08:04:24 RRSAgent has joined #acas 08:04:24 logging to http://www.w3.org/2009/11/17-acas-irc 08:04:39 Introductions by the chairs 08:04:50 We go around the room introducing ourselves. 08:05:27 rrsagent, set logs public 08:07:19 tlr has joined #acas 08:07:43 caribou has joined #acas 08:07:45 agenda: http://www.w3.org/2009/policy-ws/agenda.html 08:08:06 meeting: W3C Workshop on Access Control Application Scenarios 08:09:34 Topic: Benjamin Aziz, Slides 08:11:28 rigo has joined #acas 08:11:41 chair: Rigo Wenning, Hal Lockhart 08:12:28 Agenda: http://www.w3.org/2009/policy-ws/agenda.html 08:12:37 chair: Hal Lockhart 08:12:45 scribenick: rigo 08:15:57 elenat has joined #ACAS 08:24:18 samarati has joined #acas 08:26:54 Hal: ?? 08:27:07 Ben: it depends on DSA 08:27:32 Hal: if you have single file and data and you only want to show image, if offline 08:28:21 Ben: yes, if the policy says it shouldn't than it shouldn't . If the images was given, not the experiment, the image will be given, but not the rest 08:28:36 ...having ACL on parts of the file is definitely an issue 08:28:48 Greg: enforcement of offline case? 08:29:05 ...does this requires the XACML running on the machine? 08:29:20 Ben: yes, need XACML engine on client machine, PEP 08:29:48 Andreas: sticky policy, policy becomes a kind of license 08:30:01 hal: will be discussed further 08:30:35 ================= 08:32:35 Topic: Nick Papanikolaou on Towards an Integrated Approach to the Management, Specification and Enforcement of Privacy Policies 08:37:53 -- Hal was asking also about the offline case in previous session and about the access on a part of a file 08:38:10 -- Ben responded that both are needed 08:45:08 Andreas: transfer from US to DE sounds familiar 08:46:33 Mario has joined #ACAS 08:46:54 Tomas: It is worth the other way around 08:47:32 s/worth/worse/ 08:49:42 other way around would be better 08:54:33 Nick Papanikolaou == np: 08:56:38 TCB: lawyer and IT don't understand each other, don't want to understand some time 08:57:04 ... language has to be clear enough so that lawyers can understand 08:57:39 ...translation of OJ, sometimes fine translation, sometimes just plain translation 08:58:16 AM: have you looked into Creative Commons (CC), there is no enforcement (on purpose)? 08:58:49 NP: one person working on contracts, not tech person, several service levels, more controls if you pay more 08:59:52 AM: one CC use would be "for commercial purpose" under the following conditions 09:00:21 ...cannot explicitly says commercial 09:00:32 ME == Martin Euchner 09:01:31 ME: legal stuff is fairly difficult to translate into formal lang. need some intermediate step. company policies are closer, can be translated, at what level you find the abstraction? 09:02:31 NP: ACL is very low level (unix, XACML), legal language is very high level, have to find common characteristics, these data can be accessed under following characteristics 09:02:59 ... in paper some examples about structures informal, try to turn in more formal 09:03:08 Greg: translation manual 09:03:13 NP: yes 09:03:39 MTB: gap between natural language and formal is huge 09:04:27 HL: TC is very interested in projects. Please contact chair or co-chair 09:04:48 ...one of the diagrams, label doesn't match the text 09:05:33 HL: nature of the level 09:06:00 AM: has someone a GUI for the PAP 09:06:08 NP: that's a goal 09:06:30 HL: figuring what kinds of approaches may work 09:06:39 NP: yes 09:06:55 HL: have to agree what the constructs are 09:08:44 RW: consensus by ambiguity 09:08:58 DC == David Chadwick 09:09:33 DC: agreement on meaning is impossible 09:10:08 TCB: 1000 ambiguity can be burned down to 20 by formal language 09:11:03 ... try to reduce ambiguities as much as possible, but don't try to remove all, will fail 09:12:05 Emmanuel Pigout == PG: we need to work from both sides to close that gap 09:12:24 RW: can IT deal with ambiguities 09:12:40 accorsi has joined #acas 09:12:47 TCB: those are just bugs, we know how to deal with bugs, not easy 09:13:15 HL: several people talked lawyers, but formal language is talking about IT 09:14:05 PG: in Master we are using PSL to close that gap, do verification Mcalculus 09:14:55 ... translating the controls that legislations try