jon Peterson, The IETF Geopriv and Presence Architecture Focusing on Location Privacy 09:27:23 I have made the request to generate http://www.w3.org/2006/10/18-privacy-minutes.html tlr 09:28:40 http://www.w3.org/2006/07/privacy-ws/presentations/26-tschofenig-geopriv.pdf 09:43:39 Giles has joined #privacy 09:52:25 ??1: what about access control. the mobile terminal will notify terminal... 09:52:33 s/??1/ErnestoDamiani/ 09:52:49 ... access control is the other way around, you need to pose conditions... 09:52:58 ... how does this fit? 09:53:23 Hannes: we sould like to see the end user participate, more of a religious question... 09:53:36 s/sould/should7 09:53:37 s/sould/should/ 09:53:44 ... it would be possible to have the network do the work as well... 09:53:45 s#s/sould/should7## 09:54:50 ??2:why did you not refer to idlf-work? 09:54:57 s/??2/LFPau/ 09:55:10 Hannes: I do not think oma is any simpler... 09:55:28 we tried to talk to them, but the formats are incompatible... 09:55:43 ... look at the standarts, we use sip... 09:56:14 ... their expertise is strong, but there were not a lot of contributions in an ip-based environmet. 09:57:36 Topic: Lalana Kagal, Tim Berners-Lee, Dan Connolly, Daniel Weitzner, Promoting Interoperability between Heterogeneous Policy Domains 09:57:44 http://dig.csail.mit.edu/2006/Talks/1017-w3cws-rein/ 10:14:02 giles: how do you trust the groups (eg. the girlscouts in the example) 10:14:37 Danny: you write the rule, where you specify who to trust. there is no absolute measure of who to trust. 10:16:11 ... with reard to authentication, we have put that out of scope, but we can refer to the existing ones, this is not where our problem is 10:16:42 ... you could always specify, a rule has to be signed by p3p. 10:18:03 ??1: can you also make assertions about devices as opposed to social networks? 10:18:13 s/??1/Patricia/ 10:18:19 Danny: yes. 10:19:29 ... it is an enormous hci-challenge. 10:23:36 Danny: we had to develop a language for privacy rules... 10:24:00 ... because we had to transmit possible changes to the presence server... 10:24:48 ... (on o.m.a.) you have to be very specific, with some of the items in the picture there is a lot of discussions of not using it... 10:25:02 s/Danny/Hannes/ 10:25:18 HT: presence work is often used as is... 10:25:27 ... the difficulties show up, eg. should the endhost really see location. 10:25:39 ...privacy is seen different than OMA and 3GPP 10:26:27 Johan: in OMA they are developing a complete different model, and there is some work need to re-converge 10:27:08 Hannes: There are a number of folks who use O.M.A. in a different way. 10:27:27 Johann: You will have to adress this. 10:28:33 Danny: It will be hard to have a universally accepted policy framework, not obvious and have to pay attention to fragmentation 10:28:33 Danny: it is only to observe that different groups have different sets of requirements. 10:30:09 Danny: We would like to use everything we can from p3p... 10:30:28 ... it would be good if w3c would contribute to ietf. 10:31:41 tlr: proposes to continue this discussion over lunch. 10:33:17 rigo: as a warning: we are talking two paradigms... 10:34:08 ... service offering services ./. preferences on user side. 10:34:41 policies take different sematics than preferences that can be sent forward 10:34:41 Giles: Also look at the difference between protocol and semantics. 10:35:07 Hannes: I can see how Rigos comment would fit into a sip environment... 10:35:39 ... usually you do not talk to a presence you do not know, because it is your (your providers) server. 10:36:04 ... often it is said, the work is too complex. 10:36:32 ??1: you have to manage all of this, you cannot stop at the protocollevel. 10:38:02 s/??1/LFPau/ 10:38:34 Giles: Session to be resumed at 13.30 11:32:03 Kriegel has joined #privacy 11:36:05 tlr has joined #privacy 11:36:15 Topic: Wrap-up discussion I 11:36:20 ScribeNick: tlr 11:36:30 rrsagent, please draft minutes 11:36:30 I have made the request to generate http://www.w3.org/2006/10/18-privacy-minutes.html tlr 11:43:27 jschallaboeck has joined #privacy 11:44:22 Giles has joined #privacy 11:45:18 xavier has joined #privacy 11:46:45 Summary slides will reside at http://www.w3.org/2006/07/privacy-ws/presentations/summary 11:47:27 danny: Will go through themes that came up repeatedly ... 11:47:34 ... some things need more research ... 11:47:48 ... "what is user-centric" is likely to be interesting, but lengthy ... 11:49:05 ... from several conversations, interest expressed in policy interoperability ... 11:49:14 rigo has joined #privacy 11:49:14 ... mechanisms for expressing mappigs among different policy languages .. 11:49:25 ... mobile environment might have one way for describing these ... 11:49:32 ... other kinds of ubiquitous computing env might have diff policy language ... 11:49:39 ... to express rules over same kind of info ... 11:49:49 ... describe how these kinds of policies relate, so one can reason over them ... 11:50:21 ... to editorialize, either there's one language, or one needs to talk about fulfilling interop needs between different kinds of policies ... 11:50:30 ... talked about ways in which access control and usage control paradigms relate ... 11:50:36 ... synthesize into common framework? ... 11:50:39 ... subsumption? ... 11:51:00 ... talked about need to express and bundle up user preferences ... 11:51:05 ... have pre-defined sets of preferences? ... 11:51:11 ... have standard way to express these preferences? ... 11:51:25 ... caveat that came up in discussions: ought to be aware of expectations for ... 11:51:34 ... deployment, time horizons, implementaton efforts ... 