The legal
track at XML Europe 2001, chaired by Cecilia Magnusson Sjöberg, raised worrying
issues about the legal implications of distributed services relative to privacy
protection, information duties, and liability issues.
Reading a presentation
written by Nicklas Lundblad, Cecilia Magnusson Sjöberg explained the contradiction
between XML's enabling of modular and distributed services and the concept of
trust that usually requires predefined contexts.
Referring
to European directives, she mentioned three areas where problems of potentially
significant issues for distributed services such as those involved in Web
Services architectures:
- Privacy protection (EC/95/46): how
can we guarantee that private information will be handled in conformance
with our requirements not only by a portal site but also by all the other providers
involved in a transaction?
- Information duties (EC/2000/31):
consumers need to be clearly informed of suppliers' identities and status;
how can this detailed information be conveyed for multiple suppliers
involved in a distributed transaction?
- Liability: who will be liable
for a failure in one of the branches of a distributed transaction?
During the
panel session that followed this presentation, Joseph Reagle suggested that P3P could be used for Web Services as an
answer to privacy protection, adding that although the European Commission had
issued criticisms against P3P, he was personally confident that P3P could be
used under both the US and European legal systems.
Another
area where technical and legal perspectives are not fully in accord is XML Signature, a
technical specification that keeps the meaning of the signature out of its
scope while this meaning is critical for the users of applications using the
specification.
Other
stories: