At 8:25 AM -0400 7/25/02, Markus Hofmann wrote:
Hilarie Orman, Purple Streak Development wrote:
<snip>
privacy, security,
if machines are in the same admin domain, no change; would recommend
strongly that machines be restricted from communicating outside the
admin domain, but there's no way to enforce this
Hm, yup, agreed.
To the extent that the machines in the same administrative domain are
operated by the same corporate entity and are covered by the same
privacy policy, then perhaps chaining of callout servers would not
add to complexity. The end user would need to have access to Server
A's privacy policy and that policy would need to take full
responsibility for privacy-affecting actions of Server B, C, etc.
But if Servers B, C, etc. were operated by different entities, then
the end user would need to have access to the privacy policies of B,
C....
Ultimately I have no position on the chaining of callout servers so
long as the potential impacts on privacy, etc. can be addressed.
John Morris
--------------------------------------------------
John Morris // CDT // http://www.cdt.org/standards
--------------------------------------------------