to put in place 09:15:20 NP: there is an interpretation and we can explore all the options that legal framework gives 09:15:44 HL: everybody agrees that hardest gap is between natural language and formal language 09:16:16 ... create some kind of formal model and give that some verification points where you ask back 09:16:30 TCB: you still need some kind of bugzilla to clear the issues 09:17:17 HL: Ben, scientific data provided and share data. Do you have hopes that we can automate 09:18:13 Ben: data is evolving over time, additional prob. Customize policies to data, but haven't arrived there yet, perhaps transformations, what requirements to put on data 09:19:08 HL: prob in ACL is ACL calculus, means what is the comparison between ACL policy of A and ACL policy of B 09:20:12 Greg: scientific data, requirements in Primelife, it also applies to personal data. What are the policy of revealing that you're over 21 09:21:32 RW: scope must be narrow 09:21:48 AM: ACL policy is context dependent 09:22:26 ... in US ID is shown for beer, even if you have grey hair 09:23:05 ...could have an anon token on paper to go to the bar 09:24:38 ....policy for accumulated data by service would be hard, so service should just forget, common criteria 09:24:52 SS: what about selling a token? 09:25:19 HL: information is collected, only known to a small number of people 09:25:35 PS: just need a credential 09:25:51 The token needs to be tied to the person, which means that verification could involve collection of personal data, e.g. finger print, iris scan etc. 09:26:14 AM: is there a possiblity if a service is accumulating data about a person, accumulation and policy is an issue 09:26:40 or more commonly photos 09:26:51 NP: over 21, you don't do electronically, plastic card "over 21" 09:27:23 HL: how do you prevent from giving it to your buddy 09:27:28 NP: no protection 09:27:56 HL: challenge people to have a different use case than legal age 09:28:55 Raphael: how to enforce policy, conflict, you want to control your data, therefor you must identify to control 09:29:10 ...very complex prob, working on it 09:29:46 Greg: there are fancy crypto tools on service so that you don't collect data at all, zero knowledge proof 09:30:25 dsr: verified electronically, if its a human, the human will forget. Avoiding to collect 09:30:43 greg: in US they sweep passport in the bar 09:30:55 HL: they try to detect forgeries 09:31:49 TCB: people take hash from ear picture and have an ear scanner in the night club. Night club would have to invest a lot 09:32:17 DC: centralizing data in one place is a bad idea 09:32:43 ...the more decentralized, the better it is. 09:32:50 The hash of the ear photo is personally identifying information, and privacy sensitive. 09:32:52 NP: Problem is to keep that up to date 09:33:26 ============================================= 09:54:12 tlr has joined #acas 10:07:38 we break for coffee 10:08:12 Topic: Laurent Bussard on Can Access Control be Extended to Deal with Data Handling in Privacy Scenarios? 10:10:17 scribe: dsr 10:12:27 scribenick: dsr 10:25:46 HL: re XACML as DH aware AC, SAML and XACML don't cover trust statements 10:27:51 LB: is XACML the right language for privacy enhanced access control? 10:28:46 DC: we don't believe that one global language will be practical, but the response is easier to deal with 10:29:41 HL: XACML's use of obligation isn't the same as in LB's presentation. 10:30:39 HL: upper/lower bound on languages is dependent on semantics of obligations. 10:31:45 LB: for PrimeLife, we are concerned with comparing obligations which isn't covered by XACML. 10:32:30 RW: this could be handled via Semantic Web for declarative statements as basis for matching. 10:32:31 Gregory has joined #ACAS 10:32:53 RW: how does XACML handle tests for comparisons? 10:33:54 The next scheduled talk is cancelled as John Tolbert isn't here at the workshop. 10:34:34 HL gives a brief summary of the Boeing position paper on XACML for Export Control and Intellectual Property Protection 10:35:22 HL: excited about people bring use cases on defining XACML access control attributes. 