PLING-primelife joint meeting at TPAC2008

23 Oct 2008


See also: IRC log


Carine_Bournez, Jan_Camenisch, Karima_Boudaoud, Jan_Schallaboeck, Frank_Wagner, Laurent_Bussard, Ashok_Malhotra, Lucy_Lynch, Stefano_Crosta, Gregory_Neven, Christian_de_Sainte_Marie, Rigo_Wenning, Ulrich_Pinsdorf, Aleksandra_Kuczerawy, Franz-Stefan_Preiss, Andreas_Matheus, Renato_Iannella, Lalana, Kagal




<scribe> scribe: CB

<scribe> scribeNick: caribou


Rigo: there is more and more interest in policy languages
... relations to eGov, social Networks...
... we have invited people to present
... Co-chairs for the PLING are Renato Iannella (NICTA) and Marco Cassasa-Mont (HP)

Renato: [starting a round of introductions]
... [reviewing agenda]

PrimeLife project presentation

JanC: we want to protect our privacy in our interactions with others, companies, etc.
... on a computer, traces stay
... it is too difficult to understand the policies when you go to a website
... you don't want to spend 3hrs to read and understand all the fine-prints
... we should worry about the data we provide
... and reveal the less
... PrimeLife looks at wikis, social networks, eCollaborations
... there are technologies to minimize the data you give to people
... ready to be used but not often used yet
... Now more technically:
... [example with driver renting a car, getting an insurance]
... in electronic world, digital documents and signatures
... they don't need your birthdate when you rent a car
... we should make some information conditional
... e.g. give them an encrypted version of your data, that would be decrypted only if needed (e.g. if you crash the car)

Andreas: in the end , you have to trust someone
... if it's not the car rental, it's the entity that could decrypt

JanC: indeed. The first step is to define who I trust for what
... a set of parties have to agree. you want to distribute the trust
... if one is corrupted, the other might not :)
... second step is to define the policy that says when the information can be disclosed
... if you only use digital signature, you can link information
... so we need anonymous credentials
... ['architecture' description]
... on the service side, we need to change the access control mechanism
... policies are transfered to the user
... in fact the relevant parts
... the user has personal policies about what he/she wants to disclose
... partial identities to unlink information

RigoW: enforcement of policies?

JanC: Data handling, e.g. after the transaction is done
... delete information
... change of business processes, to avoid using keys like social security number

Lalana: what about the proof that you are X ?

JanC: I'm getting to credentials
... [example: prove you are over 18]
... without saying who you are
... nor leave traces
... 1st change: identity is kept secret
... several partial public identities
... e.g. one identity with just my birthdate
... if I need more certified information, I create a new identity
... and for several information, you can mix several identities
... so that you get a certificate with all certified statements
... without needing a new certification

Andreas: to avoid the certificates handling at the user's, you can have token services

JanS: single point of trust problem

??? : in semantic web area, you can build network of trust with self-signed certificate

Lucy: trust is not only on the user side

JanC: [wine shop example]
... address is encrypted and only the shipping service can decrypt
... the user is anonymous for the wine shop
... [associated workflow]
... if the user disagrees with the service assertion request, she can send a different one to negotiate another one (AC +DHP + obligations)

RigoW: how do we make sure that your DHP keeps in sync with the data that travels?

JanC: you have to trust that the data is transferred to services that have the same DHP

JanS: trust is a key of the pb

JanC: in addition to the requirement, you might need to specify which proof you need
... e.g. OECD_passport to prove age > 21
... can use an ontology to decide what matches "OECD_Passport" (e.g. swiss passport, ...)
... Summary: we need DHP, Credential formats
... Privacy prefs/ AC, Obligations, Logging, Matching of policies
... + lots of ontologies (categories of issuers and credentials)
... user interfaces (not too complex)

Lalana: do you think a standard policy language would help?

JanC: I think the answer is yes

GregN: do you mean something that interacts with existing ?

Lalana: a Data Handling Policy language

CSMA: a policy exchange language

Andreas: a language that can be translated in existing languages
... canonical policy

RigoW: canonical is another word for complexity
... Semantic Web might be used to match policies

CSMA: you need to compare policies
... the Rules Interchange Format does not compare rules
... just transform, so the other end can apply
... the pb is to be able to say if the server policy matches the user desired policy

Andreas: not compare them to be identical, but if one is included in the other

CSMA: I don't think it's just a question of normal form of the interchange format
... in your execution language you might be able to see if policies match
... I don't think you can do that purely syntactically

RigoW: ontologies?

... OWL DL is the only format that's standardized
... not necessarily sufficient

JanC: PrimeLife activities:
... infrastructure, coordination and education
... research
... Privacy-enhancing identity management is feasible, let's do it
... project website is primelife.eu


<renato> W3C Rules Interchange Format (RIF) - Christian de Sainte Marie

W3C RIF presentation

CSMA: Interchange with serialization to an XML document
... you have to share a data model of the document, to serialize and deserialize it
... if you have rules related to the document, you want to exchange them with a rule model
... RIF itself is not modelling the data

RigoW: how is the RIF document related to the data?

