07:01:45 <RRSAgent> RRSAgent has joined #pling
07:01:45 <RRSAgent> logging to http://www.w3.org/2008/10/23-pling-irc
07:02:24 <Ashok> Ashok has joined #pling
07:11:29 <karima> karima has joined #pling
07:14:03 <caribou> scribe: CB
07:14:06 <stefanoCrosta> stefanoCrosta has joined #pling
07:14:10 <caribou> scribeNick: caribou
07:14:25 <caribou> Meeting: PLING-primelife joint meeting at TPAC2008
07:14:38 <rigo> rigo has joined #pling
07:15:14 <caribou> topic: introduction
07:15:32 <caribou> Agenda: http://www.w3.org/Policy/pling/wiki/TPAC2008
07:16:09 <caribou> Rigo: there is more and more interest in policy languages
07:16:22 <caribou> ... relations to eGov, social Networks...
07:17:02 <JanS_ULD> JanS_ULD has joined #pling
07:17:04 <caribou> ... we have invited people to present 
07:18:45 <caribou> ... Co-chairs for the PLING are Renato Iannella (NICTA) and Marco Cassasa-Mont (HP)
07:22:19 <caribou> Renato: [starting a round of introductions]
07:25:19 <caribou> Present: Carine Bournez, Jan Camenisch, Karima Boudaoud, Jan Schallaboeck, Frank Wagner, Laurent Bussard, Ashok Malhotra
07:26:41 <caribou> Present+ Lucy Lynch, Stefano Crosta, Gregory Neven, Christian de Sainte Marie, Rigo Wenning, 
07:28:59 <caribou> Present+ Ulrich Pinsdorf, Aleksandra Kuczerawy, Franz-Stefan Preiss, Andreas Matheus, Renato Iannella
07:29:40 <caribou> Renato: [reviewing agenda]
07:31:28 <karima> karima has joined #pling
07:34:36 <caribou> topic: PrimeLife project presentation
07:34:41 <UliPinsdorf> UliPinsdorf has joined #pling
07:35:03 <karima> karima has joined #pling
07:36:48 <caribou> JanC: we want to protect our privacy in our interactions with others, companies, etc.
07:37:49 <renato_> renato_ has joined #pling
07:37:52 <caribou> ... on a computer, traces stay 
07:38:56 <caribou> ... it is too difficult to understand the policies when you go to a website
07:39:14 <caribou> ... you don't want to spend 3hrs to read and understand all the fine-prints
07:40:01 <csma> csma has joined #pling
07:40:21 <caribou> ... we should worry about the data we provide
07:40:50 <caribou> ... and reveal the less 
07:41:21 <caribou> ... PrimeLife look at wikis, social networks, eCollaborations
07:41:33 <caribou> s/look/looks
07:43:04 <caribou> ... there are technologies to minimize the data you give to people
07:43:29 <caribou> ... ready to be used but not often used yet
07:43:58 <caribou> ... Now more technically:
07:45:04 <caribou> ... [example with driver renting a car, getting an insurance]
07:45:37 <caribou> ... in electronic world, digital documents and signatures
07:46:16 <caribou> ... they don't need your birthdate when you rent a car
07:47:08 <caribou> ... we should make some information conditional
07:47:53 <caribou> ... e.g. give them an encrypted version of your data, that would be decrypted only if needed (e.g. if you crash the car)
07:48:06 <caribou> Andreas: in the end , you have to trust someone
07:48:39 <caribou> ... if it's not the car rental, it's the entity that could decrypt
07:49:41 <caribou> JanC: indeed. The first step is to define who I trust for what
07:50:21 <caribou> ... a set of parties have to agree. you want to distribute the trust
07:50:55 <caribou> ... if one is corrupted, the other might not :)
07:51:37 <caribou> ... second step is to define the policy that says when the information can be disclosed 
07:52:19 <caribou> ... if you only use digital signature, you can link information
07:52:39 <caribou> ... so we need anonymous credentials
07:53:33 <caribou> ... ['architecture' description]
07:54:02 <caribou> ... on the service side, we need to change the access control mechanism
07:54:29 <caribou> ... policies are transfered to the user
07:54:46 <caribou> ... in fact the relevant parts
07:55:14 <caribou> ... the user has personal policies about what he/she wants to disclose
07:55:56 <caribou> ... partial identities to unlink information
07:57:31 <caribou> RigoW: enforcement of policies?
07:57:49 <caribou> JanC: Data handling, e.g. after the transaction is done
07:57:59 <caribou> ... delete information
07:58:35 <caribou> ... change of business processes, to avoid using keys like social security number
07:59:47 <caribou> Lalana: what about the proof that you are X ?