11:51:43 ... ought to be aware whether talking about s13n with near-term impact ... 11:51:54 ... or whether we're doing work that's way out there and that might be picked up eventually ... 11:52:02 ... seemed to hear preference towards near-term focus ... 11:52:14 ... how do things relate to company priorities ... 11:52:19 ... don't need to debate this .. 11:52:23 ... but it's a theme to keep in mind ... 11:52:42 ... are people generally comfortable with these topics, policy interop, framework, user preferences ... 11:52:47 giles: no updates since this morning? 11:52:54 danny: policy interop was talked about a bit more ... 11:53:00 giles: language for evidence and certification ... 11:53:04 ... but maybe that was my particular topic ... 11:53:10 ... maybe it's not privacy related enough ... 11:53:48 ... that's all part of the use idemix area etc .... 11:53:48 danny: subset of point one, interop between policy languages? 11:53:48 ... in order to have interoperable rule sets, need interoperability of what they operate on ... 11:53:55 giles: could be very specific 11:54:10 ... if it's gonna be done at all, needs work toward that thing alone, not as part of other stuff ... 11:54:33 danny: This doesn't assume how the work get done ... 11:54:37 giles: just mention it 11:55:07 danny: identity assertions? 11:55:09 tlr, rigo, giles: no! 11:55:22 giles: maybe mention idemix; strong relationship 11:55:33 s/no!/no, it's about the evidence that backs these/ 11:55:43 rigo: don't forget what Ernesto said yesterday .... 11:55:57 ... conditions, actions, obligations ... 11:56:12 soeren: bind follow-ups to original scope of workshop ... 11:56:21 ... impression that some of this might be out of scope ... 11:56:31 ... can we re-bind to the initial questions of negotiation and enforcement? 11:56:37 ... make clear how related to the original topics ... 11:56:39 danny: suggestions? 11:56:53 soeren: see language interoperability -- enforcement over a biz process ... 11:57:07 ... if we don't have language interoperability, cannot guarantee privacy enforcement ... 11:57:10 ... over a biz process ... 11:57:17 ... DRM debate -- connection not evident ... 11:57:30 danny: Don't think this proposes to have the DRM debate, but asks whether DRM techniques might be useful ... 11:58:02 soeren: Make concrete what the relationship between privacy and DRM might be. 11:58:08 Danny: Can keep that in mind, good point. 11:58:18 Marco: related to pont 2 (DRM), talked about common framework ... 11:58:23 ... access control, usage control, data handling ... 11:58:28 rigo: This is conditions etc 11:58:31 marco: Framework! 11:58:36 rigo: points 2 and 3 11:58:42 pierangela: ?? 11:59:10 pierangela: data handling as concept is richer than obligations only 11:59:27 borking: struck by word "ontologies" 11:59:37 ... do we have a world ontologies library? 11:59:42 ... make all the ontologies accessible 11:59:44 danny: several 11:59:48 ... we may have too many ... 11:59:52 ... we can talk about it more ... 11:59:57 borking: store them all in a repository ... 12:00:06 danny: will pose as question under point 1 ... 12:00:26 pazzaglia: negotiation was in the workshop title ... 12:00:29 ... negotiation protocol ... 12:00:39 ... negotiation will also need metric ... 12:00:45 danny: negotiation was in the title of the workshop ... 12:00:50 ... we might not have heard so much about it ... 12:01:01 ... this list reflects what we did talk about, not what we should have talked about ... 12:01:05 ... explore negotiation further? ... 12:01:14 ... not obvious that standardization is req on negotiation protocol ... 12:01:27 ... possible to assert that negotiation can emerge on top of standard policy languages ... 12:01:36 ... however, we didn't hear much about it, so we can't conclude a lot ... 12:01:48 pazzaglia: fancy negotiation schemes where you can ask a lot and get agreement ... 12:01:54 ... kind of blue sky attractive ... 12:02:07 ... don't think we might have people to do it ... 12:02:14 danny: "negotiation" under "more research" ... 12:02:35 hannes: commitment to products and implementations for things that take more time ... 12:02:41 ... is tricky ... 12:02:47 danny: negotiation was in scope for original P3P work ... 12:02:53 ... but didn't work out ... 12:03:01 ... tremendous amount of knowledge of this in the ?? community ... 12:03:09 ... that community clearly knows something about it ... 12:03:18 s/??/agent/ 12:03:23 patricia: link up with the agent community 12:03:34 helena: privacy vs user convenience / together with uesr convenience ... 12:03:39 ... as well as privacy and authentication .... 12:03:43 ... is that covered there? ... 12:03:51 ... authentication doesn't always require identification ... 12:03:56 ... put that into the research corner ... 12:04:12 danny: We heard all the work going on in PRIME on privacy-friendly auth{orization,entication} techniques ... 12:04:17 ... relevant? ... 12:04:22 helena: not sure whether more research is needed ... 12:04:25 ... marit? 12:04:27 marit: giles? 12:04:34 danny: one piece of it is standard way of describing evidence ... 12:04:42 giles: that might be enough for today 12:04:49 helena: well, question was what requires more research ... 12:05:04 marit: chunking could be very much of interest, not for standardization ... 12:05:07 ... but for research .... 12:05:09 ... user support ... 12:05:13 ... minimization of requests ... 12:05:18 helena: user convenience, too 12:05:28 danny: research question? 12:05:39 helena: user convenience during data conveyance in combination with privacy. 12:05:47 giles: what's data conveyance? 