[WG-P3] I-D - Draft Hansen Privacy Terminology

Robin Wilton racingsnake at fastmail.fm
Thu Sep 9 07:13:42 EDT 2010


The best solution I have seen so far to this problem is a kind of
"aggregated glossary": rather than seek to reconcile the
different definitions of a given term and produce a definitive
(sic) version, it produced a table which showed the term, the
various different definitions, some context information and the
source of each definition.

It's a compromise... but without a compromise of some form, there
is no prospect of a devinitive version - it's just a question of
which compromise you decide to go for, and how to reflect it in
your output document.

HTH
R



On Thu, 09 Sep 2010 05:58 -0400, "j stollman"
<stollman.j at gmail.com> wrote:

  I applaud efforts to standardize the terminology we use.  This
  holds the potential of keeping us from talking in circles when
  we believe (incorrectly) that we are all talking about the
  same thing because we are using the same terms -- even though
  frequently, we are defining the terms differently.
  The draft document seeks to define terminology by first
  providing a context and then defining words in terms of that
  context.  The problem that others are finding in this approach
  is that the context is not universal.  In fact, the context
  (sending and receiving messages) is only a small part of the
  ecosystem for which we seek to establish identities and
  maintain some semblance of privacy.
  This approach also demands that the reader review much of a
  lengthy document in order to find the definition of a
  particular term.
  A second problem I find with the current draft is that it is
  not ambitious enough.  It seeks to define a handful of terms,
  but in the larger ecosystem I believe that there is need to
  define many more (e.g., relying party, identity provider,
  attribute).  Of course, as work in this area continues, new
  terms will continuously crop up.
  Perhaps a better approach would be more of a dictionary model
  in which terms are listed alphabetically and definitions given
  for each.  In cases where the definition changes because of
  the context, multiple definitions can be offered -- couching
  each within its specific context.  It become easy to add new
  terms to the dictionary because it is, essentially, merely a
  list.
  To follow this dictionary approach, a good first step would be
  to create a list of terms to be defined and then craft
  definitions for them.  Invariably, contributors will create
  multiple definitions for many terms.  It then becomes
  necessary to determine whether this multiplicity of
  definitions emanates from a multiplicity of contexts,
  demanding more than one definition or if we can reconcile some
  of these definitions - creating a standard that facilitates
  more productive discussions.
  Your thoughts?
  Jeff

On Thu, Aug 12, 2010 at 1:08 PM, J. Trent Adams
<[1]jtrentadams at gmail.com> wrote:

  All -
  On today's P3WG call we discussed that Hannes et al. are
  beginning to
  solicit input to their Privacy Terminology I-D:
  [2]http://www.ietf.org/internet-drafts/draft-hansen-privacy-te
  rminology-01.txt
  They're also planning to hold a meeting (somewhere in the
  world TBD) in
  early December.  I'm assuming that they'd like feedback prior
  to that so
  a second draft can be worked and distributed in advance.
  On the call today there seemed to be support for P3WG Members
  to
  contribute responses (in response to this thread) over the
  next two
  weeks.  Then, during the next scheduled call, we can discuss
  if we
  believe we're ready to distill the comments into a reasonable
  response
  (or extend the discussion period, or decide to drop out).
  Assuming that's reasonable, I suggest everyone read the I-D,
  and reply
  with their comments.
  /action-item,
  Trent
  > On Fri, 2010-07-09 at 09:09 -0600, J. Trent Adams wrote:
  >
  >> All -
  >>
  >> As a follow-up, I talked to Hannes Tschofenig (one of the
  authors) about
  >> where they're headed with the work.  They're very
  interested in
  >> receiving feedback on the document from multiple parties.
  >>
  >> They've come up with a short list of groups they're
  targeting, and P3WG
  >> is a group they'd like to participate in the conversation.
   Assuming
  >> this group believes it's valuable, we're in a good position
  to provide
  >> valuable input.
  >>
  >> Some of the public discussion lists being solicited for
  participation are:
  >>
  >> IETF SAAG
  >> IETF Security Area Directorate
  >> GEOPRIV Mailing List
  >> IETF Mailing List
  >>
  >> They're also targeting specific contributors within various
  >> organizations such as:
  >>
  >> MIT Communications Futures Program - Privacy and Security
  Group
  >> Harvard
  >> CDT
  >> Berkman Center
  >> Berkeley
  >> International Working Group on Data Protection in
  Telecommunications
  >> W3C
  >>
  >> Are there any other groups that folks on this list feel we
  might suggest
  >> be added?
  >>
  >> Also, from what Hannes said, it sounds like this is just a
  first foray
  >> by the IAB to build a more robust set of work focused on
  privacy issues.
  >>
  >> Cheers,
  >> Trent
  >>
  >>
  >> J. Trent Adams wrote:
  >>
  >>> All -
  >>>
  >>> This IETF I-D was published a couple days ago and seems to
  be a
  >>> worthwhile endeavor to try and harmonize privacy-related
  terminology.
  >>>
  >>> - Trent
  >>>
  >>> -----
  >>>
  >>> Terminology for Talking about Privacy by Data
  Minimization: Anonymity,
  >>>    Unlinkability, Undetectability, Unobservability,
  Pseudonymity, and
  >>>                           Identity Management
  >>>
  >>> Abstract
  >>>
  >>>    This document is an attempt to consolidate terminology
  in the field
  >>>    privacy by data minimization.  It motivates and
  develops definitions
  >>>    for anonymity/identifiability, (un)linkability,
  (un)detectability,
  >>>    (un)observability, pseudonymity, identity, partial
  identity, digital
  >>>    identity and identity management.  Starting the
  definitions from the
  >>>    anonymity and unlinkability perspective and not from a
  definition of
  >>>    identity (the latter is the obvious approach to some
  people) reveals
  >>>    some deeper structures in this field.
  >>>
  >>>
  [3]http://datatracker.ietf.org/doc/draft-hansen-privacy-termin
  ology/
  >>>
  >>> -----
  >>>
  >>>
  >>>
  --
  J. Trent Adams
  =jtrentadams
  Profile: [4]http://www.mediaslate.org/jtrentadams/
  LinkedIN: [5]http://www.linkedin.com/in/jtrentadams
  Twitter: [6]http://twitter.com/jtrentadams
  _______________________________________________
  WG-P3 mailing list
  [7]WG-P3 at kantarainitiative.org
  [8]http://kantarainitiative.org/mailman/listinfo/wg-p3

  --
  Jeff Stollman
  [9]stollman.j at gmail.com
  1 202.683.8699
_______________________________________________
WG-P3 mailing list
WG-P3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3

References

1. mailto:jtrentadams at gmail.com
2. http://www.ietf.org/internet-drafts/draft-hansen-privacy-terminology-01.txt
3. http://datatracker.ietf.org/doc/draft-hansen-privacy-terminology/
4. http://www.mediaslate.org/jtrentadams/
5. http://www.linkedin.com/in/jtrentadams
6. http://twitter.com/jtrentadams
7. mailto:WG-P3 at kantarainitiative.org
8. http://kantarainitiative.org/mailman/listinfo/wg-p3
9. mailto:stollman.j at gmail.com
Robin Wilton

+44 (0)705 005 2931

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20100909/16752a2e/attachment-0001.html 


More information about the WG-P3 mailing list