08:00:00 <caribou> JanC: I'm getting to credentials 
08:00:32 <caribou> ... [example: prove you are over 18]
08:00:51 <caribou> ... without saying who you are
08:00:59 <caribou> ... nor leave traces
08:01:48 <caribou> ... 1st change: identity is kept secret
08:02:01 <caribou> ... several partial public identities
08:02:36 <caribou> ... e.g. one identity with just my birthdate
08:03:30 <caribou> ... if I need more certified information, I create a new identity
08:03:58 <caribou> ... and for several information, you can mix several identities
08:04:24 <caribou> ... so that you get a certificate with all certified statements
08:04:53 <caribou> ... without needing a new certification
08:06:58 <caribou> Andreas: to avoid the certificates handling at the user's, you can have token services
08:07:48 <caribou> JanS: single point of trust problem
08:09:23 <caribou> ??? : in semantic web area, you can build network of trust with self-signed certificate
08:09:55 <caribou> Lucy: trust is not only on the user side
08:10:53 <caribou> JanC: [wine shop example]
08:11:37 <caribou> ... address is encrypted and only the shipping service can decrypt
08:13:16 <caribou> ... the user is anonymous for the wine shop
08:14:03 <caribou> JanC: [associated workflow]
08:16:06 <caribou> ... if the user disagrees with the service assertion request, she can send a different one to negotiate another one (AC +DHP + obligations)
08:16:52 <caribou> RigoW: how do we make sure that your DHP keeps in sync with the data that travels?
08:18:24 <caribou> JanC: you have to trust that the data is transferred to services that have the same DHP
08:18:48 <caribou> JanS: trust is a key of the pb
08:20:07 <caribou> JanC: in addition to the requirement, you might need to specify which proof you need
08:20:24 <caribou> ... e.g. OECD_passport to prove age > 21
08:23:13 <caribou> ... can use an ontology to decide what matches "OECD_Passport" (e.g. swiss passport, ...)
08:24:16 <caribou> ... Summary: we need DHP, Credential formats
08:24:48 <caribou> ... Privacy prefs/ AC, Obligations, Logging, Matching of policies
08:25:18 <caribou> ... + lots of ontologies (categories of issuers and credentials)
08:26:36 <caribou> ... user interfaces (not too complex)
08:26:52 <caribou> Lalana: do you think a standard policy language would help?
08:27:59 <caribou> JanC: I think the answer is yes
08:28:29 <caribou> GregN: do you mean something that interacts with existing ?
08:28:47 <caribou> Lalana: a Data Handling Policy language
08:29:23 <renato_> Present+ Lalana Kagal
08:29:37 <caribou> CSMA: a policy exchange language
08:30:35 <caribou> Andreas: a language that can be translated in existing languages
08:30:48 <caribou> ... canonical policy
08:31:09 <caribou> RigoW: canonical is another word for complexity
08:31:29 <caribou> ... Semantic Web might be used to match policies
08:31:52 <caribou> CSMA: you need to compare policies
08:32:12 <caribou> ... the Rules Interchange Format does not compare rules
08:32:36 <caribou> ... just transform, so the other end can apply
08:33:35 <caribou> ... the pb is to be able to say if the server policy matches the user desired policy
08:34:24 <caribou> Andreas: not compare them to be identical, but if one is included in the other
08:34:48 <caribou> CSMA: I don't think it's just a question of normal form of the interchange format
08:35:44 <caribou> ... in your execution language you might be able to see if policies match
08:36:34 <caribou> ... I don't think you can do that purely syntactically
08:36:57 <caribou> RigoW: ontologies?
08:37:05 <caribou> CSMA: DL
08:37:33 <caribou> ... OWL DL is the only format that's standardized
08:37:56 <caribou> ... not necessarily sufficient
08:38:14 <caribou> JanC: PrimeLife activities:
08:39:32 <caribou> ... infrastructure, coordination and education
08:39:40 <caribou> ... research
08:40:34 <caribou> JanC: Privacy-enhancing identity management is feasible, let's do it
08:41:19 <caribou> ... project website is primelife.eu
08:41:50 <caribou> [break]
08:43:59 <UliPinsdorf> UliPinsdorf has joined #pling
09:19:53 <renato> renato has joined #pling
09:23:37 <JanS_ULD> JanS_ULD has joined #pling
09:24:11 <renato> W3C Rules Interchange Format (RIF) - Christian de Sainte Marie
09:25:09 <caribou> Topic: W3C RIF presentation
09:26:34 <caribou> CSMA: Interchange with serialization to an XML document
09:27:07 <caribou> ... you have to share a data model of the document, to serialize and deserialize it
09:27:50 <caribou> ... if you have rules related to the document, you want to exchange them with a rule model
09:28:24 <caribou> ... RIF itself is not modelling the data
09:28:46 <caribou> RigoW: how is the RIF document related to the data?