12:05:53 helena: that's disclosing personal data 12:05:56 giles: vague 12:06:06 helena: thing is that user convenience is incredibly important in mobile world ... 12:06:10 ... constraints ... 12:06:13 ... small screens ... 12:06:16 ... slow devices ... 12:06:21 ... little bandwith ... 12:06:33 ... store info on device, and make it simple to user to fill in forms ... 12:06:44 ... use P3P to do that ... 12:07:15 patricia: authentication techniques could be an example, but shouldn't be the heading ... 12:08:03 borking: economic aspects ... dunno whether possible for W3C to organize special day just to dive into the economic aspects ... 12:08:07 rigo: that's research ... 12:08:15 soeren: support the idea 12:08:19 rigo: DIW to host? 12:08:44 Soeren nods. 12:08:53 Borking: Could also do it in Rotterdam 12:08:57 helena: subject? 12:09:12 borking: what we need to discuss is whether what we're developing is economically viable ... 12:09:23 danny: W3C happy to co-sponsor such an event ... 12:09:26 ... it's important to our work ... 12:09:30 ... but not our main area of expertise ... 12:09:34 ... happy to talk about it ... 12:09:47 soeren: Didn't see a lot on negotiation or economic aspects at this workshop ... 12:09:53 ... need to go deeper into that ... 12:10:01 helena: not questioning the day, just asking what you're envisioning. Clarification. 12:10:05 borking: draft a program ... 12:10:08 ... then limit scope ... 12:10:18 ... more than enough to have a small symposion on the economics ... 12:10:29 giles: question that. PRIME spends a lot of money on that topic 12:10:34 guenther: there's more than prime 12:10:39 borking: PRIME had economics work package ... 12:10:48 ... but they haven't achieved more than describing the borders of the problem ... 12:10:51 ... won't go deeper ... 12:11:05 ... soeren has a lot of material to discuss, deeper than what's in prime ... 12:11:46 ... when there's no proper biz model, things will stay in pockets ... 12:11:52 guenter has joined #privacy 12:11:55 Marit: IST conference in Helsinki, workshop on biz models for identity ... 12:11:59 ... PRIME, FIDIS, OpenTC ... 12:12:10 giles: don't duplicate! 12:12:18 danny: suggest to come back to first three topics ... 12:12:23 ... sure we'll spin out more new questions as we go ... 12:12:32 ... propose to start with first question of policy interoperability ... 12:22:51 jschallaboeck has joined #privacy 12:23:35 rigo has joined #privacy 12:23:46 tlr has joined #privacy 12:24:11 ... things are likely to happen in a variety of diff policy languages ... 12:24:13 ... users gonna have hard time to make choices ... 12:24:16 ... user agents gonna have hard time to present useful information ... 12:24:18 ... data collectors will have hard time knowing they communicate policies ... 12:24:21 ... accurately ... 12:24:23 ... some of this is also the problem how back-ends talk to each other ... 12:24:26 ... several directions ... 12:24:31 ... one is a single language ... 12:24:33 ... I'm personally relatively sceptical about that ... 12:24:36 ... partially institutional reasons, pratially substantive ... 12:24:38 ... promote some degree of greater interoperabiltiy amongst domain-specific ... 12:24:41 ... languages? ... 12:24:43 ... or is there no solution, and we move on? 12:24:46 patricia: there's a number of diff policy languages out there ... 12:24:48 ... many of the domain modeling techniques ... 12:24:51 ... different ... 12:24:53 ... same true for policies ... 12:24:56 ... do we know what those sets of policies are that we can abstract from?... 12:24:58 ... thinking a bit in line with work that came from Sun ... 12:25:01 ... Robin's table ... 12:25:03 ... guessing that's the very first step ... 12:25:06 ... some big steps before that ... 12:25:08 ... inventory and analysis of policy languages ... 12:25:11 ... which we have today and of which we might want interop ... 12:25:13 soeren: join skepticism about unified language ... 12:25:16 ... clarifying interfaces between languages would be big step forward ... 12:25:18 djw: anne? 12:25:21 anne: There are cleary some things xacml doesn't do, due to lack ... 12:25:23 ... of formal semantic framework ... 12:25:26 ... found self thinking "XACML can do that" when listening to other presentations ... 12:25:29 djw: how would xacml approach reasoning over P3P policy language and geopriv language? 12:25:32 anne: mapping between the two? 12:25:34 djw: trying to give scenario 12:25:37 ... run a web site ... 12:25:39 ... has a p3p policy ... 12:25:42 ... you have a user agent, a browser ... 12:25:44 ... with some preferences ... 12:25:47 ... it will evaluate preferences against browser ... 12:25:49 ... now take the browser and its preferences on mobile device ... 12:25:52 ... mobile device also ships location information to me ... 12:25:54 ... assume that information includes the name ... 12:25:57 ... I'm able to get that information ... 12:25:59 ... now, I have your name, that I didn't have before ... 12:26:02 ... inferring things about geopriv policy language that I don't know ... 12:26:04 ... assume it has a way to say "collect your name, don't" ... 12:26:07 ... is there a way to express geopriv and p3p in my browser, and learn whether my p3p prefer$ 12:26:10 anne: ontology? 12:26:12 ernesto: exactly what I meant yesterday, preferences to conditions ... 12:26:15 danny: trying to get to specific question how xacml will deal with things ... 12:26:17 ernesto: in this scenario, xacml is target language ... 12:26:20 ... xacml will have the access conditions to data ... 12:26:22 ... preferences don't state this in generic declarative way ... 