Re: [Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT)

"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 22 June 2020 16:39 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: captive-portals@ietfa.amsl.com
Delivered-To: captive-portals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E2CA3A0DC9; Mon, 22 Jun 2020 09:39:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=MOSABMyV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Icq7SjJa
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFcz4NI8bF3H; Mon, 22 Jun 2020 09:39:16 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AACA63A0FDC; Mon, 22 Jun 2020 09:39:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19562; q=dns/txt; s=iport; t=1592843951; x=1594053551; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=f/yTVUvxtROJq4xfFOE+yHdNA+ucOoC60eRkWEHXfYE=; b=MOSABMyVIEm7fufESbRKi6aRA5tAnOtiTez7WleroujJVnUn4sNwHAAM 2uVTOIcgoq5KgvtwOjXcP69TCZvoN6Csf4oWYZpXUEFbdxfV9nOh56xMA B6/3SwvsHHN0TCTxnr1bnB1rytZtDiJP056QvnpLDNwOPSGDPTQAlX3Bp Q=;
X-IronPort-AV: E=Sophos;i="5.75,267,1589241600"; d="scan'208,217";a="788977266"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jun 2020 16:38:45 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 05MGcjHg021232 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 22 Jun 2020 16:38:45 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 22 Jun 2020 11:38:45 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 22 Jun 2020 12:38:44 -0400
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 22 Jun 2020 12:38:44 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ls0kuMltKSO0HehYvkJOlgkMS60P9epiYTBpha5+4d2wglGeobuiVChUJG+wh7gt6Fq/fHs8pmWLPnWw3bqe4XehomjfbBsEXARCqFNBq9NaxI5v/cRh+FTdA9wMDsk5v+R/KwC7yKerJAgoVYndDOZsIN8Y6LCAUnHdsJ+jLbGFGWhXz+Io2HLME4MaMrfN94ycEr2cqCgeLVFSMJXjR5p8CFct+uAxOV6vXbgWNcQVQA8MhS7Kwq8EiUzIPVAa5LMvfNgShascH8TY7dZ0LXXVKB1NJUiDxIuGhIWsmjYDylipiO5ZiLX6DmBhhYh9mWRdAI71yNxM4crPPcMn1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f/yTVUvxtROJq4xfFOE+yHdNA+ucOoC60eRkWEHXfYE=; b=HxeArfu74y+TbPCVIKo8vWlQvyGX0vyHSG88jZGaH5jCtafZL2//Vi0Y+icC5rxoyiR/zC9ThWJr6rKXL/zR/X2tatHz/cN76xaAbZYs/Pdjn1hTJttgeLhY/F1Up6YAwOWMsjLU8iep5JPx1ga7saU9DfpxHQyKdnq3eYhRUgOMP545NrHU6OjNDUk1/fb9lHmalAcxEyC10RYHkeUHZ/qrUKmrTMM+ISLhM5ZGELDOyE4P+8YWIGJCgxKeSbiE7I13TrcpoXw1b4cRHPCNp9aP0mznlWjcR+DuQLjxkj3xKdem1IihmF56OfHgGyiySQCnoTZMFIzBdGkptu0D8w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f/yTVUvxtROJq4xfFOE+yHdNA+ucOoC60eRkWEHXfYE=; b=Icq7SjJayvi6ZOUYIFyI3UcxDk/SVgp8MgGfIQANvqJgEIZdLgMs4lM+Q3DbcbwkBOiCAd5M/YWN1zj4NKplRAJYm5c3Vl61r5odtxE1eZO9if7li/urhsfLZUKCEKHOs4bMh/dFQybKoXlSdPucVduTM/k5UR5oVjZZQWfjwsU=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB4613.namprd11.prod.outlook.com (2603:10b6:208:26d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Mon, 22 Jun 2020 16:38:43 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::e9d4:79b5:aef1:be18]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::e9d4:79b5:aef1:be18%5]) with mapi id 15.20.3109.027; Mon, 22 Jun 2020 16:38:43 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
CC: "capport-chairs@ietf.org" <capport-chairs@ietf.org>, "captive-portals@ietf.org" <captive-portals@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-capport-api@ietf.org" <draft-ietf-capport-api@ietf.org>, Martin Thomson <mt@lowentropy.net>
Thread-Topic: [Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT)
