>> [Page 5] Section 5, "..access to personally identifying information..", do >> you mean "..access to identifiable personal information" ? > > Looking at draft-iab-privacy-considerations, I think "personal data" might > be best.
Maybe. But "PII" is a term of art, and it means something different to (and more specific than) "personal data". I'm not sure whether the change is the right answer in the full context of the paragraph: Protocols that make use of 'acct' URIs are responsible for defining security considerations related to such usage, e.g., the risks involved in dereferencing an 'acct' URI and the authentication and authorization methods that could be used to control access to personally identifying information associated with a user's account at a service. I suppose, as I mull it over, that changing to "personal data" probably *is* right. But people should speak up if they think otherwise. Barry _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
