I suggest adding the sentence without the word "implicitly." The result would
be:
"Further, WebFinger MUST NOT be used to provide any personal information to any
party unless explicitly authorized by the person whose information is being
shared. Publishing one's personal data within an access-controlled or otherwise
limited environment on the Internet does not equate to providing authorization
of further publication of that data via WebFinger."
Thanks,
Alissa
On Mar 20, 2013, at 9:28 PM, Paul E. Jones <paulej(_at_)packetizer(_dot_)com>
wrote:
Alissa,
It was suggested that we remove the word "implicit". I'm OK with removing
it. If we did that, would you want to add this new sentence or a modified
version of it?
Paul
-----Original Message-----
From: apps-discuss-bounces(_at_)ietf(_dot_)org [mailto:apps-discuss-
bounces(_at_)ietf(_dot_)org] On Behalf Of Alissa Cooper
Sent: Monday, March 18, 2013 11:31 AM
To: ietf(_at_)ietf(_dot_)org
Cc: apps-discuss(_at_)ietf(_dot_)org
Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-
10.txt> (WebFinger) to Proposed Standard
Given how little control Internet users already have over which
information about them appears in which context, I do not have a lot of
confidence that the claimed discoverability benefits of WebFinger
outweigh its potential to further degrade users' ability to keep
particular information about themselves within specific silos. However,
I'm coming quite late to this document, so perhaps that balancing has
already been discussed, and it strikes me as unreasonable to try to
stand in the way of publication at this point.
Two suggestions in section 8:
s/personal information/personal data/
(see http://tools.ietf.org/html/draft-iab-privacy-considerations-
06#section-2.2 -- personal data is a more widely accepted term and
covers a larger range of information about people)
The normative prohibition against using WebFinger to publish personal
data without authorization is good, but the notion of implicit
authorization leaves much uncertainty about what I imagine will be a use
case of interest: taking information out of a controlled context and
making it more widely available. To make it obvious that this has been
considered, I would suggest adding one more sentence to the end of the
fourth paragraph:
"Publishing one's personal data within an access-controlled or otherwise
limited environment on the Internet does not equate to providing
implicit authorization of further publication of that data via
WebFinger."
Alissa
On Mar 4, 2013, at 3:24 PM, The IESG <iesg-secretary(_at_)ietf(_dot_)org>
wrote:
The IESG has received a request from the Applications Area Working
Group WG (appsawg) to consider the following document:
- 'WebFinger'
<draft-ietf-appsawg-webfinger-10.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2013-03-18. Exceptionally,
comments may
be sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain
the
beginning of the Subject line to allow automated sorting.
Abstract
This specification defines the WebFinger protocol, which can be used
to discover information about people or other entities on the
Internet using standard HTTP methods. WebFinger discovers
information for a URI that might not be usable as a locator
otherwise, such as account or email URIs.
The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/
IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/ballot/
No IPR declarations have been submitted directly on this I-D.
_______________________________________________
apps-discuss mailing list
apps-discuss(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/apps-discuss
_______________________________________________
apps-discuss mailing list
apps-discuss(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/apps-discuss