More editing for the privacy text.
--- a/spec/tls-respec.html Wed Oct 16 18:52:17 2013 +0200
+++ b/spec/tls-respec.html Wed Oct 16 19:16:29 2013 +0200
@@ -970,14 +970,13 @@
<p>
During authentication, the <tref>Subject</tref> authenticating to a server must reveal one of his identies.
As a consequence, information that is associated with that identity, found at the <tref>WebID Profile</tref>, will be tied to behavioral information that can be gathered by the site he is logging into.
- Even though access to profile information can be restricted through access control policies (based on ontologies such as <a href="http://www.w3.org/wiki/WebAccessControl">Web Access Control</a>), by aggregating user data from multiple servers that exchange information about users, attackers could in theory be able to build a complete profile of a given user.
-</p>
-<p>
+ Access to profile information can be restricted through access control policies, based on ontologies such as <a href="http://www.w3.org/wiki/WebAccessControl">Web Access Control</a>.
+ However, by aggregating user data from multiple servers that exchange information about users, attackers could in theory be able to build a complete profile of a given user.
It is therefore important that the <tref>Subject</tref> understands the privacy policies of the site to which he authenticates in order to choose the appropriate identity to use for that site.
</p>
<p>
The development of a limited number of easy to understand and machine readable privacy policies, would greatly help users make informed decisions in this space.
- Further flexibility may be offered to the authenticating <tref>Subject</tref> as to adapt his privacy policies to a site, allowing the user to decide about the group of agents with whom he will share the information he generates.
+ Further flexibility may be offered to the authenticating <tref>Subject</tref> to adapt his privacy policies to a site, allowing the user to select the group of agents with whom he wishes to share the information he generates.
</p>
</section>
<section class="informative">
@@ -986,12 +985,12 @@
To avoid potential deadlock problems, where one server needs to authenticate into a second server that itself requires authentication, etc... , <tref>WebID Profile</tref>'s MUST be public.
It follows that WebID Authenticating servers MUST not authenticate when fetching a <tref>WebID Profile</tref>.
</p>
- <p>Even though a <tref>WebID Profile</tref> document MUST be publicly accessible, the <tref>WebID Profile</tref> can be split among multiple resources that are linked and protected by access control lists (as explained in the privacy section of the WebID specification [[!WebID]]), in order to provide limited access to private information. Information the user wishes to protect should be placed in those resources and <a href="http://www.w3.org/wiki/WebAccessControl">Access Controlled</a>.
+ <p>Even though a <tref>WebID Profile</tref> document MUST be publicly accessible, the <tref>WebID Profile</tref> can be split among multiple resources that are linked and protected by <a href="http://www.w3.org/wiki/WebAccessControl">access control rules</a> (as explained in the privacy section of the WebID specification [[!WebID]]), in order to provide limited access to sensitive information.
</p>
<p>
As a consequence of dereferencing the <tref>WebID Profile</tref> during authentication, identity providers such as the server hosting the profile document are able to track the IP addresses of incoming requests for the user's profile document, and potentially match them to a list of known servers and services.
- In other words, unless the user hosts her profile on a private server, the identity provider will be able to track the user across each server she authenticates to, building a detailed log of all the servers inquiring about the user's profile.
- For servers administered by another entity, a <tref>Subject</tref> should in any case act in such a way that she behaves in accordance with the requirements of the organization providing the identity.
+ In other words, unless the user hosts her profile on a server she owns and controls, the server owner will be able to track references to the user across the Web, and effectively use this pattern to build a picture of the user's actions on the Web.
+ WebID Profiles that are hosted on organizational servers should therefore be used by their owners with care and responsibility.
</p>
</section>
<section class="informative">