12:26:25 ... so not enforcable as such ... 12:26:27 ... could those be enforced by translating ... 12:26:30 danny: not asking enforcement question, but reasoning question 12:26:33 ... what I heard from Anne ... 12:26:35 ... is that if there is ontology that links two languages ... 12:26:37 ... then xacml interaction (??) ... 12:26:40 anne: what P3P calls a name includes more things .... 12:26:42 ... that might be a subset of what another language calls a name ... 12:26:45 ... not trivial ... 12:26:47 hannes: example explained well what the problem is ... 12:26:50 ... usage scenarios are different ... 12:26:52 ... so you see where mapping would take place ... 12:26:57 danny: how are they different? 12:27:00 hannes: focusing on SIP-based presence environment ... 12:27:02 .. XACML wouldn't fit there, either ... 12:27:05 danny: why? 12:27:10 hannes: in HTTP case, it was somewhat difficult to extend SIP-ased mechanisms ... 12:27:13 ... of course, possible to extend everything .. 12:27:15 ... can do whatever you want ... 12:27:18 s/prefer$/preferences have been respected .../ 12:27:20 ... need more investigation before can say whether it makes sense to combine things ... 12:27:23 ... and align them ... 12:27:26 See http://www.w3.org/2006/10/18-privacy-irc#T12-27-23 12:27:28 pazzaglia: ??? is one of worst ideas we had in recent years ... 12:27:31 rrsagent, bookmark 12:27:31 See http://www.w3.org/2006/10/18-privacy-irc#T12-27-31 12:27:33 ... event time based trigger not expressible in xacml? ... 12:27:36 rrsagent, bookmark? 12:27:36 See http://www.w3.org/2006/10/18-privacy-irc#T12-27-36 12:27:38 rrsagent, please draft minutes 12:27:38 I have made the request to generate http://www.w3.org/2006/10/18-privacy-minutes.html tlr 12:27:41 ... access control perspective ... 12:27:46 ... developed ontology, kind of ... 12:27:48 ... enter information ... 12:27:51 ... to the first point ... 12:27:56 ... don't know evolution of xacml ... 12:27:58 ... some 200 functions ... 12:28:01 ... data type ... 12:28:03 ... if we go to ontology, also need to consider functions ... 12:28:06 ... if we want to express what you said, will be difficult, but not impossible ... 12:28:09 ... go for thnking of ontologies mapping ... 12:28:14 tlr has changed the topic to: http://www.w3.org/2006/10/18-privacy-minutes 12:28:19 giles: isn't solution to this point what you presented this morning, Rein? 12:28:22 danny: don't know 12:28:24 giles: It's one solution to that exat problem 12:28:27 s/exat/exact/ 12:28:32 danny: given certain conditions, yes 12:28:41 giles: start from scratch with Rein or do what has community? 12:28:54 hannes: Trying to see how xacml fits locational presence ... 12:29:02 ... possible to describe conditions and actions ... 12:29:05 ... not a big deal ... 12:29:13 ... event stuff that was previously mentioned goes beyond access control ... 12:29:17 ... requires concept of what do with SIP ... 12:29:24 ... when tying geopriv and SIP ... 12:29:28 ... presence information ... 12:29:37 ... in generic HTTP/web environment, it becomes more difficult ... 12:29:46 ... how to send messages? ... 12:29:57 ... problem not that things don't work ... 12:30:06 ... with some of the mechanisms, it's (from IETF point of view) ... 12:30:18 ... tried to get XACML into picture couple years ago; push-back ... 12:30:30 ... presence work moving forward and being deployed ... 12:31:02 ... operator preferences when deploying ... 12:31:28 anne: If you want to reason across policies, XACMl isn't what you need ... 12:31:36 ... different abstraction level ... 12:31:54 ... talking about different things here ... 12:32:06 ... specific languages ... 12:32:20 ... how can we reason over communities of languages is different problem, and requires different way of expressing it ... 12:32:34 danny: We have two sets of questions here ... 12:32:50 ... one is, is there a reason to do a broader privacy & access control lang for web ... 12:32:55 ... or for some communities on the web ... 12:33:02 ... the other is, how do we deal with language interop isues ... 12:33:10 ... second question is in a way more fruitful ... 12:33:17 ... communities go off and do what they do ... 12:33:26 ... if they think their interop reqs are minimal ... 12:33:30 ... lightweight ... 12:33:36 ... but also allow to fulfill interop requirements ... 12:33:45 rigo: specific question; came up in PRIME ... 12:33:49 ... protocol paradigm ... 12:34:00 ... over years of P3P work, saw misunderstanding again and again ... 12:34:05 ... Ernesto said "it's a target language" ... 12:34:11 ... expressiveness is a function of protocol ... 12:34:17 ... If I use a p3p protocol ... 12:34:28 ... ask service, draw policy, policy says what service does ... 12:34:33 ... one reason for workshop is change of paradigm ... 12:34:44 ... sending data to service, expect service to follow rules sent along with data ... 12:34:48 ... "destroy it", things like that ... 12:34:51 ... these are a bit different ... 12:34:58 ... different from privacy perspective from what we've done so far ... 12:35:18 ... big question that came up is whether can push data with xacml ... 12:35:30 ... give capabilities, get access .. 12:35:33 ... client/server thing ... 12:35:38 ... look at data handling paradigm ... 12:35:46 ... some web services, acting peer-to-peer ... 12:35:55 ... make sure that handling of data item follows rules that were stipulated before ... 12:35:59 ... xacml semantics in this case? 12:36:04 ... orthogonal to protocol? 12:36:08 ... dependent on protocol? 12:36:24 ... might need sth else/more ... 12:36:33 ... XACML major target language of that kind of system ... 