1 / 7

W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement Report

This report summarizes the W3C Workshop held on October 17-18, 2006, in Ispra, Italy, focused on privacy policy negotiation and enforcement. Hosted by the Joint Research Center of the European Commission, the workshop gathered participants from the W3C, research institutions, and industry. Key contributions included the Geopriv and Presence architecture discussions, emphasizing location privacy. Feedback highlighted issues like explicit intended recipient identification and policy definition scope, driving recommendations for future policy frameworks and collaboration with the W3C.

moira
Télécharger la présentation

W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. W3C Workshop onLanguages for Privacy Policy Negotiation and Semantics-Driven Enforcement Report Hannes Tschofenig IETF 67, San Diego, November 2006

  2. Workshop Details • 17 and 18 October 2006 -- Ispra/Italy hosted by the Joint Research Center (JRC) of the European Commission • Webpage: http://www.w3.org/2006/07/privacy-ws/ • Agenda (including papers and slides): http://www.w3.org/2006/07/privacy-ws/agenda • Participants from W3C, research community (e.g., EU funded research project PRIME), companies • A few pictures: http://www.tschofenig.com/workshop/w3c-privacy/

  3. Our Contribution to the Workshop: Geopriv/Presence Overview Paper • Paper Title: “The IETF Geopriv and Presence Architecture Focusing on Location Privacy”http://www.w3.org/2006/07/privacy-ws/papers/26-tschofening-geopriv • Slides: http://www.w3.org/2006/07/privacy-ws/presentations/26-tschofenig-geopriv.pdf • Authors: Hannes Tschofenig, Henning Schulzrinne, Andrew Newton, Jon Peterson, Allison Mankin

  4. Feedback #1: Intended Recipient Not Explicit • Without S/MIME the intended recipient of the location information is not explicitly specified. • Already raised during discussions: http://www1.ietf.org/mail-archive/web/sip/current/msg14356.html • Suggestion: Add text to Geopriv using protocols (in particular to the SIP Location Conveyance draft) to address this aspect.

  5. Feedback #2: Sticky Policies only for Loc-Info • Basic Geopriv privacy policies (=stick policies) defined only for Location Info • Travel always with PIDF-LO • Question: Why only available for Location Info? Other information is also privacy sensitive. • For discussion: Should we define privacy policies also for PIDF object? Note: The term “sticky policies” is used by the W3C to refer to policies that travel with the privacy sensitive data.

  6. Feedback #3: Policy Push vs. Policy Pull • Geopriv Basic Policies are pushed to the recipient. Assumption: Recipient acts in the anticipated way (as expressed in the policies) • P3P realize a pull principle. • Perceived problem: Privacy policies of recipient unknown. • For further discussion: • Consider a profiled version of P3P policies as an extension for SIP • Use vocabulary and not protocol framework of P3P • For example: Derive usage from P3P compact policies http://www.w3.org/TR/P3P/#compact_policies

  7. Next Steps • Determine how to process received feedback. • Establish a closer relationship with W3C. • Participate in upcoming Policy Frameworks Interest Group (PFIG).

More Related