Thread-Index: AQHWP+H0ka3by6GQ+E+FT7GfXM/r56jTpS+AgAAAy4CAET24AIAAA1ZQ
Date: Mon, 22 Jun 2020 16:38:43 +0000
Message-ID: <MN2PR11MB4366181A27C457A47760E962B5970@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <159187426163.11035.11823958603457067416@ietfa.amsl.com> <F01F66DF-E679-47ED-BCBF-75CD9DC5C470@apple.com> <MN2PR11MB436632CA83692B16C923938AB5970@MN2PR11MB4366.namprd11.prod.outlook.com> <3B8A4194-7F0C-404B-AED3-CB4A7E371F5E@apple.com>
In-Reply-To: <3B8A4194-7F0C-404B-AED3-CB4A7E371F5E@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [82.15.79.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 260dd289-4455-44c7-59ac-08d816caba42
x-ms-traffictypediagnostic: MN2PR11MB4613:
x-microsoft-antispam-prvs: <MN2PR11MB46131E30D3F366814624BD45B5970@MN2PR11MB4613.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0442E569BC
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oCs4VSleNC2zJUCwfq1WHdwcpifEI+YBKGMHt8I8SZyBzRjmcm7igT0emccguBIi0BV7mOrWYSNb3xrIAuzrmTSJYs69267uXn0yg6VoWPmaEip1vF/6Rm10C8tw22XlmFvBz/W+Cir0xC6h1isMotXhhnIx3WIF8FxVyvy7AVlJ5WZ4QF6u57IiBT2Em9HUK6oAgYIh8mfpOhqtpgB3h2GFv4ElFAuqfepODBm6ruJoUQ4VT4b3TUmTOddqyRiRni8YSfQJP9Bgv+MwB+mX+7B0I5TiIqdsl/Vyr98gh0eHXH4SrhgompIadJf5j2BRSxGlkWlddk8I0OSBn6l0VRZYcYLCSPL0F/4D9ielWOicMliIKd5I6CHTbNqlyj7FxBHUcTlHDDxy2uR417AwiA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4366.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(39860400002)(346002)(136003)(396003)(366004)(83380400001)(9686003)(71200400001)(55016002)(26005)(52536014)(8676002)(2906002)(316002)(166002)(86362001)(54906003)(186003)(8936002)(33656002)(5660300002)(66476007)(478600001)(9326002)(66946007)(76116006)(66446008)(64756008)(7696005)(6506007)(53546011)(4326008)(66556008)(966005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: GTR24+np5Y3ehQEsSYU09CzYk6yzIujLyxKcbxHHLFgtZTLngcMcyRxdFbTLeMZUAk4foxLLZcEZrAWO3Uw/cjy49dPV5DpbZuW79z8LRDv9P5sGgyazAd59jFRiV6QCPq6s3lipcN+ItMzUfWlFA1m1aE16mciRPR31x3AaYmVRFzBmHb+KHpbIpj400BQSzLZzetXsEmTtdScAhDE0+6tMgvyAp0HPT6/CTUH+6JEZdEfql/N0jJkOutaNlwKuXYy1Uh5E2FMiN+iIAdaoYHyFI/kQSOFoGkHPt3Zf7PfhiZIufdpr9JgXLj1CxtvO33WnMuUMmtpVUBSz1hlRPA/3fd3W74yTrA2XP7xSCE/9rQ764yJdpcd53eRkxJMZVmgaHZ7muIyvtbTOlzloQWDLUiB2o+/Riu3+ssF/P0lCeyUVpQHawSBaL+XAbxveEyO1W+qUoj1Hvlgjd4BzJYa600BLA+x2RsA91unbZRA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB4366181A27C457A47760E962B5970MN2PR11MB4366namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 260dd289-4455-44c7-59ac-08d816caba42
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2020 16:38:43.6430 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: z6evX+7GK6lOnWLpB+WVdsqIvPndyYvQEQN0977Q2aZIo1WeK5ZQMHF2pLgMv6Ym3dBbUm1zlLVF2jD6ErcY9w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4613
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/captive-portals/bYYMxmeb2dMNbWdGFW6O4VsnLsw>
Subject: Re: [Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT)
X-BeenThere: captive-portals@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of issues related to captive portals <captive-portals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/captive-portals/>
List-Post: <mailto:captive-portals@ietf.org>
List-Help: <mailto:captive-portals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/captive-portals>, <mailto:captive-portals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2020 16:39:22 -0000