10:36:15 HL: we introduced obligations and advice into XACML as part of 3.0 10:37:03 If you don't understand the obligations access should be denied, whilst advice is info to pass to the requester 10:37:49 HL: another new feature is ability to associated attributes with values (?) 10:38:24 We've started work on a profile for obligation families 10:38:54 We have stayed clear of addressing obligation futures 10:40:03 In reference to LP's paper, it seems to me that you need to specify obligation semantics. 10:40:27 LB: we tried to address a useful subset, but to allow for news to be added later 10:40:53 HL: I would be very interested for people to define obligation profiles 10:41:40 RW: one of the use cases is delete my data after 8 weeks, but deletion is triggered by a timer event and isn't an access control operation as such 10:42:11 HL: that is out of scope for the XACML TC 10:42:35 looking forward to DC's presentation tomorrow. 10:42:57 HL: number 1 use case people mention is logging access. 10:43:23 HL: responding to RW, there is a relationship to XACML attributes. 10:43:48 LB: triggers aren't always caused by access control operations 10:44:27 ML: you could think of this as an operation that is triggered by access control but deferred. 10:44:39 RW: time is important 10:44:59 HL: XACML doesn't constrain obligations in any way. 10:46:07 RA: OSL is a kind of temporal logic that is relevant to this. 10:46:18 I can provide a reference later on 10:46:51 DC: we are looking at putting other languages within XACML using a way to notify the language 10:47:19 RW: how do you address interoperability in that case? 10:47:42 HL: it's an improvement of just putting an identifier in XACML. 10:48:56 DC: lots of call outs that trigger obligations. Receiver will balk if it doesn't understand the embedded language 10:49:12 M. Hilty et al. A Specification Language for Distributed Usage Control . 10:50:24 AM: if you ask a data base for all attributes of an object, the access control mechanism can test to see if the set of attributes is okay 10:50:57 the obligation is used as a filter to strip out attributes the requester isn't permitted to access 10:51:21 DC: we have a similar solution, but use a 3rd call out to the PDP as a gate 10:52:40 AM: when requesting a map, some parts may need to be blurred out/hidden. There is no mechanism to verify that the filtering has happened correctly 10:53:17 Filtering by obligations is one case, another is filtering by attributes and a third is blurring out or transforming the data before delivery 10:54:11 DC: if something fails, you should get an exception 10:54:57 AM: the output for geographical data may be a binary image and not something the PDP can check. 10:55:16 Is there another way of checking? 10:55:46 RW: we need to be clear on terminology, lawyers and techies using different terms causes confusion 10:57:21 HL: the alternative approach is to treat each entity separately for access control purposes. 10:57:58 But that doesn't scale well for non-discrete resources 10:59:22 RW: think of a shop, which needs a feedback channel why people leave the shop without making a purchase 10:59:57 Is there a feedback channel? 11:00:31 HL: XACML 3.0 does provide a means to listing which policies are relevant 11:00:39 s/to/for/ 11:01:12 HL: this doesn't answer AM's question of how to model complex resources. 11:01:50 AM: the server gets an SQL request which needs to be passed through the access control policy. 11:02:45 NP: a lot of scientific applications have many components within large files for which you want to control access to. 11:03:22 Mario has joined #ACAS 11:03:28 HL: AM's case involves continuous data which creates problems. 11:04:02 HL: would like to hear discussion about how Semantic Web can be used to describe access control policies 11:04:45 RW: CB has worked on this. I am wondering how XACML policies could be annotated. 11:05:16 How could that be exploited by the access control engine? 11:05:38 Where to put the annotation is also a question. 11:06:07 HL: there has been some discussion on RDF in the XACML TC, see our wiki 11:06:31 Some of this is outside the scope of XACML, e.g. on describing relationships between attributes. 11:07:00 But we don't have a lot of SemWeb expertise in the TC and would welcome some help. 11:07:22 RW: e.g. relationship between first and second names of people. 