09:29:12 <caribou> CSMA: this is one issue. I'll come to it later again
09:29:48 <caribou> CSMA: there is a use case for rules interchange without it being linked to a document
09:31:04 <caribou> CSMA: you can have a compliance organisation, to check that the rules can be executed
09:32:10 <caribou> CSMA: [example of use case: buyer and seller policies and prefs]
09:32:40 <lkagal> lkagal has joined #pling
09:36:34 <caribou> JanC: did you use XACML?
09:36:48 <caribou> ... as a mapping to an execution language?
09:37:24 <caribou> CSMA: this is the rules model, the format of rules and semantics
09:41:24 <caribou> http://www.w3.org/TR/rif-ucr/#Negotiating_eCommerce_Transactions_Through_Disclosure_of_Buyer_and_Seller_Policies_and_Preferences
09:42:57 <caribou> CSMA: in a business domain, e.g. mortgage industry, they have their own data model, concepts, representations
09:43:09 <caribou> ... they may want to write rules about the data
09:43:45 <caribou> ... representing the semantics and structure of data is different from semantics and representation of rules
09:44:37 <caribou> RigoW: can RIF be used with OWL?
09:44:40 <caribou> CSMA: yes
09:49:02 <caribou> ... rules can be expressed in OWL, but not all the rules really belong to the ontology
09:49:43 <caribou> ... different life cycle, status wrt domain knowledge
09:49:55 <lkagal> lkagal has joined #pling
09:49:56 <caribou> ... rules are not always conceptual
09:51:38 <caribou> CSMA: example from the PrimeLife document
09:52:45 <rigo> +bergamo
09:52:51 <caribou> ... [shows a RIF example of access control policy taken from PRIME]
09:53:12 <rigo> +HarryHalpin
09:53:14 <caribou> ... RIF does not provide a policy language but it can be used to interchange policies
09:54:27 <caribou> ... other applications using other languages can reuse the rules with the same semantics
09:58:07 <caribou> ... people have their own rules format and engine already
09:58:42 <caribou> ... we have 2 backgrounds: 
09:58:58 <caribou> ... the SW needs a rule language to add rules on top of OWL
09:59:12 <caribou> ... rules with formal semantics
10:00:03 <caribou> ... hundreds of rule systems
10:00:13 <caribou> ... including some already in SW
10:00:59 <lkagal_> lkagal_ has joined #pling
10:01:32 <caribou> ... market with business rules
10:02:46 <jca1> jca1 has joined #pling
10:02:59 <lkagal> lkagal has joined #pling
10:05:19 <caribou> CSMA: the super-set approach (designing a language that you can translated to any language) is not practical
10:05:54 <caribou> ... we defined a RIF Core as the overlap between existing models
10:06:08 <caribou> ... and you can extend it to add dialects
10:06:58 <caribou> ... but not knowing which dialects would be needed, it's impossible to agree on a Core
10:07:20 <caribou> ... we now have 2 families, and trying to define the core from that
10:08:13 <caribou> http://www.w3.org/2005/rules/wiki/BLD (Basic Logic Dialect)
10:08:38 <caribou> http://www.w3.org/2005/rules/wiki/PRD (Production Rule Dialect)
10:10:03 <caribou> CSMA: Design principles: not redefining a new rules language
10:10:21 <caribou> ... preserving the semantics when interchanging (from one dialect to another)
10:11:17 <caribou> ... only normative XML Schema 
10:13:03 <lkagal_> lkagal_ has joined #pling
10:24:05 <karima> karima has joined #pling
10:27:09 <caribou> Lalana: if I translate to BLD and you translate to PRD, will we be able to understand?