12:36:36 ... anne? 12:36:41 anne: Really want to apologize ... 12:36:47 ... not a theoretical language person ... 12:36:53 ... for your question ... 12:37:04 ... there is at least one ongoing effort to use XACML in association with data ... 12:37:18 ... looked at within trusted computing kind of model ... 12:37:28 ... ensure that all access goes through policy ... 12:37:35 ... it's not "can XACML do this"? 12:37:48 ... but how is it used? What's the security model? 12:37:51 ... XACML only a tool ... 12:37:55 ... only one component ... 12:38:12 guenther: xacml as any other policy language is no more or less than an oracle ... 12:38:28 ... you feed it with credentials, and then it tells you whether access is allowed or not ... 12:38:33 ... maybe with obligations attached ... 12:38:44 hannes: have to think about architecture ... 12:38:54 ... how to attach policy to data ... 12:38:58 ... size consideration ... 12:39:08 ... large xml documents are an issue in mobile world ... 12:39:13 ... have other party online ... 12:39:21 ... different ways to use it ... 12:39:25 ... implement in a proper way ... 12:39:46 ... compiling information in way necessary to get decision ... 12:40:00 (discussion on naming convention) 12:40:14 ... people use in specific way ... 12:40:34 ... might have to reconsider a few aspects ... 12:40:40 gka: deployment question vs. language question 12:40:44 hannes: protocol question ... 12:40:45 Giles has joined #privacy 12:40:54 gka: differentiate between language as defined by oasis and possible deployments ... 12:40:54 or possible deployment of that language 12:41:02 ScribeNick: Giles 12:41:20 marco: it can also be a language issue if you cannot describe the right events to give an answer 12:41:22 thanks giles for taking over scribing for a bit 12:41:32 it can be not just based on accesses but other events 12:41:38 you provide a set of attributes 12:41:52 if these attributes encode all the right kind of information, then you are happy with XACML 12:42:21 marco: even data sitting on an enterprise platform needs to be referred to by policies which need to be enforced all the time 12:42:28 even when data is just sitting there 12:42:35 Danny: Wrapping up where we are 12:42:41 there are 2 states 12:43:05 1. an app uses the pol lang that is an empirical qn which every environment will make locally 12:43:24 where that's not possible, for whatever reason, some data abstraction is required 12:43:36 ontologies unify different statements from different languages 12:43:58 nobody suggests that we would make progress towards an uber rule language 12:44:17 Would it be useful for the W3C policy interest group to bring the communities together 12:44:29 Patricia's suggestion to do a survey of languages out there 12:44:34 who is interested in that 12:45:08 it would be useful for that group 12:45:13 ScribeNick: tlr 12:45:19 ... might be relevant to RIF group ... 12:45:25 ... that's going on in W3C ... 12:45:30 ... work on WS-Policy? 12:45:32 rigo: yes 12:45:34 jschallaboeck has joined #privacy 12:45:37 danny: work in WS space that's relevant ... 12:45:46 ... useful to have point of contact between that group and policy people here ... 12:45:54 rigo: semantic web services relevant as well .. 12:46:10 ... interest group ... 12:46:21 djw: to translate, IG is a group that gets together, with relatively minimal support ... 12:46:30 ... but group doesn't have charter to produce formal specs ... 12:46:35 ... but can produce documents that get reviewed ... 12:46:43 ... place to continue conversation in a focused way ... 12:47:07 ??: looking at 5, 6, 7 in research points list ... 12:47:14 danny: let's finish point 1 ... 12:47:19 xavier has joined #privacy 12:47:24 interest in such a thing - patricia, soren, 12:47:30 ... had two specific recommendation ... 12:47:42 ... standard language for evidence ... 12:47:46 ... john on ontology discovery ... 12:47:52 ... giles, want to say anything about this aspect ... 12:47:55 giles: evidence stuff? 12:48:01 ... I said a lot in my talk ... 12:48:11 ... but for anonymous credentials, it's certainly important ... 12:48:21 ... emphasize importance of separating evidence and assertions ... 12:48:26 ... they have been mixed up badly in the past ... 12:48:30 ... as soon as you factor out trust ... 12:48:35 ... then it creates a lot more power ... 12:48:44 ... can have the same assertion, but different kinds of evidence ... 12:48:50 ... bring reputation, community, idemix, what have you ... 12:48:56 ... then there's aspect of user friendliness ... 12:49:11 danny: ongoing discussion in semantic web community ... 12:49:22 ... whether to standardize foaf ... 12:49:30 ... or some other ontology for describing attributes ... 12:49:36 ... names, relationships ... 12:49:44 giles: describe trust, mechanisms to evaluate trust ... 12:49:48 ... who said what about who? ... 12:50:07 danny: interesting area ... 12:50:14 ... it's the kind of thing that could profit from informal community ... 12:50:21 ... don't wanna use the word standard ... 12:50:27 ... foaf has evolved in bottom-up way ... 12:50:38 ... other lightweight id technologies that need same set of tools ... 12:50:43 ... same sort of consensus on terms ... 12:50:46 ... and types of data ... 12:50:49 giles: metalanguage 12:50:51 danny: yeah 12:51:01 giles: starting point could be paper by Dieter and Giles ... 12:51:08 ... ontology sketch ... 12:51:15 danny: possible use for a policy interest group ... 12:51:23 ... boil a paper down into what could be outlines for a tech spec ... 12:51:27 ... get review of it ... 12:51:33 ... way to get feed-back from immediate community ... 