SV_MEETING_TITLE -- 07 Nov 2012

<aleecia> :-)

<npdoty> if you're alone in the woods, can a teleconference system mute you?

<aleecia> Nick, you've got this?

<npdoty> first party (1) and outsourcing service provider

<Chris_IAB> just joined from the 212 area code

<Chris_IAB> start horn just signaled!

<Chris_IAB> 202 is DC

<Chris_IAB> 202 Could be Rachel from DMA?

<Chris_IAB> I'm 212

<WileyS> I'm 408

<Walter> Zakim: IPcaller is Walter

<Walter> I'm on Skype

<Walter> I told Zakim so

<Walter> but he didn't recognise that

<npdoty> schunter, ready whenever you are

<schunter> Zakim still has punching-card-like command syntax. Lucky enough that the column does not matter.

<npdoty> schunter: after a little bit of time, back to the TPE document again, hope you all remember it

<npdoty> ... goal is to look at all the open issues, make progress, assign actions

<npdoty> ... selection of a scribe? volunteers?

<Brooks> 678 is Brooks

<npdoty> scribenick: ninjamarnau

overdue action items http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner

<vincent> zakim [IPcaller] is vincent

<npdoty> justin has 4 actions, so we had better follow up with him offline

schunter: Justin not on the call, I note it down, skpi his actions

<npdoty> amyc or others from Microsoft?

schunter: amyc on the call?

<npdoty> action-131?

<trackbot> ACTION-131 -- Roy Fielding to sketch use case for user agent requests on tracking status resource -- due 2012-11-03 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/131

schunter: ACTION 131 by roy:

<npdoty> this is attached to an issue that we have already closed

<npdoty> issue-124?

<trackbot> ISSUE-124 -- How shall we express responses from a site to a user agent (headers, URIs, ...)? -- closed

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/124

fielding: suggest postponing until we have status tracking resources

<Walter> who is talking now?

fielding: push it back 2 weeks

<npdoty> fielding, you're saying the spec should explain how a UA should make tracking status resource requests in a variety of cases

<rigo> no tom

<tlr> action-131 due 2012-11-21

<trackbot> ACTION-131 Sketch use case for user agent requests on tracking status resource due date now 2012-11-21

<fielding> sorry for any background noise -- I am in Atlanta at the IETF meeting

<tlr> action-276?

<trackbot> ACTION-276 -- Luigi Mastria to provide text regarding data retention, applicable to finanical logging data -- due 2012-10-10 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/276

schunter: ACTION 276 on lou?

<tlr> action-276 due 2012-11-21

<trackbot> ACTION-276 Provide text regarding data retention, applicable to finanical logging data due date now 2012-11-21

Luigi Mastria: I think it makes sense to push it couple of weeks

<jmayer> Is there any actual deadline for ISSUEs?

<jmayer> If a participant fails to complete a pending action for a month, they get a free two week extension?

<aleecia> Seeing only irc: issues ought to be closed if they are not getting work

<aleecia> Excuse me, *actions* not issues

<Walter> or at least pick up the beer tab at the next F2F

<aleecia> Issues do not have deadlines with them at present. But f2f AMS actions should just close if they do not have text now

rigo: I have been on a meeting with the German toll collect. They presented retention classes. This could perhaps inspire Luigi

<npdoty> rigo, are you volunteering to propose some text as well?

Luigi Mastria: appriciate the feedback. Will keep this in mind

<rigo> do retention classes instead of doing precise retention dates for financial data

<Walter> but I agree with aleecia and jmayer, this taking extremely long

<aleecia> Last week we delayed for NY having power outages. We are past time

<Walter> true

<tlr> action-273?

<trackbot> ACTION-273 -- Rob Sherman to propose text regarding multiple first parties -- due 2012-11-02 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/273

<npdoty> npdoty: is this something we can pull from the DAA text? can others help you with this action from last month?

<tlr> action-273?

<trackbot> ACTION-273 -- Rob Sherman to propose text regarding multiple first parties -- due 2012-11-02 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/273

schunter: 273 on Rob Sherman. Does not lokk like it.

<WileyS> Aleeca, rather than arbitrarily closing the issues, could we please put a due date on them and ask for volunteers to take over where others have not met their due date?

rigo: I volunteer to take this ACTION up.

<tlr> http://lists.w3.org/Archives/Public/public-tracking/2012Nov/0075.html

<dsinger> notes that there have been emails on the list on this subject

<npdoty> lmastria: not that simple, DAA program is a coherent whole in use in the US/EU/Canada, in current discussion but needs more time

rigo: text is not ideal. We need to be contructive.

schunter: Will set the action to pending review.

