[WG-P3] I-D - Draft Hansen Privacy Terminology

Susan Landau susan.landau at privacyink.org
Thu Sep 9 07:59:46 EDT 2010


On 9/9/10 5:58 AM, j stollman wrote:
> I applaud efforts to standardize the terminology we use.  This holds 
> the potential of keeping us from talking in circles when we believe 
> (incorrectly) that we are all talking about the same thing because we 
> are using the same terms -- even though frequently, we are defining 
> the terms differently.
>
> The draft document seeks to define terminology by first providing a 
> context and then defining words in terms of that context.  The problem 
> that others are finding in this approach is that the context is not 
> universal.  In fact, the context (sending and receiving messages) is 
> only a small part of the ecosystem for which we seek to establish 
> identities and maintain some semblance of privacy.
I don't have a problem with that.  The document, despite its length, is 
not intended to be encyclopedic, and that's okay.  What I do object to 
is that the context it is describing is too limited to be useful (in 
applied mathematics, this would be described as starting aa paper by 
"Assume a spherical chicken" and then reasoning from there).
>
> This approach also demands that the reader review much of a lengthy 
> document in order to find the definition of a particular term.
>
> A second problem I find with the current draft is that it is not 
> ambitious enough.  It seeks to define a handful of terms, but in the 
> larger ecosystem I believe that there is need to define many more 
> (e.g., relying party, identity provider, attribute). 
Again, I disagree.  The focus is on defining anonymity.  If this did it 
correctly --- and I think the omission of the "network effect" is a 
fatal problem --- then a follow-up draft could do what you suggest.  
There would a certain advantage to splitting the foundational work from 
its application to different venues (e.g., federated identity).
> Of course, as work in this area continues, new terms will continuously 
> crop up.
>
> Perhaps a better approach would be more of a dictionary model in which 
> terms are listed alphabetically and definitions given for each.  In 
> cases where the definition changes because of the context, multiple 
> definitions can be offered -- couching each within its specific 
> context.  It become easy to add new terms to the dictionary because it 
> is, essentially, merely a list.
>
> To follow this dictionary approach, a good first step would be to 
> create a list of terms to be defined and then craft definitions for 
> them.  Invariably, contributors will create multiple definitions for 
> many terms.  It then becomes necessary to determine whether this 
> multiplicity of definitions emanates from a multiplicity of contexts, 
> demanding more than one definition or if we can reconcile some of 
> these definitions - creating a standard that facilitates more 
> productive discussions.
>
> Your thoughts?
Robin's response re "aggregated glossary" seems like a good one.  
However, it is well past what is being attempted here.

My objections to the document are on much narrower criteria than 
Jeff's.  I think the Hansen document is flawed because it is missing the 
context of new abilities to deanonymize based on information not going 
between sender and receiver.  I am less concerned about the document 
being encyclopedic; I am not sure such an approach would be viable 
and/or useful (too quickly) outdated.

Susan


More information about the WG-P3 mailing list