11:07:57 SemWeb is good for managing lots of metadata and performing queries. 11:08:37 MarioL has joined #ACAS 11:08:55 RW: many natural language terms in policies can map to the same concept in the ontology 11:09:42 The metadata could help with translating high level descriptions into lower level formal ones. 11:10:25 DC: one of the things we want to see in the SAML profile is the ability to provide dynamic policies 11:10:48 HL: we missed that, but there is a reluctance to re-open things right now. 11:11:44 May be we have been too rigourous... 11:12:42 People trying to apply XACML to webservices are bringing further requirements 11:13:16 There are a lot of implementation choices... 11:13:57 DC: a generic infrastructure works provided you can take advantage of the context 11:15:35 mari1 has joined #ACAS 11:15:38 AM: an access request doesn't always have the information needed for access control, and you need to check the result of the data base operation to determine what access control decisions are needed 11:16:30 DC: what about doing something before obligation? 11:17:10 In my talk tomorrow, I will talk about checks before, during and after obligations. 11:17:47 HL: the policy could provide a filter to strip out data that the user shouldn't be shown 11:18:36 DC: we have been experimenting with this for obligations in XACML 2.0 11:19:12 HL: XACML 3.0 obligation families will help with that 11:19:57 RW: the SQL query can be analysed to see which tables/attributes will be involved. 11:20:33 Maybe the metadata could assist with a pre-query check 11:20:50 rrsagent, make minutes 11:20:50 I have made the request to generate http://www.w3.org/2009/11/17-acas-minutes.html dsr 11:21:28 we break for lunch 11:22:51 some data gathering on restaurant suggestions for this evening 11:27:22 we will make a booking at 6:30pm 11:27:37 and walk straight there from he 11:27:43 s/he/here/ 11:27:51 rrsagent, make minutes 11:27:51 I have made the request to generate http://www.w3.org/2009/11/17-acas-minutes.html dsr 11:37:43 renato has joined #acas 13:00:47 renato has joined #acas 13:04:15 Mario has joined #ACAS 13:07:03 dsr has joined #acas 13:08:31 tlr has joined #acas 13:09:18 mari1 has joined #ACAS 13:09:52 topic: http://www.w3.org/2009/policy-ws/papers/Pinsdorf.pdf, Ulrich Pinsdorf (Microsoft), Jan Schallaboeck (ULD), Stuart Short (SAP) 13:09:55 Scribe: tlr 13:09:57 -> http://www.w3.org/2009/policy-ws/slides/Short.pdf slides 13:12:32 Gregory has joined #ACAS 13:12:59 carrasco has joined #ACAS 13:15:46 HL: Please explain legal requirement 1 13:15:52 ... are these policies that are sticky to the data 13:15:57 ... what is a communicated policy? 13:16:02 Mario has joined #ACAS 13:16:18 SS: Service has given a policy 13:16:26 ... when the user wants to use portal and subsequently different service 13:16:28 mari1 has joined #ACAS 13:16:35 ... wants to ensure that policy that was originally declared is respected 13:16:42 HL: Does user declare to the new service when composition changes? 13:16:47 ... what are you trying to do? 13:16:51 SS: Policy is stuck to the data 13:17:03 ... data and policy are sent (in this example) to temping agency 13:17:16 ... do not want policy to be lost when there is chain of services 13:21:17 ... 13:21:31 ??: Are you assuming it's just an initial, immutable policy? 13:21:36 SS: It doesn't change. 13:21:42 rigo has joined #acas 13:21:55 ??: In case of CV, may extract part of CV, so I've now got a new piece of data 13:22:08 s/??/Ben:/ 13:23:34 SS: requirement to change one's mind after release of data. 13:23:43 ??: that's hard, once data is relinquished 13:23:59 RW: if data is gone, there is no legal reason to have notice 13:24:05 ... so requirement turns void 13:24:43 ??: My understanding -- if data is given and policy is "delete in a year", and user changes mind -- they can't 13:24:52 RW: they can make up their mind in certain circumstances 13:25:34 ... distinction is whether you can get out of a previous contract -- revocation of permission 13:26:24 ... if you drill down, it's all common sense 13:27:18 s/??/DC/ 13:27:29 (David Chadwick) 13:28:16 MCB: so you're assuming a standardized CV in XML? 13:28:20 ... there's a standardized European CV format. ;-) 13:29:32 DC: revocation capability? 13:29:34 SS: not quite 13:29:41 DC: note that universities can revoke certificates 13:30:30 ... if use SAML, assume short-term 13:30:44 RW: revocation can occur on behalf of institution or on behalf of data subject 13:31:04 DC: in second case, not revoking qualification, but right to use this 13:31:17 RW: multiple stakeholders in the model 13:31:20 ... need to get relations right 13:31:24 ... otherwise, get mixed up 13:31:34 http://europass.cedefop.europa.eu/ 13:32:06 RW: sometimes better to start from protocol, some times better to start from real-world assmptions 13:32:18 DC: worse in SAML case with masquerade etc 13:33:03 HL: "give the secretary your key or signature" type of scenario 13:34:43 Topic: http://www.w3.org/2009/policy-ws/papers/Tschofenig.pdf, Hannes Tschofenig, Martin Euchner (Nokia Siemens Networks), Alissa Cooper (Center for Democracy and Technology), Richard Barnes (BBN) 13:34:54 -> http://www.w3.org/2009/policy-ws/papers/Tschofenig.pdf paper 13:35:03 -> http://www.w3.org/2009/policy-ws/slides/Euchner.pdf slides 13:35:09 Direct to the CV http://snurl/eu-cv 13:35:59 ==================================== 13:36:18 Topic: ITEF GEOPRIV Authorization Policies 13:36:23 rrsagent, pointer? 13:36:23 See http://www.w3.org/2009/11/17-acas-irc#T13-36-23 13:36:47 http://www.w3.org/2009/policy-ws/papers/Tschofenig.pdf 13:43:32 s/ITEF/IETF 14:01:58 TR: deployment and implementation experience? 14:02:20 ME: don't know 14:02:39 GN: what do you mean by "similar to creative commons"? 14:02:55 ME: concept of license needs to be understood, formalized, defined 14:03:56 GN: would it be specified in the common policy format 14:04:01 ... or in English text? 14:04:13 ME: these are ideas; not very specifc; investigation necessary 14:05:28 RW: Do I understand protocol correctly that the device receives request to give geo data out, then policy is attached to geodata, service has to honor the policy 14:05:33 ME: yes 14:05:42 RW: why do they do this? 14:06:12 |: RW, PS: supermarket :| 14:06:42 RW: srsly, do they think the user's conditions will really be accepted? 14:06:58 ME: don't know the geopriv group's motivations 14:07:27 HL: Is the question about tech deployment or legal questions? 14:07:41 RW: consistency with social conventions is critical for deployment 14:08:21 ... I'd love to impose my conditions on US immigration! 14:08:38 HL: understanding is that data is delivered, conditions are attached 14:08:52 ... idea is that the recipient gets benefit of data only if they accept the condition 14:09:10 RW: they get both -- there's no negotiation, so they honor the conditions -- or not. 14:09:25 HL: absent more elaborate schemes, need to agree in advance that you'll abide by whatever conditions come with the data. 14:09:32 DC: that's the model we're working under in TAS3 14:09:44 RW: doesn't scale 14:10:40 DC: reduce cost of compliance 14:10:59 HL: scope is what's the range of what can be specified 14:11:08 ... then you have the detailed conditions together with the dat 14:11:10 s/dat/data 14:11:34 PS: company to company, can think of conditions being pushed 14:12:13 HL: the other way in which these things get set up is that you have organizations, then everybody agrees to the conditions 14:12:55 ... 14:13:53 ??: would perfectly agree that there has to be some kind of framework 14:14:21 ... but obfuscation and transformation information might be useful 14:15:09 Topic: Controlling the unified portrayal of geospatial cross-border maps, Andreas Matheus, Universität der Bundeswehr München 14:15:17 -> http://www.w3.org/2009/policy-ws/papers/Matheus.pdf paper 14:16:00 rrsagent, pointer? 14:16:00 See http://www.w3.org/2009/11/17-acas-irc#T14-16-00 14:17:41 Topic: Controlling the unified portrayal of geospatial cross-border maps 14:19:22 s/Topic: Controlling the unified portrayal of geospatial cross-border maps// 14:24:13 appears to conflate context dependent styling and desire to show more or less data to people across the border 14:24:41 HL: What's the harm of rendering an interior part of Germany in the Dutch style? 14:24:55 AM: Don't take it that seriously. 