<aleecia> Until we have text proposals for adoption, we're just gossiping. We need actual text we can adopt

rigo, could you exchange ideal to not ideal?

<WileyS> Aleecia, not sure what you mean by "gossiping" - simply requesting due dates, solid owners, opportunity to reassign if someone else in the working group feels its critical to their business/perspective

<fielding> already did that

<Walter> does a closed action mean that it can no longer be discusses?

<Walter> eh, discussed

<tlr> Walter, closing an action simply means that the action has been done.

<Walter> ok, thank you

<tlr> action = promise by somebody to do something by a certain date

<trackbot> Sorry, couldn't find =. You can review and register nicknames at <http://www.w3.org/2011/tracking-protection/track/users>.

<aleecia> And again, apologies I cannot join the call today by voice

dsinger: suggest to leave the definition ACTION open.

<rigo> ninja, I did already

<tlr> action-268?

<trackbot> ACTION-268 -- David Singer to edit the TPE document to make sure that the final definition of parties is in sync across the two specifications -- due 2012-10-10 -- CLOSED

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/268

<tlr> action-268 closed

<trackbot> ACTION-268 Edit the TPE document to make sure that the final definition of parties is in sync across the two specifications closed

schunter: We will close 268 until we discover new inconsistencies

npdoty: We need to make some changes. At least for 1st and 3rd

<tlr> action-268 reopened

<tlr> trackbot, reopen action-268

<trackbot> ACTION-268 Edit the TPE document to make sure that the final definition of parties is in sync across the two specifications re-opened

<dsinger> TPE says "A companion document, [TRACKING-COMPLIANCE], defines many of the terms used here, notably 'party', 'first party', and 'third party'.

<dsinger> "

<rigo> I still think all lawyers in the room of at least 2 F2F meetings were telling leave "party" to the legal system and take whatever the legal system accepts as a party

<npdoty> fielding: I know what is implementable regarding parties, if the compliance spec is not consistent then it needs to be changed, but should clarify on the mailing list rather than an action for the editors

schunter: we do not have inconsistencies. But we have no machine implementable way to distinguish between first and third parties

<fielding> My issue is that the server cannot promise that it is the first party when it cannot know it is the first party. It can only promise how it was implemented.

<tlr> action-268 due next week

<trackbot> ACTION-268 Edit the TPE document to make sure that the final definition of parties is in sync across the two specifications due date now next week

<npdoty> dsinger, can we add notes to this action so we don't forget how to work on it?

schunter: it is not the definition itself but the implementability. It is not Rob's job to solve that

<dsinger> I just did a small one.

schunter: ACTION 249

<efelten_> Zakim aauu is me.

<tlr> action-249?

<trackbot> ACTION-249 -- David Singer to ensure that the qualifiers reflect the permissions documented in the compliance document, due 10 october -- due 2012-10-10 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/249

<npdoty> sounds good to me

schunter: suggest to put the current status of qualifiers in the spec and review it later.

dsinger: it is open if qualifiers are otional, mandataory, permitted.

schunter: To answer Ian Fette, In Amsterdam we decided to have permitted qualifiers

<tlr> npdoty: We made a decision in Seattle that we would have qualifiers, and that they would be optional.

npdoty: In Seattle decision were made that qualifiers are optional.

<fielding> and that they would only be in the representation.

<tlr> rigo: This is only about the response?

<tlr> npdoty: correct

<rigo> ok

<npdoty> schunter: permitted in the uri, or also in the header? dsinger: both places

<npdoty> jmayer: qualifiers that reflect the permitted uses would be optional; are there some qualifiers beyond that?

<rigo> interesting question: What do we do with syntax violations

jmayer: my understanding in Seattle was that we had a consensus. Are you suggesting qualifiers for more than the permitted uses? I do not think we have consensus on that

<npdoty> jmayer, you're suggesting a sort of extensibility mechanism? I wouldn't object to additional non-conflicting characters that UAs could ignore

<fielding> I think the only qualifier we had consensus on was to remove "l" for local

<npdoty> does anyone have a use case for extensibility regarding qualifiers?

schunter: my understanding is that the TPE spec allows only for optional qualifiers for the permitted uses. Other would violate the Compliance spec.

<rigo> fielding: do we have a rule for syntax violations?

schunter: dsinger got an action to synch both.

<tlr> action-317?

<trackbot> ACTION-317 -- David Singer to draft non-normative examples on same-party (issue-164) -- due 2012-10-12 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/317

<ifette> Is someone recording and/or putting hte call on hold?

<Chris_IAB> new noise on the call = beeping

<ifette> there's a beeping noise

<npdoty> so dsinger is going to update the TPE draft with those updated qualifiers, and point to the synchronization issue as they may change again

<jmayer> So, to clarify, the qualifiers are *only* for the permitted uses provided in the Compliance document. A website cannot unilaterally declare a new qualifier (e.g. "ICANHAZTRACKING").

<Brooks> I am on mute

schunter: I push it by a week. dsinger sent it by email but it got lost.
... dsinger should feel free to send it to the list.

<fielding> jmayer, the qualifiers are for the sole purpose of explaining what tracking is done within the scope of the TSV … David has suggested some changes to that purpose

<npdoty> action-287?

<trackbot> ACTION-287 -- Rachel Thomas to define "user expectation" as it's used in the context of the two documents. -- due 2012-10-10 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/287

<tlr> action-270?

<trackbot> ACTION-270 -- Rachel Thomas to propose existing DAA text for service providers -- due 2012-10-10 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/270

<npdoty> action-270?

<trackbot> ACTION-270 -- Rachel Thomas to propose existing DAA text for service providers -- due 2012-10-10 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/270

schunter: 2 ACTIONS on rachel_thomas

<npdoty> can someone drop a link to rachel's email?

<tlr> http://www.w3.org/mid/F7D4F7192203374D9821E66FADA2F10804B8CF9179@dma-ny-exch01.inside.the-dma.org

rachel_thomas: I would like to have it noted in the records. There was lot of text on definitions on the list.

<tlr> and the subject had "ACTION 207", without a dash :)

schunter: I or npdoty will link the information and set the actions to pending review.

<jchester2> Clarification for Rachel: Is this a formal request by the DAA to have its definition considered, or just the DMA?

<tlr> action-287?

<trackbot> ACTION-287 -- Rachel Thomas to define "user expectation" as it's used in the context of the two documents. -- due 2012-10-10 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/287

<jchester2> +q

rachel_thomas: On user expectation. I do not think I am the right person to work on this action.

schunter: Then I will close this action 287.

<dwainberg> That should be left open.

<Walter> +1

johnsimpson: Is this DAA text?

<jchester2> no that was jeff chester, not me

schunter: objections to close 287?

<Walter> walter-

<npdoty> I had thought this was already assigned to BrendanIAB, but I guess I'm looking track of all out action items

<tlr> action-287?

<trackbot> ACTION-287 -- Brendan Riordan-Butterworth to define "user expectation" as it's used in the context of the two documents. -- due 2012-11-14 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/287

<npdoty> BrendanIAB: can look into this as part of reviewing consistency, will take over this action, have something within a week

<npdoty> action-270?

<trackbot> ACTION-270 -- Rachel Thomas to propose existing DAA text for service providers -- due 2012-10-10 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/270

schunter: remains open. Now ACTION on BrendanIAB

<jchester2> +q

schunter: Back to ACTION 270

<fielding> regardless, the action is competed

<johnsimpson> suggest we close

<Walter> +1

<npdoty> "I think we will just withdraw this language as a potential replacement for what's in the spec today and see if we need to provide alternative text."

tlr: The text that rachel_thomas proposed does not really fit. Does someone make another proposal? Or do we close it.

<npdoty> close action-270

<trackbot> ACTION-270 Propose existing DAA text for service providers closed

<tlr> action-270 closed

<trackbot> ACTION-270 Propose existing DAA text for service providers closed

<jchester2> -q

rachel_thomas: I agree. We can close it.

<jchester2> Rachel: Could you clarify on the list. Are your proposals formally submitted by the DMA or by you on behalf of the DMA?

<jchester2> Rachel: Sorry I mean submitted by DAA.

<fielding> happy to drop my action if anyone else wants to write examples for TPE

<npdoty> schunter: encourage us to address actions promptly, so that we don't have so many overdue ones to go through

schunter: We should take ACTION more serious. I ask you to update them before they are overdue.

<Zakim> dsinger, you wanted to ask an editor question

<tlr> ACTION-270: this text will not be integrated into the document

<trackbot> ACTION-270 Propose existing DAA text for service providers notes added

<schunter> 1. Send email to list

<npdoty> dsinger: a lot of emails going by, when should the editors add the text to the documents?

dsinger: Unsure when text on the mailing list is final and can be included by the editors. I expect explicit instruction by the chairs.

<npdoty> schunter: you're right, we should put an action on the editors to do so

schunter: Once we decided on text we should but an action on the editors.

<npdoty> rigo: up to the chairs to declare consensus, otherwise how would david know what to do?

schunter: quick check that all callers are identified.

