[Wg-uma] Info on Privacy Constraints specs

Eve Maler eve at xmlgrrl.com
Thu Aug 6 22:32:28 PDT 2009

Here is a compendium of info on the Privacy Constraints specs produced  
by Liberty.  The two relevant specs are:

Liberty IGF Privacy Constraints

CARML Profile of Liberty IGF Privacy Constraints

As I described them in email to the Liberty predecessor of Iain's  
Kantara UDVPI group:

"These two documents are actually rather short and simple.  Here's a  
summary of the Privacy Constraints spec, which folks here may find  
helpful enough to make them want to crack open the specs and take a  
quick look!

A code example taken from the spec's intro, to give a feel for its  

       ref="urn:mycorp:2007:marketing" />
       ref="urn:liberty:names:1.0:igf:pri:propagate:requestor" />

A summary of the privacy constraint "axes" you can set with this spec:

- The issuer of the policy assertion

- A "purpose" constraint: "the usage context in which data is sought  
or the context in which data is being provided" (default: purpose to  
be determined from context)

- A "propagate" constraint: "constraints on the services or end-points  
to which the data may be propagated or forwarded" (default: may not be  

- A "retention" constraint: "whether the data value can be retained by  
the requestor, in memory or otherwise, and, optionally the time period  
for which it can be retained" (no default, but five options: no  
caching, cachable but not persisted, persistable, encrypted and  
persisted, non-loggable)

- A "lifetime" constraint: "the time period for which data MAY be  
retained for active use by the requestor" (no default; they should  
probably add one)

- A "data loss or breach" constraint: "the entities (e.g. business or  
government authority, the user, etc) to be informed if the data is  
lost or compromised" (no default, but two nonexclusive options: report  
to end-user,
report to original source)

- A "contract or legal" constraint: "contractual or legal context  
governing the sharing of identity attributes" (default: contract to be  
determined from context)

- A "data mask" constraint: "components of string data which should be  
masked when data is displayed or logged" (no default)

The CARML profile of Privacy Constraints adds a bit more container  
metadata to allow the constraints to be used somehow (??) in a CARML- 
enabled system.

I'm quite interested in figuring out what the right handful of axes  
should be for an individual's expression of their privacy desires.  I  
don't know if this spec is it, but it gives a useful starting point  
for argumentation."


Eve Maler
eve at xmlgrrl.com

More information about the Wg-uma mailing list