[Wg-uma] Info on Privacy Constraints specs

Eve Maler eve at xmlgrrl.com
Thu Aug 6 22:32:28 PDT 2009


Here is a compendium of info on the Privacy Constraints specs produced  
by Liberty.  The two relevant specs are:

Liberty IGF Privacy Constraints
http://www.projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf

CARML Profile of Liberty IGF Privacy Constraints
http://www.projectliberty.org/liberty/content/download/4327/28933/file/draft-liberty-igf-carml-profile-privcon-v1.0-02.pdf

As I described them in email to the Liberty predecessor of Iain's  
Kantara UDVPI group:

"These two documents are actually rather short and simple.  Here's a  
summary of the Privacy Constraints spec, which folks here may find  
helpful enough to make them want to crack open the specs and take a  
quick look!

A code example taken from the spec's intro, to give a feel for its  
specialty:

<wsp:Policy>
   <wsp:All>
     <pri:PurposeConstraint
       Issuer="urn:liberty:names:1.0:igf:pri:entity:user"
       ref="urn:mycorp:2007:marketing" />
     <pri:PropagateConstraint
       Issuer="urn:liberty:names:1.0:igf:pri:entity:user"
       ref="urn:liberty:names:1.0:igf:pri:propagate:requestor" />
     <pri:RetentionConstraint
       Issuer="urn:liberty:names:1.0:igf:pri:entity:user"
       ref="urn:liberty:names:1.0:igf:pri:retention:transient"
       <pri:LifetimeConstraint>
         <pri:Minutes>59</pri:Minutes>
         <pri:Hours>23</pri:Hours>
       </pri:LifetimeConstraint>
     </pri:RetentionConstraint>
   <wsp:All>
</wsp:Policy>

A summary of the privacy constraint "axes" you can set with this spec:

- The issuer of the policy assertion

- A "purpose" constraint: "the usage context in which data is sought  
or the context in which data is being provided" (default: purpose to  
be determined from context)

- A "propagate" constraint: "constraints on the services or end-points  
to which the data may be propagated or forwarded" (default: may not be  
propagated)

- A "retention" constraint: "whether the data value can be retained by  
the requestor, in memory or otherwise, and, optionally the time period  
for which it can be retained" (no default, but five options: no  
caching, cachable but not persisted, persistable, encrypted and  
persisted, non-loggable)

- A "lifetime" constraint: "the time period for which data MAY be  
retained for active use by the requestor" (no default; they should  
probably add one)

- A "data loss or breach" constraint: "the entities (e.g. business or  
government authority, the user, etc) to be informed if the data is  
lost or compromised" (no default, but two nonexclusive options: report  
to end-user,
report to original source)

- A "contract or legal" constraint: "contractual or legal context  
governing the sharing of identity attributes" (default: contract to be  
determined from context)

- A "data mask" constraint: "components of string data which should be  
masked when data is displayed or logged" (no default)

The CARML profile of Privacy Constraints adds a bit more container  
metadata to allow the constraints to be used somehow (??) in a CARML- 
enabled system.

I'm quite interested in figuring out what the right handful of axes  
should be for an individual's expression of their privacy desires.  I  
don't know if this spec is it, but it gives a useful starting point  
for argumentation."

	Eve

Eve Maler
eve at xmlgrrl.com
http://www.xmlgrrl.com/blog



More information about the Wg-uma mailing list