<Chapell> 646 is chapell

<laurengelman> i am one

<laurengelman> i think i'm the VOIP

<Chapell> thanks tlr

new approach to exceptions

<npdoty> http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0514.html

schunter: discussion on the new approach on decisions we presented in Amsterdam.

<ifette> Fair warning, I have a conflicting meeting in 13 minutes and will need to drop off

ifette: UA should confirm exceptions with the user. The big change is on UAs to store exceptions

<jmayer> Off to class again, later all.

<WileyS> +q

<WileyS> Ian - is the Server notified if the user rejects the exception upon UA interaction?

<ifette> Shane, no.

<ifette> Because it's not considered "rejecting"

ifette: if the UA has the option to implement notifications to the user about change of exception status

<ifette> it's considered deleting a previously granted exception

<ifette> just like the user could delete an exception at any time

WileyS: I think this is vital. But the server needs to know that it received an exception.
... We should think how this can be validated for the sites. This is a matter of synching.

<efelten_> Doesn't the server find out when it receives DNT:0 in the future?

<rigo> ed, exactly my question too

<dsinger> I think we made sure that there were ways to confirm the existence of an exception that the server thought had previously been granted; I agree

<ifette> ed, yes

schunter: Do people prefer this approach in general?

<ifette> this is just a special case of the user revoking an exception at any random time

<fielding> efelten_, the third party would find out … it would be useful if the first party knows as well, but I think that will have to handled OOB

<dsinger> to ifette, yes, exactly

<rigo> I heard only positive remarks so far

schunter: should we pursue this direction?

<WileyS> Fair - so if the Server continues to receive DNT:1 after receiving a user granted exception, it should keep requesting the exception from the user.

<ifette> correct

<ifette> shane, correct

<WileyS> Ian, okay

<dsinger> as long as it's now clear that the server is solely responsible for the user communication, I think this a great improvement

<rigo> shane, that was my assumption

<rigo> revoking exception is sending DNT;1

<rigo> IMHO

<WileyS> rigo, yet - we're clear on that now

ifette: Whatever road we follow, we need to make sure the user can revoke his exceptions. And the server needs to know.

<WileyS> Rigo, yep - we're clear on that now

<rigo> WileyS: verify that this is in the text!

dwainberg: I lost track on how web-wide exceptions are handled.

schunter: I think both work with this new proposal.

<rigo> dwainberg: which parties could request exception

<rigo> dsinger, if something is prevented to get to the user

<WileyS> +q

rigo, did you take over?

<npdoty> or use an iframe

<rigo> not yet

<WileyS> Can we confirm iFrames are fine?

<rigo> Text!!

<BrendanIAB> My understanding of the proposal is that the preference store is moved from client side to server side.

<dsinger> yes, iFrames are fine

<WileyS> There was discussion on the mailing list that this broke the top origin rule.

<BrendanIAB> If that happens, how does the server side re-identify users with preferences?

<rigo> action to do the text?

<trackbot> Sorry, couldn't find to. You can review and register nicknames at <http://www.w3.org/2011/tracking-protection/track/users>.

<dsriedel> yes, clarification would be fine, a practical example on this

<Chapell> Yes - I think an example would be helpful

<npdoty> BrendanIAB, no, I think this is a proposal specifically for storing it on the client

rigo, please take over scribing. I need to leave. Sorry.

<Chapell> @ Wainberg - happy to help draft

<npdoty> scribenick: rigo

<Chris_IAB> how would a 3rd party do the messaging, independent of the 1st party?

<BrendanIAB> Oh. I thought that was the original design...?

<dsriedel> publisher perspective would be interesting in this aspect

schunter: debugging text, is not perfect yet

<WileyS> I proposed non-normative text (an example) of the iFrame approach and was told this breaks the top level origin rule. Need to confirm this is NOT the case.

<dsinger> s/prevented to the user/presented to the user/

<Chapell> @dwainberg - happy to help

<npdoty> ACTION: wainberg to draft text confirming use of iframes for requesting exceptions (with chapell) [recorded in http://www.w3.org/2012/11/07-dnt-minutes.html#action01]

<trackbot> Created ACTION-331 - Draft text confirming use of iframes for requesting exceptions (with chapell) [on David Wainberg - due 2012-11-14].

