DRAFT Minutes from WAP-W3C workshop on mobile privacy
Day 1: Thursday, 7 December, 2000


Note: These minutes represent the best understanding of the minute-taker at the time of the discussions and may contain errors or omissions.  Please contact me if you have any suggestions or corrections.





Introductory remarks from workshop co-chairs,
Danny Weitzner (W3C) and Stefan Viewig (Mannesmann)


Danny welcomed everyone and gave a brief overview of the workshop and went over the draft agenda.  Stefan added his welcome and said that, in terms of workshop deliverables, he hoped that in addition to the minutes and summary report, we would also be able to identify some concrete steps forward.  What are some future milestones to aim for?  What future steps should WAP and W3C take to promote further interaction between the two organizations?


Technology Background I: Location Drafting Committee,
Ewan Cameron (Signalsoft)


Ewan presented an overview of the WAP Location Drafting Committee’s (Loc-DC) work [see slides].  Note: because of intellectual property issues, many aspects of the Loc-DC’s work could not be discussed in great detail.


Main points of presentation:





Owner of information?

High granularity of control:


Future requirements?

Control in handset:


Third party ads, misc:


P3P architectural overview,
Marc Langheinrich (ETH Zürich)

Marc gave an overview of the P3P specification.  See his excellent slides.


Main points:


Integration with digital signatures?

Performance impact?

Need for encryption?

Implementation in mobile environment?

Mobile UI?

Changes to policy in transport?

Legal status of P3P policy:

What binds policy to owner?


P3P public policy overview,
Danny Weitzner, W3C

Danny gave an overview of how he sees metadata as being a public policy tool [see @@slides@@].  He noted his presentation comes from a U.S. perspective, with “privacy” being grounded in values of freedom and liberty.


Main points:


Craig Brown (Baltimore Technologies) added that when he was working for Lotus, he witnessed the first public uprising over privacy.  When the Lotus Marketplace CD-ROM came out, there was uproar -- Lotus threatened by many big companies: we will drop all your software unless you cancel this project!


[@@Danny’s presentation continued@@]


Danny went through some examples of P3P user agent implementations and then explained where P3P is in terms of W3C process:


Danny: We don’t consider that P3P is a complete solution, or that we’re finished, but we’ve consciously taken step-by-step approach.  We’re going to look at how this goes as we go along.  But we’ve identified niche: websites need this -- human readable form are more and more complex -- users can’t handle this.


Communications and outreach?

Need for secure systems?




Technology Background III: CC/PP and UAProf
Mikael Nilsson (Ericsson)

Mikael gave an overview of the CC/PP and UAProf specifications [see @@slides@@].


[Editor’s note: points marked with @@ still to be filled in, waiting on slides]


Main points:



In phones now?

How to handle data prior to knowing privacy policy?

Minimizing data flow?


[Editor’s note: This might be future requirement -- privacy is enhanced when less profile information is given out.  Also, think of the problems faced when profile becomes large, because more and more information being dumped into one profile.]

Customizing content:


(Coffee Break)


Panel: General requirements I

Marc Le Maitre, Nextel

Marc gave a presentation from the wireless carrier point of view, focusing on user experience [see slides]:


Mike Mulligan, Nokia

[no slides]


Mike presented Nokia’s viewpoint.  Main points:




Frank Seliger, IBM

Frank presented IBM’s approach to the mobile web [see slides].


Main points:


Alan suggested that Bluetooth complexifies mobile scenarios.





Negotiation and P3P


Panel: General Requirements II

Mario Tapia, XYPoint

Mario presented an overview of the E911 system in the U.S. [see slides].


Main points:


Kentaro Meiseki, J-Phone East

Kentaro presented information about J-Phone [see slides]:



Ricarda Weber, Siemens

Ricarda presented an overview of her group’s research interests [see slides].


Main points:

Question: Trust in network?

Sensitive information?


Garland Phillips, Motorola

[see position paper]


Main points:

Question: Display size?

Forwarding of policies?

Gatekeeper/trusted party?

Control in handset or network?


Day 1 Wrap-up:

A very brief wrap-up by Danny: [a more comprehensive wrap-up took place on day 2]


Danny: I want to just pick up on 4 things:

  1. Just about everyone has agreed that the goal is to give users control over their information.
  2. The difference that’s struck me is the different user expectations that users have: there really is a higher level of expectation about security, trust, and maybe enforcement in the mobile environment.
  3. It’s been suggested that there will often be a network operator in the middle of user-web interaction.
  4. But, then again, maybe not -- are we looking at multiple architectural scenarios?


Marc Le M: I just want to add that my thing about carriers being the trusted agent is more of a wish than a statement of fact at the moment.


[Day 1 ends at 18:00]

Go to minutes from day 2.