[Geopriv] The Confluence of P3P and GEOPRIV

Rigo Wenning, one of the organizers of the W3C workshop, has sent me his 
thoughts on P3P and GEOPRIV, and given me permission to redistribute them 
for comment.

-------- Original Message --------
Subject: Re: A privacy-related introduction
Date: Tue, 29 Aug 2006 18:56:16 +0200
From: Rigo Wenning <rigo@w3.org>
Organization: W3C

Hello Andrew,

currently there is a bigger set of specifications and technology that geopriv
is in context to.

The P3P Working Group already introduced in 2001 the "location" category into
the P3P Specification[1] to help some japanese services to have P3P express
finality, usage, retention and other semantics over location data.

Helena Lind (formerly Lindskog) from Ericsson was also part of the P3P Working
Group and AFAIK also contributed to geopriv. Ericsson developed a scheme on
how to use P3P together with CC/PP and made also an UAProf profile for
this[2].

So there is a good way already to attach the announcement of some privacy
implication to the client-side. geopriv is adding access control to it, but
it would be nice, if this would go beyond the few criteria actually in the
RFCs developed by the geopriv WG. At least there should be a reference to the
P3P Specification.

So my suggestion is, instead of the IETF re-inventing the privacy semantics
over time, to use the vocabulary of P3P and to be able to plug that into the
current geopriv protocol as expressed by [3]. As all is XML, the challenge is
more on the side of scoping the semantics in time and space and to integrate
well into the protocol used. P3P 1.1 has developed a generic linking
mechanism that could do the trick[4] but that would also need some
consideration from geopriv's side. Note that P3P 1.1 is still a Draft while
P3P 1.0 is a Recommendation.

P3P also defines a full fledged internationalized data format for personal
data that can be used for the storage systems as defined by geopriv. This is
important because once one wants to express preferences over personal data,
it is important to have a sticky link between the data and their preferences.
This allows to make personal data go past the trans-enterprise border without
losing its privacy attributes. The W3C workshop on 17/18 October will talk
more about the challenges inherent to this approach.

Now to the SAML-issue. Like [3], SAML[5] is a framework and does not have
privacy semantics on its own. The privacy considerations by the SAML TC are
rather thin. XACML[6] as a specification for access control hasn't been
mentioned at all so far. But again, there is a way to use the P3P semantics
to fill in the existing framework. And P3P is for the moment the only world
wide agreed privacy ontology that is technically defined and not only a law.

So again, it would be nice, if one could link P3P semantics like retention,
purpose and disclosure (to third parties) into the protocol actually made. A
simple hook with some semantic scope description would be sufficient.

Feel free to distribute and discuss my suggestion within geopriv. And I hope
for participation in the W3C Workshop on Languages for Privacy Policy
Negotiation and Semantics-Driven Enforcement[7].

1. http://www.w3.org/TR/P3P/#Categories
2. http://www.w3.org/TR/CCPP-trust/
3.
http://www.ietf.org/internet-drafts/draft-ietf-geopriv-common-policy-11.txt
4. http://www.w3.org/TR/P3P11/#generic_attribute
5.
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security#technical
6. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#technical
7. http://www.w3.org/2006/07/privacy-ws/

Best,
-- 
Rigo Wenning            W3C/ERCIM
Staff Counsel           Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv