[WG-P3] I-D - Draft Hansen Privacy Terminology
stollman.j at gmail.com
Thu Sep 9 05:58:09 EDT 2010
I applaud efforts to standardize the terminology we use. This holds the
potential of keeping us from talking in circles when we believe
(incorrectly) that we are all talking about the same thing because we are
using the same terms -- even though frequently, we are defining the terms
The draft document seeks to define terminology by first providing a context
and then defining words in terms of that context. The problem that others
are finding in this approach is that the context is not universal. In fact,
the context (sending and receiving messages) is only a small part of the
ecosystem for which we seek to establish identities and maintain some
semblance of privacy.
This approach also demands that the reader review much of a lengthy document
in order to find the definition of a particular term.
A second problem I find with the current draft is that it is not ambitious
enough. It seeks to define a handful of terms, but in the larger ecosystem
I believe that there is need to define many more (e.g., relying party,
identity provider, attribute). Of course, as work in this area continues,
new terms will continuously crop up.
Perhaps a better approach would be more of a dictionary model in which terms
are listed alphabetically and definitions given for each. In cases where
the definition changes because of the context, multiple definitions can be
offered -- couching each within its specific context. It become easy to add
new terms to the dictionary because it is, essentially, merely a list.
To follow this dictionary approach, a good first step would be to create a
list of terms to be defined and then craft definitions for them.
Invariably, contributors will create multiple definitions for many terms.
It then becomes necessary to determine whether this multiplicity of
definitions emanates from a multiplicity of contexts, demanding more than
one definition or if we can reconcile some of these definitions - creating a
standard that facilitates more productive discussions.
On Thu, Aug 12, 2010 at 1:08 PM, J. Trent Adams <jtrentadams at gmail.com>wrote:
> All -
> On today's P3WG call we discussed that Hannes et al. are beginning to
> solicit input to their Privacy Terminology I-D:
> They're also planning to hold a meeting (somewhere in the world TBD) in
> early December. I'm assuming that they'd like feedback prior to that so
> a second draft can be worked and distributed in advance.
> On the call today there seemed to be support for P3WG Members to
> contribute responses (in response to this thread) over the next two
> weeks. Then, during the next scheduled call, we can discuss if we
> believe we're ready to distill the comments into a reasonable response
> (or extend the discussion period, or decide to drop out).
> Assuming that's reasonable, I suggest everyone read the I-D, and reply
> with their comments.
> > On Fri, 2010-07-09 at 09:09 -0600, J. Trent Adams wrote:
> >> All -
> >> As a follow-up, I talked to Hannes Tschofenig (one of the authors) about
> >> where they're headed with the work. They're very interested in
> >> receiving feedback on the document from multiple parties.
> >> They've come up with a short list of groups they're targeting, and P3WG
> >> is a group they'd like to participate in the conversation. Assuming
> >> this group believes it's valuable, we're in a good position to provide
> >> valuable input.
> >> Some of the public discussion lists being solicited for participation
> >> IETF SAAG
> >> IETF Security Area Directorate
> >> GEOPRIV Mailing List
> >> IETF Mailing List
> >> They're also targeting specific contributors within various
> >> organizations such as:
> >> MIT Communications Futures Program - Privacy and Security Group
> >> Harvard
> >> CDT
> >> Berkman Center
> >> Berkeley
> >> International Working Group on Data Protection in Telecommunications
> >> W3C
> >> Are there any other groups that folks on this list feel we might suggest
> >> be added?
> >> Also, from what Hannes said, it sounds like this is just a first foray
> >> by the IAB to build a more robust set of work focused on privacy issues.
> >> Cheers,
> >> Trent
> >> J. Trent Adams wrote:
> >>> All -
> >>> This IETF I-D was published a couple days ago and seems to be a
> >>> worthwhile endeavor to try and harmonize privacy-related terminology.
> >>> - Trent
> >>> -----
> >>> Terminology for Talking about Privacy by Data Minimization: Anonymity,
> >>> Unlinkability, Undetectability, Unobservability, Pseudonymity, and
> >>> Identity Management
> >>> Abstract
> >>> This document is an attempt to consolidate terminology in the field
> >>> privacy by data minimization. It motivates and develops definitions
> >>> for anonymity/identifiability, (un)linkability, (un)detectability,
> >>> (un)observability, pseudonymity, identity, partial identity, digital
> >>> identity and identity management. Starting the definitions from the
> >>> anonymity and unlinkability perspective and not from a definition of
> >>> identity (the latter is the obvious approach to some people) reveals
> >>> some deeper structures in this field.
> >>> http://datatracker.ietf.org/doc/draft-hansen-privacy-terminology/
> >>> -----
> J. Trent Adams
> Profile: http://www.mediaslate.org/jtrentadams/
> LinkedIN: http://www.linkedin.com/in/jtrentadams
> Twitter: http://twitter.com/jtrentadams
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
stollman.j at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-P3