DRAFT Minutes from WAP-W3C workshop on mobile privacy
Day 2: Friday, 8 December, 2000

 

NOTE: there were some changes to the agenda.  We began with the panel on security requirements, carried over from yesterday.

 

Morning:

Afternoon:

 

Panel: Security requirements

Philippe Lucas, Zero-Knowledge

Philippe, standing in for Eric Bergeron, presented a high-level overview of security and privacy issues [see slides].

 

Main points:

Questions:

 

Danny Dolev, Hebrew University

@@see slides@@

 

Main points:

 

Jens Berwanger, Arthur Anderson

[see @@slides@@]

 

Main points:

 

NOTE: there were various criticisms of the prepared slides -- they did not seem to reflect current WAP models.  As Jens was stepping in for Daniela Elsner, he could not respond to these criticisms

 

Mark V: WAP gateway only translates between 2 protocols.  In principle no difference from, say, SSL today:

Comments:

 

Panel: Public Policy

Lukas Gundermann, Independent Centre for Privacy Protection, Schleswig-Holstein

Lukas gave an overview of data protection laws in Europe, and key public policy considerations for mobile privacy [see slides].

 

Main points:

Questions:

 

Henry Ryan, IPSE

[see @@slides@@]

IPSE = Initiative for Privacy Standardization in Europe

 

Main points:

Questions:

 

Panel: Technology integration

Simone Fischer-Hübner, Karlstad University

[see slides]

 

Main points:

Questions:

 

Scott Alperin, DoubleClick

[no slides, but see Fiona’s @@paper@@]

 

Scott, stepping in for Fiona Walsh (who was ill), presented the Internet ad companies’ perspectives.

 

Main points:

Comment:

 

Eric Brunner, Engage

[no slides]

 

Eric presented his take on the of results of the workshop:

 

Suggested action items from Eric:

 

Other observations from Eric:

Comments/questions:

 

General discussion:

 

 

[Note: there was considerable disagreement/misunderstanding about what “negotiation” means.  For Marc L, it is automated negotiation that takes place in background, between client (UA) and server (website).  For Marc Le M, it is whenever a service prompts user for data that normally would not be given out, based on that user’s preferences.]

 

(Lunch)

 

Note: the Friday afternoon session was more of a discussion than a presentation.  Patrick’s slides changed over the course of the afternoon, to reflect comments from workshop participants.

Common themes and next steps,
Patrick Feng (RPI)

Patrick summarized some common themes that had emerged during the course of the workshop [see slides]:

Discussion:

Additional items?

Different business models

Security and privacy

User interface

P3P as starting point

 

Next steps:

Patrick proposed possible next steps for WAP-W3C [see slides].

  1. P3P vocabulary extension for mobile Web environment:

Where to do the work?

Discussion: additional vocabulary?

 

[More next steps]

  1. Need for integration of  CC/PP, UAProf, and P3P specifications.  (How and where to do this?)
  2. Need to identify appropriate groups to work further on privacy issues.  Is WAP able to suggest a specific group?

 

Danny: Let me give an example: while developing XHTML, we had WAP people sit in on the W3C oversight group.  So, in this instance we created a special liaison group.  So, in terms of action items, this group could answer “Who should be in charge at W3C of doing this?” -- and the same was true for WAP.  What we’re looking for is the interface, how WAP and W3C can collaborate.

 

  1. General use cases for mobile privacy and architectural requirements
  2. Collaboration zone for exchange of docs (Danny takes action item to investigate)
  3. Investigate user interface: what are best practices for informing mobile users about privacy
  4. WAP and W3C should identify process for moving ahead with joint work

 

Discussion: where to do work?

P3P vocabulary extension?

Timeline?

 

[Meeting ends at 15:20]