The next OCP release should have an IAB Considerations section. That
section is supposed to describe what IAB Considerations are relevant
to OCP and how OCP addresses those that are relevant. I propose the
following wording (inspired by Abbie Barbir's private contribution)
and am seeking early feedback.
9. IAB Considerations
OPES callout protocol is an internal and optional OPES feature. No
Internet Architecture Board (IAB) considerations [RFC3238] are
relevant to OCP.
For example, IAB consideration (5.1) Privacy says: "The overall OPES
framework must provide for mechanisms for end users to determine the
privacy policies of OPES intermediaries." The only OPES intermediary
known to OCP is an OPES processor, an OCP client. While OCP does deal
with privacy issues (see Section XXX Security Considerations), OCP
itself has no effect on privacy policies of OPES processors. OCP is
not designed for communication with end users. While OPES processors
are expected to reflect OCP privacy-specific concerns (e.g.,
encryption of OCP communications) in their privacy policies, OCP
itself is not relevant to this IAB Privacy consideration.
Does anybody disagree with the conclusion that no IAB considerations
apply directly to OCP? Should we provide more examples of
considerations that do NOT apply?