IRC log of pling on 2008-10-23

Timestamps are in UTC.

07:01:45 [RRSAgent]

RRSAgent has joined #pling

07:01:45 [RRSAgent]

logging to http://www.w3.org/2008/10/23-pling-irc

07:02:24 [Ashok]

Ashok has joined #pling

07:11:29 [karima]

karima has joined #pling

07:14:03 [caribou]

scribe: CB

07:14:06 [stefanoCrosta]

stefanoCrosta has joined #pling

07:14:10 [caribou]

scribeNick: caribou

07:14:25 [caribou]

Meeting: PLING-primelife joint meeting at TPAC2008

07:14:38 [rigo]

rigo has joined #pling

07:15:14 [caribou]

topic: introduction

07:15:32 [caribou]

Agenda: http://www.w3.org/Policy/pling/wiki/TPAC2008

07:16:09 [caribou]

Rigo: there is more and more interest in policy languages

07:16:22 [caribou]

... relations to eGov, social Networks...

07:17:02 [JanS_ULD]

JanS_ULD has joined #pling

07:17:04 [caribou]

... we have invited people to present

07:18:45 [caribou]

... Co-chairs for the PLING are Renato Iannella (NICTA) and Marco Cassasa-Mont (HP)

07:22:19 [caribou]

Renato: [starting a round of introductions]

07:25:19 [caribou]

Present: Carine Bournez, Jan Camenisch, Karima Boudaoud, Jan Schallaboeck, Frank Wagner, Laurent Bussard, Ashok Malhotra

07:26:41 [caribou]

Present+ Lucy Lynch, Stefano Crosta, Gregory Neven, Christian de Sainte Marie, Rigo Wenning,

07:28:59 [caribou]

Present+ Ulrich Pinsdorf, Aleksandra Kuczerawy, Franz-Stefan Preiss, Andreas Matheus, Renato Iannella

07:29:40 [caribou]

Renato: [reviewing agenda]

07:31:28 [karima]

karima has joined #pling

07:34:36 [caribou]

topic: PrimeLife project presentation

07:34:41 [UliPinsdorf]

UliPinsdorf has joined #pling

07:35:03 [karima]

karima has joined #pling

07:36:48 [caribou]

JanC: we want to protect our privacy in our interactions with others, companies, etc.

07:37:49 [renato_]

renato_ has joined #pling

07:37:52 [caribou]

... on a computer, traces stay

07:38:56 [caribou]

... it is too difficult to understand the policies when you go to a website

07:39:14 [caribou]

... you don't want to spend 3hrs to read and understand all the fine-prints

07:40:01 [csma]

csma has joined #pling

07:40:21 [caribou]

... we should worry about the data we provide

07:40:50 [caribou]

... and reveal the less

07:41:21 [caribou]

... PrimeLife look at wikis, social networks, eCollaborations

07:41:33 [caribou]

s/look/looks

07:43:04 [caribou]

... there are technologies to minimize the data you give to people

07:43:29 [caribou]

... ready to be used but not often used yet

07:43:58 [caribou]

... Now more technically:

07:45:04 [caribou]

... [example with driver renting a car, getting an insurance]

07:45:37 [caribou]

... in electronic world, digital documents and signatures

07:46:16 [caribou]

... they don't need your birthdate when you rent a car

07:47:08 [caribou]

... we should make some information conditional

07:47:53 [caribou]

... e.g. give them an encrypted version of your data, that would be decrypted only if needed (e.g. if you crash the car)

07:48:06 [caribou]

Andreas: in the end , you have to trust someone

07:48:39 [caribou]

... if it's not the car rental, it's the entity that could decrypt

07:49:41 [caribou]

JanC: indeed. The first step is to define who I trust for what

07:50:21 [caribou]

... a set of parties have to agree. you want to distribute the trust

07:50:55 [caribou]

... if one is corrupted, the other might not :)

07:51:37 [caribou]

... second step is to define the policy that says when the information can be disclosed

07:52:19 [caribou]

... if you only use digital signature, you can link information

07:52:39 [caribou]

... so we need anonymous credentials

07:53:33 [caribou]

... ['architecture' description]

07:54:02 [caribou]

... on the service side, we need to change the access control mechanism

07:54:29 [caribou]

... policies are transfered to the user

07:54:46 [caribou]

... in fact the relevant parts

07:55:14 [caribou]

... the user has personal policies about what he/she wants to disclose

07:55:56 [caribou]

... partial identities to unlink information

07:57:31 [caribou]

RigoW: enforcement of policies?

07:57:49 [caribou]

JanC: Data handling, e.g. after the transaction is done

07:57:59 [caribou]

... delete information

07:58:35 [caribou]

... change of business processes, to avoid using keys like social security number

07:59:47 [caribou]

Lalana: what about the proof that you are X ?

