Hilarie,
agreed,
abbie
-----Original Message-----
From: The Purple Streak, Hilarie Orman
[mailto:ho(_at_)alum(_dot_)mit(_dot_)edu]
Sent: Tuesday, May 20, 2003 6:27 PM
To: rousskov(_at_)measurement-factory(_dot_)com
Cc: ietf-openproxy(_at_)imc(_dot_)org
Subject: Re: OCP and IAB considerations
Giving an example of an IAB concern that is not relevant to
OCP does not mean that there are no concerns relevant to OCP.
It had always been my expectation that OCP would carry
information about privacy requirements for data shared
between the OPES processor and the callout server, and that
the level of confidentiality would match the requirements.
And, to me, that further implied that OCP must have
mechanisms fine-grained enough to keep data separated and
protected at the appropriate level.
OCP MUST be able to protect any information about the user,
the user's preferences, history of user selections, times of
connection,
etc. It would be better to avoid having to carry this information at
all, if possible. Only the minimum information about the
mechanical protection should be carried. It had seemed to me
that we would avoid having the OPES processor give the userid
to the callout server, for example, if we could simply give
some minimal information about the OPES services needed on the data.
I think that if we try to duck the issue altogether we will
force people into greater information disclosure and greater
privacy risks than if we address the problem
straightforwardly as a protocol requirement.
Hilarie