12:51:38 ... get people to help ... 12:51:42 giles: interested in doing that ... 12:51:46 ... maybe not in three weeks ... 12:51:57 soeren: different experts in different languages ... 12:52:03 ... bringing these together might be healthy ... 12:52:17 danny: sensing that people are leaving ... 12:52:19 ... almsot 3pm ... 12:52:29 ... break scheduled at 3:15 ... 12:52:32 rigo: break now? 12:53:09 break 13:19:21 jschallaboeck has joined #privacy 13:20:04 meeting reconvenes 13:20:08 Giles has joined #privacy 13:20:12 Danny: We can consider #1 wrapped up ... 13:20:21 ... record identities of everybody interested in the Interest Group ... 13:20:57 hannes: W3C membership considerations? 13:21:01 danny: open for discussion 13:21:19 xavier has joined #privacy 13:21:34 ... suggest PFIG ... 13:22:18 ... interested: Patricia, Anne, Piero, Giles, Renato, Hannes, Marco, Pierangela, Jean-Christophe Pazzaglia, 13:22:25 ... Marit ... 13:22:33 ... Sören ... 13:22:48 ... Xavier ... 13:22:58 ... thanks ... 13:23:09 ... this does not constitute the creation of the group ... 13:23:15 ... some process to go through, find chair, etc ... 13:23:18 ... expect to hear back from us ... 13:23:29 ... fact that there's this number of people interested is important sign ... 13:23:35 ... before go into item 2, general point ... 13:23:55 GiulianoPirelli: disability issues ... 13:24:27 ... accessibility ... 13:25:07 ... negotiate how far to give information ... 13:25:19 ... information often asked in very quick way ... 13:25:26 ... sign lots of forms without reading at bank ... 13:25:34 ... membership in group and the like is very important ... 13:25:56 ... include disability info in passport? ... 13:26:11 ... does someone know other group? ... 13:26:15 ... european disability card? ... 13:26:26 danny: useful way to record is as a use case ... 13:26:31 ... for preferences and usage rules ... 13:26:44 ... use case that want to make sure is satisfied ... 13:27:01 Giuliano: ??? 13:27:09 giles: Not relevant to topic. 13:27:11 ... this is about policy languages ... 13:27:26 giuliano: language should accept input from other way of taking care of this information ... 13:27:40 tlr: vocabulary requirement? 13:27:48 giuliano: more research. 13:27:55 ... looking for others who might be interested ... 13:28:12 ... language for representing this information ... 13:28:19 rigo: Will go to Geneva tomorrow, ICTSB meeting ... 13:28:27 ... round table of all the major European standardizers ... 13:28:37 ... they have a working group that addresses all kinds of disabilities ... 13:28:45 ... wihch is called DABSIG (?) ... 13:28:50 ... right forum to address these concerns ... 13:28:56 ... addressing disabilities, accessibility ... 13:29:04 ... far beyond the web and the languages we are talking about here ... 13:29:07 ... happy to give reference ... 13:29:11 giuliano: thanks 13:29:48 JanZibuschka: Also relevant to SC27 SGs on identity management and privacy frameworks. 13:30:17 danny: Next of our three topics -- talked yesterday about access control, data handling, usage control ... 13:30:20 guenter has joined #privacy 13:30:23 ... are different, same, overlapping, care about this, ... 13:30:31 ... think that from my standpoint, there is substantive ... 13:30:38 ... functional difference between rules that govern ... 13:30:48 ... access conditions on data, and rules that govern ultimate usage conditions ... 13:30:53 ... say that from a publc policy perspective ... 13:30:57 ... not from rules semantic perspective ... 13:31:10 ... interesting question: how do we see the interaction betw access control expr and usage control expr? 13:31:20 renato: example from rights management perspective ... 13:31:23 ... lots of blurring going on ... 13:31:27 ... from work in edu sector ... 13:31:32 ... want high level licenses ... 13:31:41 ... "you can use this content for all students and staff" ... 13:31:55 ... what's the access control mechanism to ensure that the folk accessing that content are students & staff ... 13:32:03 ... rights license -> low level access control policy ... 13:32:08 ... map together, keep closely aligned ... 13:32:19 ... don't want to stipulate low-level details ... 13:32:22 ... too binding ... 13:32:29 ... separate rights and access control ... 13:32:39 patricia: from our pov (applicationS) ... 13:32:44 ... social networking, sharing, content ... 13:32:56 ... DRM & standards for commercial content, access, usage ... 13:33:00 ... learn from it ... 13:33:11 ... need simplified model to map what the users need ... 13:33:18 ... this goes back to point 1, policy mapping ... 13:33:23 ... at some point, go down to action level ... 13:33:27 ... kind of the way we've used it ...# 13:33:32 ... rather than invent new terminology ... 13:33:35 ... link that we saw ... 13:33:38 ... in terms of usage ... 13:33:42 ... more that can be done ... 13:33:46 ... first step that we did ... 13:33:50 ... enough challenges ... 13:33:54 ... sth we can pull in ... 13:34:17 pierangela: re difference betw drm and dhp ... 13:34:23 ... in drm can put any rules on it ... 13:34:30 ... any rules that I say applies ... 13:34:40 ... when I get songs from itunes, whatever rules are there, enforce ... 13:34:49 ... in b2b context, rules that biz imposes have to be accepted ... 13:35:07 ... but when user sends stuff to business, can't impose arbitrary rules ... 13:35:12 ... some, but not arbitrary ones ... 13:35:16 ... Rigo's supermarket example ... 13:35:22 ... so there's a difference from DRM .. 13:35:40 ... both should be supported .. 13:35:46 ... odn't know whether same language / same rules ... 