08:00:00 [caribou]

JanC: I'm getting to credentials

08:00:32 [caribou]

... [example: prove you are over 18]

08:00:51 [caribou]

... without saying who you are

08:00:59 [caribou]

... nor leave traces

08:01:48 [caribou]

... 1st change: identity is kept secret

08:02:01 [caribou]

... several partial public identities

08:02:36 [caribou]

... e.g. one identity with just my birthdate

08:03:30 [caribou]

... if I need more certified information, I create a new identity

08:03:58 [caribou]

... and for several information, you can mix several identities

08:04:24 [caribou]

... so that you get a certificate with all certified statements

08:04:53 [caribou]

... without needing a new certification

08:06:58 [caribou]

Andreas: to avoid the certificates handling at the user's, you can have token services

08:07:48 [caribou]

JanS: single point of trust problem

08:09:23 [caribou]

??? : in semantic web area, you can build network of trust with self-signed certificate

08:09:55 [caribou]

Lucy: trust is not only on the user side

08:10:53 [caribou]

JanC: [wine shop example]

08:11:37 [caribou]

... address is encrypted and only the shipping service can decrypt

08:13:16 [caribou]

... the user is anonymous for the wine shop

08:14:03 [caribou]

JanC: [associated workflow]

08:16:06 [caribou]

... if the user disagrees with the service assertion request, she can send a different one to negotiate another one (AC +DHP + obligations)

08:16:52 [caribou]

RigoW: how do we make sure that your DHP keeps in sync with the data that travels?

08:18:24 [caribou]

JanC: you have to trust that the data is transferred to services that have the same DHP

08:18:48 [caribou]

JanS: trust is a key of the pb

08:20:07 [caribou]

JanC: in addition to the requirement, you might need to specify which proof you need

08:20:24 [caribou]

... e.g. OECD_passport to prove age > 21

08:23:13 [caribou]

... can use an ontology to decide what matches "OECD_Passport" (e.g. swiss passport, ...)

08:24:16 [caribou]

... Summary: we need DHP, Credential formats

08:24:48 [caribou]

... Privacy prefs/ AC, Obligations, Logging, Matching of policies

08:25:18 [caribou]

... + lots of ontologies (categories of issuers and credentials)

08:26:36 [caribou]

... user interfaces (not too complex)

08:26:52 [caribou]

Lalana: do you think a standard policy language would help?

08:27:59 [caribou]

JanC: I think the answer is yes

08:28:29 [caribou]

GregN: do you mean something that interacts with existing ?

08:28:47 [caribou]

Lalana: a Data Handling Policy language

08:29:23 [renato_]

Present+ Lalana Kagal

08:29:37 [caribou]

CSMA: a policy exchange language

08:30:35 [caribou]

Andreas: a language that can be translated in existing languages

08:30:48 [caribou]

... canonical policy

08:31:09 [caribou]

RigoW: canonical is another word for complexity

08:31:29 [caribou]

... Semantic Web might be used to match policies

08:31:52 [caribou]

CSMA: you need to compare policies

08:32:12 [caribou]

... the Rules Interchange Format does not compare rules

08:32:36 [caribou]

... just transform, so the other end can apply

08:33:35 [caribou]

... the pb is to be able to say if the server policy matches the user desired policy

08:34:24 [caribou]

Andreas: not compare them to be identical, but if one is included in the other

08:34:48 [caribou]

CSMA: I don't think it's just a question of normal form of the interchange format

08:35:44 [caribou]

... in your execution language you might be able to see if policies match

08:36:34 [caribou]

... I don't think you can do that purely syntactically

08:36:57 [caribou]

RigoW: ontologies?

08:37:05 [caribou]

CSMA: DL

08:37:33 [caribou]

... OWL DL is the only format that's standardized

08:37:56 [caribou]

... not necessarily sufficient

08:38:14 [caribou]

JanC: PrimeLife activities:

08:39:32 [caribou]

... infrastructure, coordination and education

08:39:40 [caribou]

... research

08:40:34 [caribou]

JanC: Privacy-enhancing identity management is feasible, let's do it

08:41:19 [caribou]

... project website is primelife.eu

08:41:50 [caribou]

[break]

08:43:59 [UliPinsdorf]

UliPinsdorf has joined #pling

09:19:53 [renato]

renato has joined #pling

09:23:37 [JanS_ULD]

JanS_ULD has joined #pling

09:24:11 [renato]

W3C Rules Interchange Format (RIF) - Christian de Sainte Marie

09:25:09 [caribou]

Topic: W3C RIF presentation

09:26:34 [caribou]

CSMA: Interchange with serialization to an XML document

09:27:07 [caribou]

... you have to share a data model of the document, to serialize and deserialize it

09:27:50 [caribou]

... if you have rules related to the document, you want to exchange them with a rule model

09:28:24 [caribou]

... RIF itself is not modelling the data

09:28:46 [caribou]

RigoW: how is the RIF document related to the data?

