ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 4d. Consent Framework - Protocols and Formats (was Re: [Asrg] SMTP level unsubscribe)

2003-08-13 16:56:35
from [Yakov Shafranovich] [Permanent Link] 
At 12:37 PM 8/13/2003, Andrew Akehurst wrote:


>>..........
>> I'm willing to volunteer to help draft such a standard, in line
>> with Section 2.6 of the Consent Framework. Who wants to help?
..........
> Can you be more specific as to what you wish to work on? Below is the
> relevant section from the consent framework document. Keep in mind that
> Eric Dean's CRI protocol for connecting C/R systems together is relevant
> to 2.5, item #2 (protocols for sharing consent tokens).
>
> Before defining a protocol to exchange consent information, we need to
> define how consent is expressed in machine-readable form. This requires
> taking care of all the the items in 2.6 before moving on to the
> protocols.

I'm interested in creating a machine-readable format for
expressing consent policy. Clearly this is a pre-requisite to
defining protocols, because a protocol needs to have some data
to exchange.

Starting from the consent framework document:

> 2.6. Formats.
>
> [Ed. We need to define:
> 1. Language and format for CONSENT AND SCOPE RULES
> 2. Format for CONSENT POLICIES.
> 3. Format for CONSENT TOKENS.
> ]

A few definitions to remind ourselves...

> CONSENT POLICY ¡ a set of CONSENT RULES and SCOPE rules for
>   a specific RECEIVER

> CONSENT TOKEN ¡ a piece of data that is used by the POLICY
>   ENFORCEMENT COMPONENT to grant or revoke CONSENT based on
>   the CONSENT POLICY

> SCOPE RULES ¡ rules defining how CONSENT POLICIES are shared

I see the requirements for such a format as being:

- it should be capable of being efficiently parsed by a machine.
  The grammar should not be ambiguous if possible

- it should be relatively easy for a human being to read.
  This will aid debugging of protocol design and also allow
  advanced users to write their own policy by hand

- it should be extensible, because new ways of detecting
  spam will arise in future, possible involving new types of
  rule or new consent token formats. This will allow some
  adaptation when spammers change their tactics

If anyone wishes to suggest additional requirements, please do.

Once we get the requirements agreed, I have a list of other
things I'd like to iron out, starting with some definitions
of scopes and policy enforcement decisions.
Take a look at the mailing list archive (gmane.org), there were a few articles with links to a bunch of XML formats that can be used as a basis or as an example for us. Also, I think basis this on XML should be a requirement as well.
Yakov 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  2. Spam Analysis - Economics (was Re: spammer economics; was: RE: [Asrg] hiring challenge responders), Yakov Shafranovich
Next by Date:  Re: [Asrg] 7. Best Practices - DNSBLs, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] 4d. Consent Framework - Protocols and Formats (was Re: [Asrg] SMTP level unsubscribe), Andrew Akehurst
Next by Thread:  Re: [Asrg] 4d. Consent Framework - Protocols and Formats (was Re: [Asrg] SMTP level unsubscribe), Pete McNeil
Indexes:  [Date] [Thread] [Top] [All Lists]