10:27:19 <caribou> CSMA: syntactic intersection
10:27:53 <caribou> ... e.g. any PRD rule without negation will be BLD
10:28:02 <caribou> s/BLD/BLD-compatible
10:29:36 <caribou> ... a RIF document will not tell you the dialect it is using
10:29:59 <caribou> ... either you find a construct that you don't understand, and then you don't understand the rif document
10:30:21 <caribou> ... or you understand every construct and then you don't care about the dialect 
10:31:41 <JanS_ULD> JanS_ULD has joined #pling
10:34:14 <caribou> CSMA: RIF is a box where you could put your policies, it does not define a policy interchange solution
10:35:03 <caribou> Topic: PLING use cases
10:35:21 <caribou> http://www.w3.org/Policy/pling/wiki/UseCases
10:40:19 <caribou> Renato presents the flickr/virgin mobile real case (http://www.w3.org/Policy/pling/wiki/InterestingCases#Virgin_Mobile_and_Flickr_Photos)
10:40:43 <caribou> Stefano: not all the countries have the same law
10:40:58 <caribou> JanS: it is a matter of awareness
10:41:28 <caribou> ... pb of understanding of the "creative commons" license
10:42:06 <caribou> Harry: there was a clear choice but the user does not understand
10:42:08 <lkagal> lkagal has joined #pling
10:42:52 <caribou> ... if there was some machine-readable semantics, the user could have access to more information automatically
10:43:34 <caribou> Renato: the friend of the person chose the license, not the person herself
10:45:18 <caribou> RigoW: people don't always realize what's implied
10:45:42 <caribou> ... e.g. in social networks, people don't always know they are publishing to the world
10:47:26 <caribou> Carine: we want SN sites designers to be able to offer more flexible choices than just "I publish to the world or I don't"
10:47:52 <caribou> JanS: The context is important
10:48:17 <caribou> ... a policy language has to decide what level we want to reach
10:48:50 <caribou> Renato: expressing the purpose 
10:49:25 <caribou> Andreas: this UC shows that the policy that is in place is not suitable
10:49:50 <caribou> ... the user choose for her friends
10:50:42 <caribou> ... if there is someone else on the picture, the person has her say
10:51:23 <caribou> JanS: it's not much of a technical pb here
10:51:30 <caribou> ... more awareness and legal pbs
10:51:58 <caribou> Greg: from the technical point of view, tagging picture with names is not good for privacy
10:52:20 <caribou> Harry: the ultimate pb are always essentially social
10:52:40 <caribou> ... it's diffcult for legal frameworks to follow
10:53:54 <caribou> ... if this groups produces a policy solution, how do we get users to create solutions using it
10:54:03 <caribou> s/solutions/systems
10:54:33 <caribou> ... browser people don't want to put it in their browsers
10:54:49 <caribou> ... you can imagine how to implement it now
10:55:24 <caribou> ... but the purpose is to push it into the user-browser-server ecosystem
10:56:12 <caribou> Lucy: I was in the widgets group, they were discussing camera access, to tag pictures for geolocation 
10:56:40 <caribou> ... e.g. camera with GPS
10:56:57 <caribou> RigoW: PLING is collecting use cases
10:57:19 <caribou> ... if you can write up a short description, it would be useful
10:57:36 <caribou> ... we will get a converge on what are the most urgent needs
10:59:21 <caribou> Renato presents "The Economist" reuse picture form
11:01:10 <caribou> Renato: they have all questions (place where you want to use it...)
11:02:05 <caribou> Harry: you can't debug because the information is not accessible from the form page
11:02:53 <caribou> [break - reconvene on friday]
11:03:30 <caribou> RRSAgent, make minutes
11:03:30 <RRSAgent> I have made the request to generate http://www.w3.org/2008/10/23-pling-minutes.html caribou
11:36:54 <renato> renato has joined #pling
12:12:10 <pdenning> pdenning has joined #pling
12:17:41 <stefanoCrosta> stefanoCrosta has joined #pling
12:28:25 <renato_> renato_ has joined #pling
12:32:48 <lkagal> lkagal has joined #pling
12:39:53 <renato> renato has joined #pling
12:45:20 <lkagal> lkagal has joined #pling
12:49:31 <oshani> oshani has joined #pling
13:06:04 <pdenning> rrsagent, where am I?
13:06:04 <RRSAgent> See http://www.w3.org/2008/10/23-pling-irc#T13-06-04
13:06:56 <lkagal> lkagal has joined #pling
13:11:33 <stefanoCrosta> stefanoCrosta has joined #pling
13:21:31 <lkagal> lkagal has joined #pling
13:24:03 <oshani> oshani has joined #pling
13:24:27 <pdenning> pdenning has left #pling
13:27:27 <rigo> rigo has joined #pling
13:36:05 <lkagal_> lkagal_ has joined #pling
13:38:12 <lkagal> lkagal has joined #pling
13:40:10 <lkagal> lkagal has joined #pling
13:45:34 <renato> Dinner at 7PM tonight ....meet in the Lobby.....
14:14:17 <oshani> oshani has joined #pling
14:36:19 <lkagal> lkagal has joined #pling
15:03:57 <lkagal> lkagal has joined #pling
15:08:40 <lkagal_> lkagal_ has joined #pling
15:11:52 <lkagal> lkagal has joined #pling
15:14:22 <lkagal_> lkagal_ has joined #pling
15:19:02 <lkagal> lkagal has joined #pling
15:25:41 <lkagal_> lkagal_ has joined #pling
15:31:22 <lkagal> lkagal has joined #pling
15:38:13 <lkagal_> lkagal_ has joined #pling
16:02:37 <renato> renato has joined #pling
16:57:57 <oshani> oshani has joined #pling