09:29:12 [caribou]

CSMA: this is one issue. I'll come to it later again

09:29:48 [caribou]

CSMA: there is a use case for rules interchange without it being linked to a document

09:31:04 [caribou]

CSMA: you can have a compliance organisation, to check that the rules can be executed

09:32:10 [caribou]

CSMA: [example of use case: buyer and seller policies and prefs]

09:32:40 [lkagal]

lkagal has joined #pling

09:36:34 [caribou]

JanC: did you use XACML?

09:36:48 [caribou]

... as a mapping to an execution language?

09:37:24 [caribou]

CSMA: this is the rules model, the format of rules and semantics

09:41:24 [caribou]

http://www.w3.org/TR/rif-ucr/#Negotiating_eCommerce_Transactions_Through_Disclosure_of_Buyer_and_Seller_Policies_and_Preferences

09:42:57 [caribou]

CSMA: in a business domain, e.g. mortgage industry, they have their own data model, concepts, representations

09:43:09 [caribou]

... they may want to write rules about the data

09:43:45 [caribou]

... representing the semantics and structure of data is different from semantics and representation of rules

09:44:37 [caribou]

RigoW: can RIF be used with OWL?

09:44:40 [caribou]

CSMA: yes

09:49:02 [caribou]

... rules can be expressed in OWL, but not all the rules really belong to the ontology

09:49:43 [caribou]

... different life cycle, status wrt domain knowledge

09:49:55 [lkagal]

lkagal has joined #pling

09:49:56 [caribou]

... rules are not always conceptual

09:51:38 [caribou]

CSMA: example from the PrimeLife document

09:52:45 [rigo]

+bergamo

09:52:51 [caribou]

... [shows a RIF example of access control policy taken from PRIME]

09:53:12 [rigo]

+HarryHalpin

09:53:14 [caribou]

... RIF does not provide a policy language but it can be used to interchange policies

09:54:27 [caribou]

... other applications using other languages can reuse the rules with the same semantics

09:58:07 [caribou]

... people have their own rules format and engine already

09:58:42 [caribou]

... we have 2 backgrounds:

09:58:58 [caribou]

... the SW needs a rule language to add rules on top of OWL

09:59:12 [caribou]

... rules with formal semantics

10:00:03 [caribou]

... hundreds of rule systems

10:00:13 [caribou]

... including some already in SW

10:00:59 [lkagal_]

lkagal_ has joined #pling

10:01:32 [caribou]

... market with business rules

10:02:46 [jca1]

jca1 has joined #pling

10:02:59 [lkagal]

lkagal has joined #pling

10:05:19 [caribou]

CSMA: the super-set approach (designing a language that you can translated to any language) is not practical

10:05:54 [caribou]

... we defined a RIF Core as the overlap between existing models

10:06:08 [caribou]

... and you can extend it to add dialects

10:06:58 [caribou]

... but not knowing which dialects would be needed, it's impossible to agree on a Core

10:07:20 [caribou]

... we now have 2 families, and trying to define the core from that

10:08:13 [caribou]

http://www.w3.org/2005/rules/wiki/BLD (Basic Logic Dialect)

10:08:38 [caribou]

http://www.w3.org/2005/rules/wiki/PRD (Production Rule Dialect)

10:10:03 [caribou]

CSMA: Design principles: not redefining a new rules language

10:10:21 [caribou]

... preserving the semantics when interchanging (from one dialect to another)

10:11:17 [caribou]

... only normative XML Schema

10:13:03 [lkagal_]

lkagal_ has joined #pling

10:24:05 [karima]

karima has joined #pling

10:27:09 [caribou]

Lalana: if I translate to BLD and you translate to PRD, will we be able to understand?

10:27:19 [caribou]

CSMA: syntactic intersection

10:27:53 [caribou]

... e.g. any PRD rule without negation will be BLD

10:28:02 [caribou]

s/BLD/BLD-compatible

10:29:36 [caribou]

... a RIF document will not tell you the dialect it is using

10:29:59 [caribou]

... either you find a construct that you don't understand, and then you don't understand the rif document

10:30:21 [caribou]

... or you understand every construct and then you don't care about the dialect

10:31:41 [JanS_ULD]

JanS_ULD has joined #pling

10:34:14 [caribou]

CSMA: RIF is a box where you could put your policies, it does not define a policy interchange solution

10:35:03 [caribou]

Topic: PLING use cases

10:35:21 [caribou]

http://www.w3.org/Policy/pling/wiki/UseCases

10:40:19 [caribou]

Renato presents the flickr/virgin mobile real case (http://www.w3.org/Policy/pling/wiki/InterestingCases#Virgin_Mobile_and_Flickr_Photos)

10:40:43 [caribou]

Stefano: not all the countries have the same law

10:40:58 [caribou]

JanS: it is a matter of awareness

10:41:28 [caribou]

... pb of understanding of the "creative commons" license

10:42:06 [caribou]

Harry: there was a clear choice but the user does not understand

10:42:08 [lkagal]

lkagal has joined #pling

10:42:52 [caribou]

... if there was some machine-readable semantics, the user could have access to more information automatically

10:43:34 [caribou]

Renato: the friend of the person chose the license, not the person herself

10:45:18 [caribou]

RigoW: people don't always realize what's implied

10:45:42 [caribou]

... e.g. in social networks, people don't always know they are publishing to the world

10:47:26 [caribou]

Carine: we want SN sites designers to be able to offer more flexible choices than just "I publish to the world or I don't"

10:47:52 [caribou]

JanS: The context is important

10:48:17 [caribou]

... a policy language has to decide what level we want to reach

10:48:50 [caribou]

Renato: expressing the purpose

10:49:25 [caribou]

Andreas: this UC shows that the policy that is in place is not suitable

10:49:50 [caribou]

... the user choose for her friends

10:50:42 [caribou]

... if there is someone else on the picture, the person has her say

10:51:23 [caribou]

JanS: it's not much of a technical pb here

10:51:30 [caribou]

... more awareness and legal pbs

10:51:58 [caribou]

Greg: from the technical point of view, tagging picture with names is not good for privacy

10:52:20 [caribou]

Harry: the ultimate pb are always essentially social

10:52:40 [caribou]

... it's diffcult for legal frameworks to follow

10:53:54 [caribou]

... if this groups produces a policy solution, how do we get users to create solutions using it

10:54:03 [caribou]

s/solutions/systems

10:54:33 [caribou]

... browser people don't want to put it in their browsers

10:54:49 [caribou]

... you can imagine how to implement it now

10:55:24 [caribou]

... but the purpose is to push it into the user-browser-server ecosystem

10:56:12 [caribou]

Lucy: I was in the widgets group, they were discussing camera access, to tag pictures for geolocation

10:56:40 [caribou]

... e.g. camera with GPS

10:56:57 [caribou]

RigoW: PLING is collecting use cases

10:57:19 [caribou]

... if you can write up a short description, it would be useful

10:57:36 [caribou]

... we will get a converge on what are the most urgent needs

10:59:21 [caribou]

Renato presents "The Economist" reuse picture form

11:01:10 [caribou]

Renato: they have all questions (place where you want to use it...)

11:02:05 [caribou]

Harry: you can't debug because the information is not accessible from the form page

11:02:53 [caribou]

[break - reconvene on friday]

11:03:30 [caribou]

RRSAgent, make minutes

11:03:30 [RRSAgent]

I have made the request to generate http://www.w3.org/2008/10/23-pling-minutes.html caribou

11:36:54 [renato]

renato has joined #pling

12:12:10 [pdenning]

pdenning has joined #pling

12:17:41 [stefanoCrosta]

stefanoCrosta has joined #pling

12:28:25 [renato_]

renato_ has joined #pling

12:32:48 [lkagal]

lkagal has joined #pling

12:39:53 [renato]

renato has joined #pling

12:45:20 [lkagal]

lkagal has joined #pling

12:49:31 [oshani]

oshani has joined #pling

13:06:04 [pdenning]

rrsagent, where am I?

13:06:04 [RRSAgent]

See http://www.w3.org/2008/10/23-pling-irc#T13-06-04

13:06:56 [lkagal]

lkagal has joined #pling

13:11:33 [stefanoCrosta]

stefanoCrosta has joined #pling

13:21:31 [lkagal]

lkagal has joined #pling

13:24:03 [oshani]

oshani has joined #pling

13:24:27 [pdenning]

pdenning has left #pling

13:27:27 [rigo]

rigo has joined #pling

13:36:05 [lkagal_]

lkagal_ has joined #pling

13:38:12 [lkagal]

lkagal has joined #pling

13:40:10 [lkagal]

lkagal has joined #pling

13:45:34 [renato]

Dinner at 7PM tonight ....meet in the Lobby.....

14:14:17 [oshani]

oshani has joined #pling

14:36:19 [lkagal]

lkagal has joined #pling

15:03:57 [lkagal]

lkagal has joined #pling

15:08:40 [lkagal_]

lkagal_ has joined #pling

15:11:52 [lkagal]

lkagal has joined #pling

15:14:22 [lkagal_]

lkagal_ has joined #pling

15:19:02 [lkagal]

lkagal has joined #pling

15:25:41 [lkagal_]

lkagal_ has joined #pling

15:31:22 [lkagal]

lkagal has joined #pling

15:38:13 [lkagal_]

lkagal_ has joined #pling

16:02:37 [renato]

renato has joined #pling

16:57:57 [oshani]

oshani has joined #pling