CS Is More Than Just Technology

W3C's Public Policy Mission

...Since the Web is global, its technology must support a wide range of policy options that encourage all cultures to use the Web. ...[T]he W3C must be aware of and apply an understanding of public policy. ...[The Web's] architecture must allow local policies to co-exist without cultural fragmentation or domination. In addition, W3C can provide feedback to policy makers regarding: what is technically possible; how effectively the technology can meet policy requirements; and possible unintended consequences of proposed policies.

Trust, Not Just Security

Do you trust your bank?
Do you know where your money is?
Do you really care?

Elements of Trust

Establishing Trust

What is said
Who says it
Rules for deciding

Core Technologies for Trust

Metadata (PICS, RDF)
Digital Signatures (DSig)
Profiles (PICSRules)
Negotiation (PEP, HTTP-NG)

PICS: The Platform for Internet Content Selection

See the PICS Statement of Principles and the PICS home page (http://www.w3.org/PICS).

PICS is a cross-industry working group whose goal is to facilitate the development of technologies to give users of interactive media,such as the Internet, control over the kinds of material to which they and their children have access. PICS members believe that individuals, groups and businesses should have easy access to the widest possible range of content selection products, and a diversity of voluntary rating systems.

In order to advance its goals, PICS will devise a set of standards that facilitate the following:

Self-rating:: enable content providers to voluntarily label the content they create and distribute.
Third-party rating:: enable multiple, independent labeling services to associate additional labels with content created and distributed by others. Services may devise their own labeling systems, and the same content may receive different labels from different services.
Ease-of-use:: enable parents and teachers to use ratings and labels from a diversity of sources to control the information that children under their supervision receive.

The PICS Specifications

How to describe a rating service and the rating system it uses. More technically: how to write a schema describing the kind of statements that can be made.
How to find labels for information, and the format for those labels. Trust comes from knowing what is said.
How to sign those labels. Trust comes from knowing who said it.
How to distribute preference settings based on the labels. Trust comes from having rules for deciding what to trust.

Rating Service Description

Describing "What Can Be Said"

((PICS-version 1.1)
 (rating-system "http://www.gcf.org/ratings")
 (rating-service "http://www.gcf.org/v1.0/")
 (icon "icons/gcf.gif")
 (name "The Good Clean Fun Rating System")
 (description "Everything you ever wanted to
     know about soap,  cleaners, and related products.
     For demonstration purposes only.")

 (category  
  (transmit-as "suds")
  (name "Soapsuds Index")
  (min   0.0)
  (max   1.0))

 (category  
  (transmit-as "density")
  (name "suds density")
  (label (name "none") (value 0) (icon "icons/none.gif"))
  (label (name "lots") (value 1) (icon "icons/lots.gif")))

 (category  
  (transmit-as "subject")
  (name "document subject")
  (multivalue true)
  (unordered true)
  (label (name "soap") (value 0))
  (label (name "water") (value 1))
  (label (name "soapdish") (value 2))
  (label-only))

 (category  
  (transmit-as "color")
  (name "picture color")
  (integer)

  (category  
    (transmit-as "hue")
    (label (name "blue")  (value 0))
    (label (name "red")   (value 1))
    (label (name "green") (value 2)))

  (category  
   (transmit-as "intensity")
   (min 0)
   (max 255))))

Label Format

One or more statements

 (PICS-1.0 "http://www.gcf.org/v1.0"  
     labels on "1994.11.05T08:15-0500"        
     until "1995.12.31T23:59-0000"    
     for "http://w3.org/PICS/Overview.html"   
     by "John Patrick"        
     ratings (suds 0.5 density 0 color/hue 1))

Digital Signatures

Who said it

   extension
    (optional "http://www.w3.org/.../sigblock-1_0.html"
      ("AttribInfo" 
         ("http://www.w3.org/.../pgpcert-1_0.html"
          "http://pgp.com/.../plipp@iaik.tu-graz.ac.at"))
      ("Signature"
         "http://www.w3.org/.../RSA-MD5-1_0.html" 
         ("byKey" (("N" "aba21241241=") 
                   ("E" "abcdefghijklmnop=")))
         ("on" "1996.12.02T22:20-0000")
         ("exclude"
           (("extensions"
               "http://foo/badextension.html")))
         ("SigCrypto" "aba1241241==")))

Preferences or Profiles

Rules for Trust

(PicsRule-1.1
  (ServiceInfo
     (name "http://www.coolness.org/ratings/V1.html"
      shortname "Cool"
      bureauURL "http://labelbureau.coolness.org/Ratings")
    Policy (RejectUnless "(Cool.Coolness)")
    Policy (AcceptIf "((Cool.Coolness > 3) and
                       (Cool.Graphics < 3))")
    Policy (RejectIf "otherwise")))

Playing with a Rating Description

(define (get-categories name-value-list)
  ;; name-value-list is ((name . value) ...)
  ;; Returns a list of all of the (name . value) pairs where the name
  ;; is "category"
  (define (loop found rest)
    (if (null? rest)
        found
        (loop (if (eq? 'category (car (car rest)))
                  (cons (car rest) found)
                  found)
              (cdr rest))))
  (loop '() name-value-list))

(define (category.transmit-name category)
  ;; All categories have a transmit-name, according to the spec!
  (cadr (assq 'transmit-as (cdr category))))


(define (all-category-names description)
  (map car (->category-alist description)))

Flattening the Hierarchy

(define (flatten-alist alist)
  ;; The AList is of the form (("name" . category) ...)
  ;; Looks for all sub-categories of CATEGORY, and handles the PICS
  ;; convention of using "parent"/"child" for the name of nested
  ;; categories.  Returns an AList of the same form, with the nested
  ;; categories added to the top level.
  (map (lambda (name-and-category)
         (let ((name (car name-and-category))
               (category (cdr name-and-category)))
           (let ((sub-categories
                  (->category-alist (cdr category))))
             ;; SUB-CATEGORIES is an AList of the correct form, but
             ;; the names are wrong because they don't have the parent
             ;; name in them yet.
             (map (lambda (old-name category)
                    (cons (string-append name "/" old-name)
                          category))
                  (map car sub-categories)
                  (map cdr sub-categories)))))
       alist))

Converting to an AList

(define (->category-alist alist)
  ;; DESC-LIST is of the form ((name . value) ...)
  (let ((top-level-categories (get-categories desc-list)))
    (let ((top-level-alist
           (map (lambda (category)
                  (cons (category.transmit-name category) category))
                top-level-categories)))
      (append top-level-alist
              (apply append
                     (flatten-alist top-level-alist))))))

It Works!

(all-category-names gcf)
;Value: ("color" "subject" "density" "suds" "color/intensity" "color/hue")

(define gcf2 
'((PICS-version 1.1) ...
 (category  
  (transmit-as "color") ...
  (category  
    (transmit-as "hue") ...
    (category (transmit-as "inside")) ...
  (category  
   (transmit-as "intensity") ...)))))

;Value: "gcf2 --> ((pics-version 1.1) ...)"

(all-category-names gcf2)
;Value: ("color" "subject" "density" "suds"
         "color/intensity" "color/hue" "color/hue/inside")