[
Lists Home |
Date Index |
Thread Index
]
- From: David Brownell <david-b@pacbell.net>
- To: Marc.McDonald@Design-Intelligence.com
- Date: Mon, 21 Jun 1999 16:47:35 -0700
Marc.McDonald@Design-Intelligence.com wrote:
>
> When sensitive data needs to be hidden I would send it out
> subsetted in the xml:
> <name>joe</name>
> <phone>555-12345</phone>
When classifying information, there's an interesting category
of "sensitive but not classified" information, which is often
more useful in aggregate than in individual cases. Schedules
for transport could disclose military operations-to-be when
many are analysed together; one alone is innocuous.
Phone numbers are a great example of such "sensitive" data,
particularly when linked with caller ID services that most
phone companies are pushing. (Less successfully in Calfirnia
than in most states, I'm pleased to report!)
Example: Hmm, why is Karen calling from Joe's place again?
Could be those rumors are correct! I'll tell ... <XYZ> !!
The web makes it easy to do such aggregations. Correlations
against "Joe" will have lots of noise; against "Joe" and that
phone number, a lot less. How is Joe going to be able to
defend himself? Partly by not disclosing information in
aggregatable form ... removing the labeling and content,
pre-rendering it (HTML, FO, PDF, GIF, etc), and so on. Partly
by insisting that others not disclose such information either.
That means controlling the information accessible through the
"semantic web" ... if XSL is a tool that becomes effective at
controlling information spread, more power to it! (Both XSL-T
and XSL-FO.) And that's true of almost any information that's
important enough to share -- it can be important enough to merit
protection, too.
> As to the privacy argument (too easy to get information about
> other folk...):
>
> I agree, but having the information out there but hard to parse
> doesn't really solve the problem. It just lets those with more
> expertise, money, power define a first class which gets the
> information and a second class that doesn't.
Which is always the case. The issue is how to keep the bar
high enough to have some balance; security and privacy are never
absolute, though lack of them can become absolute.
You assumed the context of an intranet, so the threat was less
because access was restricted ... that's not particularly a good
assumption, since most crime is "insider" crime, by folk who
know the victim(s). True not just in the corporate world, but
elsewhere.
- Dave
xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo@ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo@ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa@ic.ac.uk)
|