13:36:04 ... constraints in data handling not related that much to rules, but to data (??) ... 13:36:13 s/odn't/don't/ 13:36:25 renato: just to follow up on that point ... 13:36:28 ... ORDL 2 ... 13:36:31 ... that we're modeling now ... 13:36:41 ... one of things put in there is ability to negotiate betw parties ... 13:36:47 ... so it's not purely that one-way thing ... 13:36:55 ... negotiation can occur ... 13:37:07 ... want to steal someone else's negotiation protocol, if possible ... 13:37:11 ... instead of reinventing our own one ... 13:37:16 ... can we reuse something in the rights management world? 13:37:20 s/steal/use/ 13:37:32 rigo: say: border between drm and data handling blurred -- agree ... 13:37:37 ... but they have common characteristic ... 13:37:45 ... data is released, but you want to continue to control it ... 13:37:54 ... question of how to enforce is the same one ... 13:38:04 danny: let's remind ourselves, access control vs usage control ... 13:38:09 ... it's the case that DRM can cover both ... 13:38:14 ... but they're different ... 13:38:53 ... shift from usage rules to access rules is what gets DRM its bad reputation ... 13:38:57 jash has joined #privacy 13:39:29 ... 13:39:39 pierangela: you say "two kinds of rules, access control and usage" ... 13:39:44 ... usage isn't secondary usage, right? ... 13:39:54 danny: don't mean "usage" in traditional data protection sense ... 13:39:56 anne: examples? 13:40:03 danny: two examples ... 13:40:17 ... you may never use genetic information to make decisions about health insurance coverage ... 13:40:25 ... you may not copy more than one paragraph of this document ... 13:40:32 ... those are both usage rules ... 13:40:40 pierangela: secondary usage control? 13:40:53 ... constraints should I pass to others? 13:41:00 danny: I guess those should be expressed as usage rules ... 13:41:05 pierangela: call secondary usage ... 13:41:11 ... data-handling .... 13:41:19 ... another kind of world with respect to usage rules ... 13:41:30 danny: marco, referred to data handling rules ... 13:41:36 ... not sure what they mean as distinct from other categories ... 13:41:55 pierangela breaks warp barrier, scribe gives up. 13:42:23 pierangela: what I call secondary usage is the policy that goes along with the data ... 13:42:38 danny: from web perspective, reluctant to divide rules in that way ... 13:42:46 ... understand data protection policy purpose for distinguishing betw ... 13:42:52 ... primary and 2dary purpose ... 13:42:56 ... important to express ... 13:43:05 ... but disinclined to condition or qualify that by notion of transfer ... 13:43:11 ... transfer is separate question ... 13:43:19 ... can have secondary usage limitation on initial party ... 13:43:25 pierangela: who is that? ... 13:43:32 danny: the first guy who gets usage ... 13:43:43 pierangela: I give health information to you, and you might have to pass it on ... 13:43:50 ... I might want to further restrict what that other party can do ... 13:43:58 ... not necessarily the same rules that apply to you ... 13:44:07 ... sticky policy .. 13:44:24 danny: happy to call it anything but access control ... 13:44:37 general brawl 13:44:43 piero: support latest point ... 13:44:57 ... don't expect these differences between data handling and access control to affect shape as language ... 13:45:04 ... more relevant to enforcement mechanisms ... 13:45:10 ... pretty relevant to enforcement ... 13:45:20 marco: what was the question to me? 13:45:32 danny: data handling ... but don't need perfect taxonomy ... 13:45:44 marco: what we call data handling in PRIME is obligation stuff ... 13:45:50 ... not really access control & how you use data ... 13:45:54 ... but rather life cycle handling ... 13:46:04 ... data retention is an example ... 13:46:06 ... notification ... 13:46:18 patricia: examples due to usage control, when youhand over to second person, what we'Ve done in system ... 13:46:29 ... using policy model conert to rules, write what else can be done to content when handed over ... 13:46:33 ... forward or copy content ... 13:46:39 ... view, forward to certain environment .... 13:46:42 ... encode into sticky policy ... 13:46:48 ... that's usage of content ... 13:46:52 ... access is already there ... 13:47:07 sören: wonder if there may be usage of data without having access ... 13:47:13 ... relation between access rules and usage rules ... 13:47:41 xavier: makes sense to make difference between first usage and secondary usage ... 13:47:45 ... access control to data ... 13:47:52 ... which entities are allowed to access data ... 13:47:54 ... usage ... 13:47:57 ... user preferences ... 13:48:05 ... if you talk about secondary usage, talking about legislation there ... 13:48:12 ... again, if I draw the parallel with own experience ... 13:48:15 ... in egov ... 13:48:18 ... really have specific regulations ... 13:48:38 .. scientific purposes: even though you have collected data for specific purpose, can do other stuff when anonymizing data ... 13:48:42 ... important to make the difference ... 13:48:46 ... able to talk about other things ... 13:48:54 ... not just usage and access control (??) ... 13:49:00 pierangela: agree on enforcement problem ... 13:49:11 ... specific techniques to make sure policies get enforced ... 13:49:14 ... not just enforcement ... 13:49:27 ... 13:49:41 ... before was talking about secondary usage, but have to correct self ... 13:49:51 ... P3P was known as secondary usage control language ... 13:50:07 ... can't do everything, only some things -- usage controls ... 13:50:12 jschallaboeck has joined #privacy 13:50:19 ... not sure what P3P does, but think it might capture this ... 