Got it. Thanks! I'll make that change. Paul > -----Original Message----- > From: Alissa Cooper [mailto:acooper@xxxxxxx] > Sent: Thursday, March 21, 2013 9:45 AM > To: Paul E. Jones > Cc: ietf@xxxxxxxx; apps-discuss@xxxxxxxx; webfinger@xxxxxxxx > Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger- > 10.txt> (WebFinger) to Proposed Standard > > I suggest adding the sentence without the word "implicitly." The result > would be: > > "Further, WebFinger MUST NOT be used to provide any personal information > to any party unless explicitly authorized by the person whose > information is being shared. Publishing one's personal data within an > access-controlled or otherwise limited environment on the Internet does > not equate to providing authorization of further publication of that > data via WebFinger." > > Thanks, > Alissa > > On Mar 20, 2013, at 9:28 PM, Paul E. Jones <paulej@xxxxxxxxxxxxxx> wrote: > > > Alissa, > > > > It was suggested that we remove the word "implicit". I'm OK with > > removing it. If we did that, would you want to add this new sentence > > or a modified version of it? > > > > Paul > > > >> -----Original Message----- > >> From: apps-discuss-bounces@xxxxxxxx [mailto:apps-discuss- > >> bounces@xxxxxxxx] On Behalf Of Alissa Cooper > >> Sent: Monday, March 18, 2013 11:31 AM > >> To: ietf@xxxxxxxx > >> Cc: apps-discuss@xxxxxxxx > >> Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger- > >> 10.txt> (WebFinger) to Proposed Standard > >> > >> Given how little control Internet users already have over which > >> information about them appears in which context, I do not have a lot > >> of confidence that the claimed discoverability benefits of WebFinger > >> outweigh its potential to further degrade users' ability to keep > >> particular information about themselves within specific silos. > >> However, I'm coming quite late to this document, so perhaps that > >> balancing has already been discussed, and it strikes me as > >> unreasonable to try to stand in the way of publication at this point. > >> > >> Two suggestions in section 8: > >> > >> s/personal information/personal data/ (see > >> http://tools.ietf.org/html/draft-iab-privacy-considerations- > >> 06#section-2.2 -- personal data is a more widely accepted term and > >> covers a larger range of information about people) > >> > >> The normative prohibition against using WebFinger to publish personal > >> data without authorization is good, but the notion of implicit > >> authorization leaves much uncertainty about what I imagine will be a > >> use case of interest: taking information out of a controlled context > >> and making it more widely available. To make it obvious that this has > >> been considered, I would suggest adding one more sentence to the end > >> of the fourth paragraph: > >> > >> "Publishing one's personal data within an access-controlled or > >> otherwise limited environment on the Internet does not equate to > >> providing implicit authorization of further publication of that data > >> via WebFinger." > >> > >> Alissa > >> > >> On Mar 4, 2013, at 3:24 PM, The IESG <iesg-secretary@xxxxxxxx> wrote: > >> > >>> > >>> The IESG has received a request from the Applications Area Working > >>> Group WG (appsawg) to consider the following document: > >>> - 'WebFinger' > >>> <draft-ietf-appsawg-webfinger-10.txt> as Proposed Standard > >>> > >>> The IESG plans to make a decision in the next few weeks, and > >>> solicits final comments on this action. Please send substantive > >>> comments to the ietf@xxxxxxxx mailing lists by 2013-03-18. > >>> Exceptionally, comments may be sent to iesg@xxxxxxxx instead. In > >>> either case, please retain the beginning of the Subject line to > allow automated sorting. > >>> > >>> Abstract > >>> > >>> > >>> This specification defines the WebFinger protocol, which can be > >>> used to discover information about people or other entities on the > >>> Internet using standard HTTP methods. WebFinger discovers > >>> information for a URI that might not be usable as a locator > >>> otherwise, such as account or email URIs. > >>> > >>> > >>> > >>> > >>> The file can be obtained via > >>> http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/ > >>> > >>> IESG discussion can be tracked via > >>> http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/ballot/ > >>> > >>> > >>> No IPR declarations have been submitted directly on this I-D. > >>> > >>> > >>> _______________________________________________ > >>> apps-discuss mailing list > >>> apps-discuss@xxxxxxxx > >>> https://www.ietf.org/mailman/listinfo/apps-discuss > >>> > >> > >> > >> _______________________________________________ > >> apps-discuss mailing list > >> apps-discuss@xxxxxxxx > >> https://www.ietf.org/mailman/listinfo/apps-discuss > > > > >