ietf-openproxy
[Top] [All Lists]

Content Provider Notification

2002-06-04 10:41:19

Hi,

in a previous email exchange on this list concerning the IAB consideration (3.1) about notification to content providers, I somewhere typed the following:

>> (3.1) Notification: The overall OPES framework needs to assist
>> content providers in detecting and responding to client-centric
>> actions by OPES intermediaries that are deemed inappropriate by
>> the content provider.
>
> Section 2.6 of the draft should extend to include some form of
> notification of the OPES action to the originating party *when
> requested* by the originating party. Implicit notification
> mechanisms would not scale, but a content provider should be able
> to explicitly request notification in some form.

In discussing this issue with others, the question arised whether the capability of requesting such notification might eventually violate the privacy of a content consumer/client, since it would allow a CONTENT PROVIDER to find out about CLIENT-CENTRIC actions.

Such notification might eventually reveal private information the client does not necessarily want to share with a content provider, for example the client's prefered language (revealed by a language translation service). Or what about a scenario in which the client browses the Web through an anonymizing proxy, but the client-centric service is provided on an OPES box sitting between the client and the anonymizing proxy? Normally, the content provider would only see the IP address of the anonymizing proxy, but with requested OPES notifiactions he/she would eventually find out about the OPES box sitting close to the client, thus eventually allowing him/her to figure out the client's ISP and such like. Other scenarios are thinkable.

Any thoughts on that? How should this be adressed? Does this rule out direct notification of CLIENT-CENTRIC actions to the CONTENT-PROVIDER, or would the benefits of such notifications outweight the privacy concerns? Might indirect notification by the client (based on OPES tracing information) be acceptable, i.e. bringing the client back into the notifiaction loop? Does the client have a right to veto direct notification?

-Markus


<Prev in Thread] Current Thread [Next in Thread>