[WG-P3] I-D - Draft Hansen Privacy Terminology
susan.landau at privacyink.org
Thu Sep 9 07:59:46 EDT 2010
On 9/9/10 5:58 AM, j stollman wrote:
> I applaud efforts to standardize the terminology we use. This holds
> the potential of keeping us from talking in circles when we believe
> (incorrectly) that we are all talking about the same thing because we
> are using the same terms -- even though frequently, we are defining
> the terms differently.
> The draft document seeks to define terminology by first providing a
> context and then defining words in terms of that context. The problem
> that others are finding in this approach is that the context is not
> universal. In fact, the context (sending and receiving messages) is
> only a small part of the ecosystem for which we seek to establish
> identities and maintain some semblance of privacy.
I don't have a problem with that. The document, despite its length, is
not intended to be encyclopedic, and that's okay. What I do object to
is that the context it is describing is too limited to be useful (in
applied mathematics, this would be described as starting aa paper by
"Assume a spherical chicken" and then reasoning from there).
> This approach also demands that the reader review much of a lengthy
> document in order to find the definition of a particular term.
> A second problem I find with the current draft is that it is not
> ambitious enough. It seeks to define a handful of terms, but in the
> larger ecosystem I believe that there is need to define many more
> (e.g., relying party, identity provider, attribute).
Again, I disagree. The focus is on defining anonymity. If this did it
correctly --- and I think the omission of the "network effect" is a
fatal problem --- then a follow-up draft could do what you suggest.
There would a certain advantage to splitting the foundational work from
its application to different venues (e.g., federated identity).
> Of course, as work in this area continues, new terms will continuously
> crop up.
> Perhaps a better approach would be more of a dictionary model in which
> terms are listed alphabetically and definitions given for each. In
> cases where the definition changes because of the context, multiple
> definitions can be offered -- couching each within its specific
> context. It become easy to add new terms to the dictionary because it
> is, essentially, merely a list.
> To follow this dictionary approach, a good first step would be to
> create a list of terms to be defined and then craft definitions for
> them. Invariably, contributors will create multiple definitions for
> many terms. It then becomes necessary to determine whether this
> multiplicity of definitions emanates from a multiplicity of contexts,
> demanding more than one definition or if we can reconcile some of
> these definitions - creating a standard that facilitates more
> productive discussions.
> Your thoughts?
Robin's response re "aggregated glossary" seems like a good one.
However, it is well past what is being attempted here.
My objections to the document are on much narrower criteria than
Jeff's. I think the Hansen document is flawed because it is missing the
context of new abilities to deanonymize based on information not going
between sender and receiver. I am less concerned about the document
being encyclopedic; I am not sure such an approach would be viable
and/or useful (too quickly) outdated.
More information about the WG-P3