CSMA: this is one issue. I'll come to it later again
... there is a use case for rules interchange without it being linked to a document
... you can have a compliance organisation, to check that the rules can be executed
... [example of use case: buyer and seller policies and prefs]

JanC: did you use XACML?
... as a mapping to an execution language?

CSMA: this is the rules model, the format of rules and semantics


CSMA: in a business domain, e.g. mortgage industry, they have their own data model, concepts, representations
... they may want to write rules about the data
... representing the semantics and structure of data is different from semantics and representation of rules

RigoW: can RIF be used with OWL?

CSMA: yes
... rules can be expressed in OWL, but not all the rules really belong to the ontology
... different life cycle, status wrt domain knowledge
... rules are not always conceptual
... example from the PrimeLife document

<rigo> +bergamo

CSMA: [shows a RIF example of access control policy taken from PRIME]

<rigo> +HarryHalpin

CSMA: RIF does not provide a policy language but it can be used to interchange policies
... other applications using other languages can reuse the rules with the same semantics
... people have their own rules format and engine already
... we have 2 backgrounds:
... the SW needs a rule language to add rules on top of OWL
... rules with formal semantics
... hundreds of rule systems
... including some already in SW
... market with business rules
... the super-set approach (designing a language that you can translated to any language) is not practical
... we defined a RIF Core as the overlap between existing models
... and you can extend it to add dialects
... but not knowing which dialects would be needed, it's impossible to agree on a Core
... we now have 2 families, and trying to define the core from that

http://www.w3.org/2005/rules/wiki/BLD (Basic Logic Dialect)

http://www.w3.org/2005/rules/wiki/PRD (Production Rule Dialect)

CSMA: Design principles: not redefining a new rules language
... preserving the semantics when interchanging (from one dialect to another)
... only normative XML Schema

Lalana: if I translate to BLD and you translate to PRD, will we be able to understand?

CSMA: syntactic intersection
... e.g. any PRD rule without negation will be BLD-compatible
... a RIF document will not tell you the dialect it is using
... either you find a construct that you don't understand, and then you don't understand the rif document
... or you understand every construct and then you don't care about the dialect
... RIF is a box where you could put your policies, it does not define a policy interchange solution

PLING use cases


Renato presents the flickr/virgin mobile real case (http://www.w3.org/Policy/pling/wiki/InterestingCases#Virgin_Mobile_and_Flickr_Photos)

Stefano: not all the countries have the same law

JanS: it is a matter of awareness
... pb of understanding of the "creative commons" license

Harry: there was a clear choice but the user does not understand
... if there was some machine-readable semantics, the user could have access to more information automatically

Renato: the friend of the person chose the license, not the person herself

RigoW: people don't always realize what's implied
... e.g. in social networks, people don't always know they are publishing to the world

Carine: we want SN sites designers to be able to offer more flexible choices than just "I publish to the world or I don't"

JanS: The context is important
... a policy language has to decide what level we want to reach

Renato: expressing the purpose

Andreas: this UC shows that the policy that is in place is not suitable
... the user choose for her friends
... if there is someone else on the picture, the person has her say

JanS: it's not much of a technical pb here
... more awareness and legal pbs

Greg: from the technical point of view, tagging picture with names is not good for privacy

Harry: the ultimate pb are always essentially social
... it's diffcult for legal frameworks to follow
... if this groups produces a policy solution, how do we get users to create systems using it
... browser people don't want to put it in their browsers
... you can imagine how to implement it now
... but the purpose is to push it into the user-browser-server ecosystem

Lucy: I was in the widgets group, they were discussing camera access, to tag pictures for geolocation
... e.g. camera with GPS

RigoW: PLING is collecting use cases
... if you can write up a short description, it would be useful
... we will get a converge on what are the most urgent needs

Renato presents "The Economist" reuse picture form

Renato: they have all questions (place where you want to use it...)

Harry: you can't debug because the information is not accessible from the form page

[break - reconvene on friday]

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.133 (CVS log)
$Date: 2008/10/23 11:03:36 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.133  of Date: 2008/01/18 18:48:51  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/look/looks/
Succeeded: s/BLD/BLD-compatible/
Succeeded: s/solutions/systems/
Found Scribe: CB
Found ScribeNick: caribou
Present: Carine_Bournez Jan_Camenisch Karima_Boudaoud Jan_Schallaboeck Frank_Wagner Laurent_Bussard Ashok_Malhotra Lucy_Lynch Stefano_Crosta Gregory_Neven Christian_de_Sainte_Marie Rigo_Wenning Ulrich_Pinsdorf Aleksandra_Kuczerawy Franz-Stefan_Preiss Andreas_Matheus Renato_Iannella Lalana Kagal
Agenda: http://www.w3.org/Policy/pling/wiki/TPAC2008

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Got date from IRC log name: 23 Oct 2008
Guessing minutes URL: http://www.w3.org/2008/10/23-pling-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]