14:25:00 HL: oh, so it's a motivating example 14:33:48 access control attributes corresponding to evaluating geometric functions over geospatial data 14:36:16 these attributes are then used for controlling access to that data 14:46:51 rrsagent, make minutes 14:46:51 I have made the request to generate http://www.w3.org/2009/11/17-acas-minutes.html dsr 15:10:12 scribe: carine 15:10:18 scribeNick: caribou 15:10:52 topic: Using XACML for access control in Social Networks, Jaime Delgado, Universitat Politècnica de Catalunya 15:11:29 -> http://www.w3.org/2009/policy-ws/papers/Carreras.pdf 15:13:32 -> http://www.w3.org/2009/policy-ws/slides/Delgado.pdf slides 15:14:04 I have made the request to generate http://www.w3.org/2009/11/17-acas-minutes.html caribou 15:16:45 HL: doesn't the social wbe server know all that stuff [who i friend of who]? 15:16:56 JD: we need to express new semantics 15:17:04 HL: of policies or attributes? 15:17:30 ... the policy does not know the semantics of the attributes foo or bar 15:17:46 samarati has joined #acas 15:17:59 JD: yes. But the way you operate on this information is new 15:18:47 ??: in terms of validation, XACML does not have the capability of validating credentials 15:19:56 HL: the rules only say "compare this and that" 15:20:29 [point of order: several talking at the same time, debate deferred to end of session] 15:20:38 s/several/several people 15:31:33 Jaime: have implementation of a matching from ODRL to XACML and from MPEG21 to XACML 15:32:55 s/from MPEG21/e.g. MPEG21 license/ 15:38:01 Topic: Helping users to manage the information they disclose to websites, Dave Raggett, W3C 15:38:12 -> http://www.w3.org/2009/policy-ws/papers/Raggett.pdf paper 15:38:22 -> http://www.w3.org/2009/policy-ws/slides/Raggett.pdf slides 15:38:47 s/other way around would be better/other way around is not possible/ 15:39:39 Rigo: ODRL was submitted to W3C 15:40:11 ... push for it? 15:40:31 [Dave starts] 15:42:38 GN: if you identify at 2 places with the same assertions, it's linkable 15:42:47 s/assertions/assertion 15:46:11 DR: privacy policy is what data is collected, what for and how long it will be kept 15:46:40 ... privacy assistant that describes the policies to help he user 15:48:29 XML should be more readable for IT people than a legal contract -:) 15:49:01 now, let's talk about perl... 15:53:55 elenat has joined #ACAS 15:55:54 RW: you can generate human-readable policies from P3P 15:56:39 ... lots of legalese don't say anything but "give us your data" 15:57:43 ... we have never played with scenarios like OpenID, intermediaries 16:00:44 DR: lack of technology to implement some Directives 16:00:58 ... market is on demand of more and more personal data 16:02:01 TCB: if the site is in the EU, it's easy, if the site is not, it's a problem 16:02:26 ... in the cloud 16:02:58 Topic: On Frameworks for the Visualization of Privacy Policy Implications, Rafael Accorsi 16:03:10 -> http://www.w3.org/2009/policy-ws/papers/Accorsi.pdf paper 16:03:30 -> http://www.w3.org/2009/policy-ws/slides/Accorsi.pdf slides 16:15:53 HL: the analysis depends on the facts that you know the semantics of what the user is sharing? 16:16:00 s/facts/fact 16:16:23 RA: no more than 10 datatypes with agreed semantics 16:16:58 LB: you compare policy of the _systems_ and policy of the _user_, what do you mean? 16:17:19 RA: policy of the system is e.g. "I need your birthdate and your address" 16:17:43 LB: and policy of the user would be "I'll let you have this...if ..." 16:17:47 RA: yes 16:18:11 RW: visualize an xacml policy? 16:18:21 HL: seen that in a PhD 16:18:48 RW: insisting that semantics of XACML is needed 16:18:59 DR: in DL 16:19:49 HL: any other questions? Proposal to work on finding directions 16:21:51 hlockhar has joined #acas 16:22:11 Hello World 16:22:31 Topic: Sticky Policies 16:23:54 hello rigo 16:24:02 s/Hello World/ 16:24:07 s/hello rigo// 16:24:21 sticky policy: policy information attached to data, a bit like in S/MIME 16:25:00 DC: could be like an obligation, whenever data is moved, the subsequent service has to take the obligation to pass the policy information on 16:25:23 ...independed PEP that passes on the information on behalf 16:26:26 ...reject if a service can't enforce the policy, problem renegate site, "we enforce everything" 16:26:55 ...first should be transport the information back and forth 16:27:14 ... this is an extension to XACML 16:27:38 GN: do you insist on the sticky policy being signed? 