Hi Tommy,

That sounds okay with me.   Thanks for clarifying.

Regards,
Rob


From: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Sent: 22 June 2020 17:25
To: Rob Wilton (rwilton) <rwilton@cisco.com>
Cc: capport-chairs@ietf.org; captive-portals@ietf.org; The IESG <iesg@ietf.org>rg>; draft-ietf-capport-api@ietf.org; Martin Thomson <mt@lowentropy.net>
Subject: Re: [Captive-portals] Robert Wilton's No Objection on draft-ietf-capport-api-07: (with COMMENT)

Hi Rob,

Thanks for the example text for user consent, etc. I believe that at this point in how the CAPPORT API will be used, the main way that personal information is transmitted is in the web portal. The privacy text in -08 was updated from the -07 version to not imply that it is the API JSON itself:

            "Information passed between a client and the user-facing web portal may include a user's personal information…”

My interpretation of requirements like GDPR is that they’d be then applying to what shows on the web portal that the API server points to, at which point the consent and terms can and should be shown in a normal web page flow.

However, for future extensions to the CAPPORT API that could allow captive portal interaction without a webpage, but done more “automatically”, I do think this kind of text will be necessary. So, I think for now, we leave this for future updates?

Best,
Tommy

On Jun 22, 2020, at 9:18 AM, Rob Wilton (rwilton) <rwilton=40cisco.com@dmarc.ietf.org<mailto:rwilton=40cisco.com@dmarc.ietf.org>> wrote:

Hi Tommy,

Just one (belated) comment at the end ...



7.1.  Privacy Considerations

Possibly worth adding a comment about the necessity to keep personal
information secure.   In addition, should there be any comments about
GDPR like

constraints (if they apply)?

This section has also be reworded slightly to make this more clear. I’m
not sure if there’s anything we can state for GDPR or similar constraints
here. I think that would mainly apply to what is shown in the user portal,
not the API interaction.
[RW]

FWIW, I saw this text in another document that I'm reviewing now, and is was something along these lines that I was originally thinking of when I posted the original comment:

  When sharing personally identifiable information or information that
  is otherwise considered confidential to affected users, SET
  Transmitters and Recipients MUST have the appropriate legal
  agreements and user consent or terms of service in place.
  Furthermore, data that needs confidentiality protection MUST be
  encrypted, at least with TLS and sometimes also using JSON Web
  Encryption (JWE) [RFC7516].

  In some cases, subject identifiers themselves may be considered
  sensitive information, such that their inclusion within a SET may be
  considered a violation of privacy.  SET Issuers should consider the
  ramifications of sharing a particular subject identifier with a SET
  Recipient (e.g., whether doing so could enable correlation and/or de-
  anonymization of data) and choose appropriate subject identifiers for
  their use cases.

I.e. if user identifiable information is being carried over the CAPPORT API, then IANAL, etc, but I think that GDPR would require that the user had given consent in some way before any personally identifiable information is transmitted.

I'll leave it to you to decide if that is a valid consideration for the privacy section.

Regards,
Rob




Best,
Tommy


Thanks,
Rob



_______________________________________________
Captive-portals mailing list
Captive-portals@ietf.org<mailto:Captive-portals@ietf.org>
https://www.ietf.org/mailman/listinfo/captive-portals