RE: OPES charter proposal again.

[Ian Cooper <icooper at equinix.com>]

At 21:43 7/4/2001 -0700, Tomlinson, Gary wrote:

> On Wednesday, July 04, 2001 @5:06 PM Michael W. Condry wrote:
> >out of interest, did any other groups need to have
> >these restrictions?
> >At 11:03 PM 7/3/2001 -0700, James P. Salsman wrote:
> >>I hope that the latest attempt at the OPES charter is resoundingly
> >>rejected by the IESG.
> >>
> >>If it is not, though, I would suggest these three special requirements
> >>for an OPES working group:
>
> This is a most unusual request.  In fact, I have no idea where you are
> coming from.
>
> >>
> >>1. The Security Considerations section could be required to be placed
> >>at the front of all OPES drafts, following the legend, "This OPES
> >>working group publication is required to have a Security Considerations
> >>section that meets certain requirements [cite BCP].  Readers are
> >>encouraged to confirm for themselves that the Security Considerations
> >>section requirements have been met."
> >>
>
> And why would this be?  It is recognized by OPES that security is a
> fundamental issue to be addressed.  Please read the current charter.

In that case the documents should self-reference the group's own security 
considerations document at the start of other work, to ensure (so far as 
possible) that folks are aware of the issues surrounding any protocols and 
deployment of the systems.

> >>2. Another section, "Ethics Considerations," could follow immediatly
> >>thereafter, and explore the ethical implications of the technology
> >>being described, in terms of privacy, disclosure and other terms of
> >>service requirments, and impacts upon common carrier feasability.
> >>
>
> OPES services MUST be authorized by the party they are being provided
> for.  How can this not be ethical?

I think the key in James's point there is "disclosure".

Remember, once an OPES device is present in the network it's all too easy 
for the network operator to install a new service and flick the "yeah, 
yeah, all my users agreed to let me do this" switches.

> >>3. A third section, "Legal Considerations," could survey and cite the
> >>laws that could be inadvertently violated by careless implementation
> >>or use of the technology described, such as the U.S.'s Electronics
> >>Communications Privacy Act.
> >>
>
> This one is even more puzzling.  OPES services acting in behalf of clients
> MUST be authorized by them.  Such a OPES service may in fact improve privacy
>
> from those over aggressive cookie trackers.

Bad choice of example perhaps - a clueful end user can easily disable use 
of cookies at all or select sites.  I may prefer to keep my state with me, 
rather than letting my network provider hold it for me.  (And of course, 
taking my state with me lets me change network providers without having to 
get that state transferred to the new network provider...)

Anyhow, with respect to legal considerations and authorization - even if an 
end user has said that an intermediary system can change the format of a 
page I think you'd still be in a slightly awkward position wrt. copyright - 
especially if you stored that transcoding for use by others.

> >>Cheers,
> >>James
> >
> >Michael W. Condry
> >Director,  Network Edge Technology
>
> An area many seem to forget about in these diatribes is the Enterprise
> (intranets).  These are wholly contained within an Administrative Domain
> which
> renders most if not all the issues raised above irrelevant.

I'm not so sure.  From memory the use cases that have been provided would 
seem to be nonexistent in a closed environment.  Where an enterprise 
network meets the Internet there may be some uses - but that then gets back 
to the issues of ethics and law.  Sure, it's the enterprise's network.  But 
in some territories they're only allowed to snoop things so far.  Heck, 
with the right configuration an enterprise could certainly make things very 
interesting for employees making used of web-based email systems in the office.