13:50:31 ... hospital example .. 13:50:50 ... if my data leave the hospital, there should be constraints ... 13:50:58 ... originator control ... 13:51:03 ... all my data should be controlled by me ... 13:51:15 danny: probably explored as far as we need to ... 13:51:35 ... people have talked about diff kinds of rules, and they seemed to fall into these categories ... 13:51:43 ... not sure we need to recognize anything momentous .... 13:51:47 (general brawl again) 13:51:56 ... we have recognized there's more than one ... 13:52:48 xavier: continue discussion about what renato said ... 13:53:12 ... DRM v2 with domains and specs of devices ... 13:53:19 danny: sorry to be rude -- want some time to talk about #3 ... 13:53:27 ... lots of opportunities to talk about what >1 means ... 13:53:39 ... user preferences ... 13:53:49 ... questions raised in the 2 days about whether we need a way to express user preferences ... 13:53:54 .. group them, predefined sets ... 13:54:04 ... comment, suggested direction? ... 13:54:12 patricia: one of the things that have come up from discussion ... 13:54:15 ... ease of use ... 13:54:25 ... lots of complexity ... 13:54:34 ... map things to predefined set for certain set of applications ... 13:54:46 ... other part is getting a privacy model ... 13:54:51 ... in a sense that also maps back ... 13:54:55 ... pertinent to application sets ... 13:55:20 ... unify across different policy languages ... 13:55:25 ... express preferences over these abstractions ... 13:55:36 ... would help with simplifying things from user standpoint ... 13:55:43 xavier: privacy preferences are private info as well ... 13:56:07 ... there may be orgs such as consumer councils that might publish predefined sets ... 13:56:15 ... see that there are languages that are centered on interactions ... 13:56:21 ... like P3P, DRM langs, XACML, ... 13:56:25 s/xavier/soeren/ 13:56:30 ... these don't reveal preferences 13:56:34 rigo: important part of discussion ... 13:56:40 ... perhaps try to conclude ... 13:56:48 ... can we leverage XACML in user preference discussion? 13:56:52 ... what it does, what it doesn't ... 13:56:56 ... important point in workshop ... 13:56:58 ... was important in PRIME ... 13:57:03 ... will be important in other contexts ... 13:57:10 ... mapping ... 13:57:26 Anne: Example for XACML use to express user preferences ... 13:57:43 ... perfectly possible to say "I'm willing to give credit card information if target is in certain domain" ... 13:57:54 ... another one might be "willing to give name, if other party is willing not to pass on info" ... 13:58:03 ... there's question of matching those against what target says it's able to do... 13:58:06 ... that, too, can be expressed ... 13:58:12 ... neither one of these is XACML policy ... 13:58:21 ... expressed using these collections of constraints ... 13:58:25 ... expressing sets of preferences ... 13:58:32 ... combinations of things you're willing to accept ... 13:58:37 ... perfectly possible to express in XACML ... 13:58:48 ... possible for target to express capabilities ... 13:58:56 danny: what do you mean by "not exactly XACML policy"? 13:59:07 anne: It's not possible to match 2 xacml policies in general ... 13:59:16 ... semantics of policies are not something that let you determine that one is subset of another ... 13:59:29 ... but it is possible to match collections of individual constraints that are expressed using the XACML constraint language ... 13:59:40 giles: would say preferences are just another kind of rule ... 13:59:46 ... don't make them into sth special ... 13:59:49 ... difficulty is HCI ... 14:00:08 ... use standards rule language to express query and event and match on this ... 14:00:16 ... then do user-friendly abstraction (which is the hard part) ... 14:00:19 ... been there with P3P ... 14:00:21 ... APPEL ... 14:00:30 ... could have used XPath and added user abstraction ... 14:00:42 danny: we're right at end of our alotted time, co-chair has to leave 14:01:01 s/co-chair/esteemed co-chair/ 14:01:07 esteemed co-chair... 14:01:18 danny: don't think we'll get much further on preferences ... 14:01:23 ... policy interoperability ... 14:01:28 ... hci issues are very real ... 14:01:36 ... semantic and computation closely related to policy inteorp ... 14:01:40 ... come back to that ... 14:01:45 ... gonna suggest that we conclude ... 14:02:04 ... unless anyone has anything that they think should cause co-chair to miss taxi ... 14:02:10 ... thanks to Giles & JRC ... 14:02:13 (applause) 14:02:21 ... also acknowledge Rigo and Thomas who pulled that together ... 14:02:27 (applause) 14:02:34 (applause for chairs) 14:02:51 ... we'll circulate draft summary report, give you opportunity to comment ... 14:03:11 rrsagent, draft minutes 14:03:11 I have made the request to generate http://www.w3.org/2006/10/18-privacy-minutes.html tlr 14:03:33 lkagal has joined #privacy 14:03:38 ... will create list for everyone to circulate report, comments, etc ... 14:03:57 Hi Thomas, thanks for inviting me :) 14:03:59 rigo: would ask whether anyone opposed to being added to list ... 14:04:04 danny: adequate consent 14:04:13 adjourned 14:04:48 noted 14:04:49 rrsagent, please draft minutes 14:04:49 I have made the request to generate http://www.w3.org/2006/10/18-privacy-minutes.html tlr 14:05:07 Kriegel wants to be on the mailing list too 14:05:16 RRSAgent, please draft minutes 14:05:16 I have made the request to generate http://www.w3.org/2006/10/18-privacy-minutes.html rigo 14:10:56 xavier has left #privacy 14:30:32 Kriegel has left #privacy 16:16:53 lkagal has joined #privacy 16:20:24 lkagal has left #privacy