[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] 4d. Consent Framework - Protocols and Formats - XML Based

To: Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>, madscientist@microneil.com
Subject: RE: [Asrg] 4d. Consent Framework - Protocols and Formats - XML Based
From: Yakov Shafranovich <research@solidmatrix.com>
Date: Fri, 22 Aug 2003 00:48:11 -0400
Cc: asrg@ietf.org
In-reply-to: <1061408285.3f43ce1d4269a@student-webmail.lboro.ac.uk>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Sender: asrg-admin@ietf.org

At 03:38 PM 8/20/2003, Andrew Akehurst wrote:

Quoting Yakov Shafranovich <research@solidmatrix.com>:

> At 04:31 PM 8/15/2003, Pete (Madscientist) wrote:

>> I have started a web site for the development of an XML based CPDL
>> (Consent Policy Description Language).
>> ... 8< ...
>>
>> http://www.sortmonster.com/ASRG/

> Any particular reason why the implementation specific details are
> included within the same XML files? Consent policies will need to
> be implementation-independent and it might be a good idea to split
> them up into two XML files. This is similar to the way the J2EE
> platform handles deployment - two XML files are provided, one
> vendor and implementation neutral, and the second implementation-
> specific.
.........

What I would suggest is that certain tests and policy actions should
be regarded as being fundamental primitives which all CPDL conformant
consent-based systems must support. These would probably include
basic tests like "header X matches expression Y" and essential policy
actions such as "allow delivery" and "silently discard
message".

Then such primitive tests and actions would not need to be defined
in terms of additional scripting languages: any conforming MUA or
MTA could implement them in whatever specific way suits its own
low-level implementation details. (And indeed MUST implement them in
order to comply with the standard.)

Then you can concentrate on defining additional tests and actions
via some external mechanism, either in terms of the primitives or
by using some additional libraries.
...........

One thing that could be done here is to create an IANA registry for maintaning the basic primitives in order not to publish another RFC.

YS> Also, do we need to include the identification of the person or
YS> system that the policy applies to?

Why might this be useful? In principle I don't object unless
people are forced to include such details (because then there are
privacy issues involved).

If anyone wants to include such details then maybe they should be
able to. However I can't think why anyone would want to. Do you
have an example?

o A user who needs to merge his policy with the ISP's. It would be useful to include the identification of the ISP in the policy.
o Two parties exchanging consent tokens and policies. ID is needed.

Yakov

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- RE: [Asrg] 4. Consent Framework - General
  - From: Christopher Bird

References:
- RE: [Asrg] 4d. Consent Framework - Protocols and Formats - XML Based
  - From: Andrew Akehurst

Prev by Date: RE: [Asrg] 4d. Consent Framework - Protocols and Formats
Next by Date: Re: [Asrg] 2.a.1 Analysis of Actual Spam Data - next steps
Previous by thread: RE: [Asrg] 4d. Consent Framework - Protocols and Formats - XML Based
Next by thread: RE: [Asrg] 4. Consent Framework - General
Index(es):
- Date
- Thread