Rick,
> On Jan 7, 2020, at 8:21 PM, Rick Yardumian via ipp <ipp at pwg.org> wrote:
>> Hi,
>> Canon has some questions about the draft Accounting specification and its use of IPP privacy attributes. Please reference the following specifications:
> - Job Accounting with IPP v1.0 https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippaccounting10-20191022.pdf> - IPP Privacy Attributes v1.0 (PRIVACY) https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippprivacy10-20180403.pdf>> The Job Accounting spec requires printers to conform to the IPP Privacy Attributes v1.0 specification. Per the IPP Privacy Attributes spec, a printer can define what job attributes are considered private as defined in section 4.1.3:
> 4.1.3 job-privacy-attributes
> 'all': All attributes except "job-id", "job-uri", "job-uuid", and "job-printer-uri" are private.
> 'default': All Job Description and Template attributes are private.
> 'job-description: All Job Description attributes are private.
> 'job-template': All Job Template attributes are private.
> 'none': No attributes are private.
>> On the other hand, the following attributes are considered explicitly to contain personal data according to Accounting v1.0.
> 7.3 Privacy and Data Collection
> "job-originating-user-name" and "job-originating-user-uri":
>> As an example, let’s say the printer does not collect the "job-name" attribute but collects other Job Description attributes.
> Could another keyword besides 'all'/'default'/'job-description'/'job-template'/'none' be more appropriate for filling in job-privacy-attributes?
I think the two specifications do two different things:
- The IPP Privacy Attributes registration allows a Printer to advertise its remote data access privacy/policies - the Printer states "I treat the following data as private and only the following people can access it. Click here for more information". The only (implied) user interaction on the Client side is that the Client UI will allow an End User to view the privacy policy web page - consent is passive/implied.
- The Job Accounting with IPP best practice allows a Printer to request (or require) specific information/attributes, with the Client then obtaining explicit consent from the End User for the requested information.
> Canon’s assumption is that PWG members might want fewer privacy items to show up on an informed consent dialog, which means coarser granularity purposely defined in the spec. (Accounting v1.0 - "4.4 Informed Consent")
>> Is Canon’s understanding correct?
> Could you tell us the background and logic behind the use of the IPP Privacy Attributes by the Job Accounting spec?
The Accounting best practice (not a spec!) is a roadmap for providing an IPP-based accounting solution that (hopefully) conforms to the latest privacy and data protection laws. That means having a clearly-defined privacy and data retention policy and asking for explicit consent for any information not required for the transaction (print job).
________________________
Michael Sweet