16:28:06 DC: no. It's up to the PEP to package it with the data 16:28:34 ... what we want to do next is to define a std protocol, application-independent 16:28:42 ... we haven't gone to that yet 16:29:13 GN: the sticky policy is dependent on the data poured in that channel 16:29:29 DC: we don't have a correct binding 16:29:42 DC: yes. we haven't reached that detailed spec 16:29:42 ...between data and policy 16:30:12 GN: once the channel is set up, you put whatever data you wat in it? 16:30:16 s/wat/want 16:30:20 DC: yes 16:31:00 RW: scenario with data on HTTP then sent by email then put in a SQL DB. How the policy survives? 16:31:17 DC: you can have a conformant gateway before the SQL DB 16:31:23 ... it would store the policy 16:31:45 AM: it's ODC topic18 16:31:58 ... a DRM framework, 2 years ago 16:32:06 s/ODC/OGC/ 16:32:12 former OpenGIS 16:32:52 ... Data travelling from one service to another service, it goes into another DB 16:33:00 DC: travels with the policy? 16:33:08 AM: separately 16:33:28 ... SAML assertions to protect the policy 16:33:58 ME: tls never had sticky policies 16:34:24 ...we are talking about higher level policies 16:35:00 nikos has joined #ACAS 16:35:22 HL: you need trust, in downstream parties 16:35:48 http://portal.opengeospatial.org/files/?artifact_id=17802 16:36:02 I wonder about web browsers, e.g. use of HTML forms and how the personal data in the form is sent along with a binding to the policy. Personal data may also be sent as part of an HTTP Authorization header, so the binding isn't simple. 16:36:22 DC: if you commit to give in data to someone, you can't unliaterally change the contract afterwards 16:36:39 s/unliaterally/unilaterally 16:37:04 ... there are different scenarios 16:38:06 EP: can't we add the temporal aspect? 16:38:15 ... (like cookies) 16:38:40 DC: yes, you can say "for 6 months" but if I change my mind, can I change it back to 3 months 16:39:02 DR: if it's agreed in the policy that you can change 16:39:04 means of policy expression 16:39:23 means of transporting and binding policies 16:39:37 trust of enforcement 16:40:00 combination with endogenous policies 16:40:05 revocation? 16:40:37 RW: subsetting policies, you can only get more restrictive 16:41:05 ... opposite of the data aggregation in semantic web, where you always add 16:41:20 ... temporary aspect because of deletion 16:41:47 ... datawarehouses are not intelligent 16:41:59 ... sticky policies would make them intelligent 16:42:27 DC: metadata can be attributes, policies 16:42:51 HL: policies are not just metadata, commitment to do something 16:43:12 HL: are we in a position to implement sticky policies? 16:45:22 TCB: do we have policies for every URI? 16:45:30 s/policies/a policy 16:45:47 HL: DRM has solved the binding issue 20yrs ago 16:45:55 several voices: no 16:46:02 DC: no it's a trust issue 16:46:20 HL: agreement to standards. 16:46:24 ... what's missing? 16:46:30 DC: performance? 16:46:57 HL: what user is going to specify a 1GB policy? : 16:47:23 In most cases the policy will be defined by the server, not the user 16:47:24 ME: trust depends on who you are 16:48:38 One missing piece is for the policy to indicate the legal jurisdiction 16:48:50 EP: do we have sticky policies smart enough to identify that someone's breaching a rule in some country? 16:49:14 ML: internal attributes 16:49:34 ...don't want to give them away, some solution the crypto way 16:49:46 ScribeNick: tlr 16:49:52 DC: you're talking about the credential validation issue 16:49:52 . 16:50:04 ... then you have a policy who are trusted issuers of credentials 16:50:13 ... I may be the only trusted issuer for data about my friends 16:50:16 ... that's a policy 16:50:45 ??: financial criteria would be things you'd want to keep secret 16:50:51 ... think about risk management for credit cards 16:51:01 DR: binding agreements betweent wo parties 16:51:05 ... data subject and data controller 16:51:11 ... agreement can't be reached unless both parties know what it is 16:51:18 ... have to disclose what's supposed to be the agreement 16:51:20 RW: absolutely 16:51:48 GN: where does the sticky policy come from? 16:51:54 ... I don't like the name of the supermarket problem 16:51:56 ... but it's a problem 16:52:00 ... have seen both side 16:52:00 s 16:52:04 s/side/sides/ 16:52:05 s/s// 16:52:17 GN: both policies present and match, or policy imposed? 16:52:24 ... Rigo's point is that data controller is often the big guy 16:52:30 ... who can then impose rules, option is take it or leave it 16:52:43 ... in primelife, made some advances along the lines of "perhaps true, but can at least specify preferences" 16:52:47 ... optimize matching procedure 16:52:56 ... automate decision whether or not can live with criteria 16:53:03 ... automation happening 16:53:11 HL: there have to be mechanisms for policy agreement 16:53:19 GN: sticky policy as match between preferences and policies 16:53:33 HL: add mechanism on policy agreement to the list 16:53:38 rrsagent, pointer? 16:53:38 See http://www.w3.org/2009/11/17-acas-irc#T16-53-38 16:53:51 GN: downstream data controller to follow sticky policy 16:54:06 ... downstream controller could propose policy 16:54:12 ... sticky policy could be matched against that 16:54:16 RW: several hops 16:54:24 DC: whatever mechanism is developed must be recursive 16:54:34 HL: can spend a lot of time on potential approaches 16:54:39 ... nail down what we try to accomplish 16:54:55 RW: some of this was raised by Greg 16:55:02 ... experience from past is you say "need policy expression" 16:55:13 ... it's more complex than just policy expression 16:55:19 ... have always somebody come in with additional information 16:55:31 ... ease of extensibility of policy language 16:55:36 ... subsequent understanding of policy expression 16:55:40 ... one of the biggest issues in this area 16:55:54 ... one of my misunderstandings in semweb was 16:56:01 ... policy, data, magic happens 16:56:08 ... unfortunately, magic doesn't happen 16:56:27 DC: have to assume multiple policy languages 16:56:31 ... and integrating them 16:56:57 RW: protocol level 16:57:01 DC: flag policies with language 16:57:07 RW: bites with stickiness? 16:57:35 RW: Must be able to consume multiple languages -- add to list 16:58:18 ??: policy references instead of policies? 16:58:35 HL: "if you want a policy, call me" -- binding to reference, not to policy 16:58:39 ... that's neat! 16:58:51 DC: In X.509 put a hash in 16:59:21 DR: not sure we need to assume multiple languages 16:59:31 ... but extensibility and matching in presence of extensions 17:00:01 HL: too many languages already -- and yes, they're insufficient in ways we don't know yet 17:00:25 RW: P3P semantics for privacy -- not enough 17:00:31 ... in access control, need more than just privacy semantics 17:01:03 ... know in baseline policy language how to deal with proliferation 17:01:18 HL: hope change would be independent 17:01:23 ... an XACML policy says "XACML" right on top 17:01:34 ... would hope that binding, trust arrangement etc be independent of expression language 17:01:38 DR: for matching, need semantics 17:01:44 HL: combining, yes 17:01:47 RW: mustUnderstand 17:01:52 ... baseline of what have to understand 17:02:18 HL: out of tine 17:02:22 s/tine/time/ 17:02:24 ... need for tools 17:02:29 .... any last words? 17:03:43 ME: not sure end users need to understand 17:04:06 SS: managing policies -- systems administrator 17:04:13 ... user needs to remember 17:04:21 ... sys admin might have hundreds or thousands of policies 17:04:39 RW: JRC Policy Editing tool 17:04:57 ... very feature rich 17:05:03 ... mind numbingly feature rich 17:05:13 ... challenge for server is to reduce complexity 17:05:20 ... challenge for user is "justice has to be seen to be done" 17:05:35 ... can have all the tools of this world -- if people don't get the feeling that privacy happens, it's not worthwhile 17:06:07 ??: object to "end users don't need tools" 17:06:25 ML: 17:06:36 s/??/ML:/ 17:06:51 ML: need some tools to specify policies, some tools to visualize how policies affect data 17:07:02 http://sn.im/youth-lux for posterity -:) 17:07:09 done 17:07:16 rrsagent, make minutes 17:07:16 I have made the request to generate http://www.w3.org/2009/11/17-acas-minutes.html dsr 17:09:17 hlockhar has left #acas 17:55:00 nikos has joined #ACAS