ietf
[Top] [All Lists]

RE: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-10.txt> (WebFinger) to Proposed Standard

2013-03-21 21:08:58
Got it.  Thanks!  I'll make that change.

Paul

-----Original Message-----
From: Alissa Cooper [mailto:acooper(_at_)cdt(_dot_)org]
Sent: Thursday, March 21, 2013 9:45 AM
To: Paul E. Jones
Cc: ietf(_at_)ietf(_dot_)org; apps-discuss(_at_)ietf(_dot_)org; 
webfinger(_at_)ietf(_dot_)org
Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-
10.txt> (WebFinger) to Proposed Standard

I suggest adding the sentence without the word "implicitly." The result
would be:

"Further, WebFinger MUST NOT be used to provide any personal information
to any party unless explicitly authorized by the person whose
information is being shared. Publishing one's personal data within an
access-controlled or otherwise limited environment on the Internet does
not equate to providing authorization of further publication of that
data via WebFinger."

Thanks,
Alissa

On Mar 20, 2013, at 9:28 PM, Paul E. Jones <paulej(_at_)packetizer(_dot_)com> 
wrote:

Alissa,

It was suggested that we remove the word "implicit".  I'm OK with
removing it.  If we did that, would you want to add this new sentence
or a modified version of it?

Paul

-----Original Message-----
From: apps-discuss-bounces(_at_)ietf(_dot_)org [mailto:apps-discuss-
bounces(_at_)ietf(_dot_)org] On Behalf Of Alissa Cooper
Sent: Monday, March 18, 2013 11:31 AM
To: ietf(_at_)ietf(_dot_)org
Cc: apps-discuss(_at_)ietf(_dot_)org
Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-
10.txt> (WebFinger) to Proposed Standard

Given how little control Internet users already have over which
information about them appears in which context, I do not have a lot
of confidence that the claimed discoverability benefits of WebFinger
outweigh its potential to further degrade users' ability to keep
particular information about themselves within specific silos.
However, I'm coming quite late to this document, so perhaps that
balancing has already been discussed, and it strikes me as
unreasonable to try to stand in the way of publication at this point.

Two suggestions in section 8:

s/personal information/personal data/ (see
http://tools.ietf.org/html/draft-iab-privacy-considerations-
06#section-2.2 -- personal data is a more widely accepted term and
covers a larger range of information about people)

The normative prohibition against using WebFinger to publish personal
data without authorization is good, but the notion of implicit
authorization leaves much uncertainty about what I imagine will be a
use case of interest: taking information out of a controlled context
and making it more widely available. To make it obvious that this has
been considered, I would suggest adding one more sentence to the end
of the fourth paragraph:

"Publishing one's personal data within an access-controlled or
otherwise limited environment on the Internet does not equate to
providing implicit authorization of further publication of that data
via WebFinger."

Alissa

On Mar 4, 2013, at 3:24 PM, The IESG <iesg-secretary(_at_)ietf(_dot_)org> 
wrote:


The IESG has received a request from the Applications Area Working
Group WG (appsawg) to consider the following document:
- 'WebFinger'
<draft-ietf-appsawg-webfinger-10.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and
solicits final comments on this action. Please send substantive
comments to the ietf(_at_)ietf(_dot_)org mailing lists by 2013-03-18.
Exceptionally, comments may be sent to iesg(_at_)ietf(_dot_)org instead. 
In
either case, please retain the beginning of the Subject line to
allow automated sorting.

Abstract


 This specification defines the WebFinger protocol, which can be
used  to discover information about people or other entities on the
Internet using standard HTTP methods.  WebFinger discovers
information for a URI that might not be usable as a locator
otherwise, such as account or email URIs.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/ballot/


No IPR declarations have been submitted directly on this I-D.


_______________________________________________
apps-discuss mailing list
apps-discuss(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/apps-discuss



_______________________________________________
apps-discuss mailing list
apps-discuss(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/apps-discuss