<tlr> ACTION: dwainberg to review TPE spec to ensure iframes are fine for exception API; if not, propose text changes [recorded in http://www.w3.org/2012/11/07-dnt-minutes.html#action02]

<trackbot> Created ACTION-332 - Review TPE spec to ensure iframes are fine for exception API; if not, propose text changes [on David Wainberg - due 2012-11-14].

tlr: dwainberg wants to check the text, mainly that iframes are fine and that the signal back is done by DNT signal

<tlr> action-332 due 2012-11-21

<trackbot> ACTION-332 Review TPE spec to ensure iframes are fine for exception API; if not, propose text changes due date now 2012-11-21

<npdoty> close action-331

<trackbot> ACTION-331 Draft text confirming use of iframes for requesting exceptions (with chapell) closed

<npdoty> action-332: chapell volunteers to help, wileys may also be interested

<trackbot> ACTION-332 Review TPE spec to ensure iframes are fine for exception API; if not, propose text changes notes added

schunter: does somebody object to go with the updated exception proposal?
... so far haven't seen any objection?

<ifette> That's not a UI requirement

<ifette> the detail can be used for reviewing exceptions later on

npdoty: changes are additonal requirements, you must store the exception without checking with the user, the site naming issue
... not sure this apporach is preventing that

<tlr> npdoty: we have some stuff that was intended for UI, which seems inconsistent with the UI

ifette: the UA can look at exceptions and can revoke them

<ifette> I do apologize, but I have to drop off the call

<ifette> Ideally "a website called this method" is equivalent to "a user's preference"

<ifette> If not, that's a problem

npdoty: do we say that DNT:0 means only that a site stored an exception?

<ifette> but agree they need to match up somehow in the text

<ifette> have to drop,s orry

<dsinger> is that a question in any way related to the question at hand?

<tlr> npdoty: consistency between DNT:0 and user exceptions?

npdoty: if UA is still responsible for making sure that DNT:0 is still a user preference, than I'm fine with it. If not than not

<dsinger> got it, dnt:0 is now the *server's* responsibility to make sure it reflects the user intention

WileyS: provided non-normative text and had feedback that it broke top level same origin rule. Seems supportive in IRC, want a definitive response

<npdoty> npdoty: whether this has a change on DNT:0 semantics is important, that's what makes the difference with whether I think this is a good approach to take. if it's not the UA's responsibility, then servers may need to constantly doublecheck the validity of a dnt:0.

dsinger: it is the ??? can you clarify?? It ought to work

WileyS: if one domain registers exceptions for other domains

dsinger: yes

Lmastria: are we opening UI here?

<dsinger> yes, the applicable site is the document-origin of the script, so iFrames should work. please note if the spec. says something to the contrary

<npdoty> this does add a new requirement that a UA can't provide synchronous UI

<npdoty> but continues to avoid any details about what UI a UA would ever have to show

<dsinger> yes, the site-exception request can be site-wide or name explicit third-parties, and the UA is allowed to 'widen' an explicit list to site-wide (and tell the caller); that remains, as I understand, in this new proposal

schunter: it is explicit that UA can do whatever they want. Site has to make sure that it only stores exceptions that it really has. UA can still check

<Chris_IAB> Lou, I can work with you on that :)

<npdoty> we never had a requirement that the UA had to pop up a UI

no, but "make sure it is a preference"

dsinger: general preference is UA and exception is the responsibility of the site. We need more editiing. I don't think we captured that idea

<dsinger> to note that the 'general preference' is the responsibility of the UA, and exception-preferences are the responsibility of the sites, to verify that they reflect the user's intent

<dsinger> also that the server has to re-ask that if the exception disappears

<Lmastria> my apologies, but i need to drop ... thank you

<dsinger> suggest an action on me to integrate Adrian, Ian, and Nick's texts, into a new document

schunter: suggest to replace the old exception text with ifette's text. And start working from there

npdoty: uncertain about it. I don't think it is a good idea.
... we should not lose what DNT:0 means

<Zakim> npdoty, you wanted to repeat my objection in case schunter couldn't hear it

<npdoty> npdoty: wanted to be clear about my concerns, expressed in Amsterdam and again today

<npdoty> ... 1) that it's not clear who is responsible for a DNT:0 or what DNT:0 will continue to mean in that case, which I think would be a great loss

<npdoty> ... and 2) that it's dangerous for an API to store this and require that the user cannot be part of the interaction

<Zakim> dsinger, you wanted to try to answer Nick

<dsinger> I think the spec. needs to be clear that a DNT signal that results from a general preference MUST reflect the user's intent as determined by the UA, and that a DNT signal sent as a result of an exception call MUST reflect user intent as determined by the SITE. It's not tied to DNT:0, but to the origin of the signal.

schunter: specific issue: current text that UA must ?? request. Guiding principle is that DNT signal should correspond to the user preference. Should follow that here. UA is responsible to store the right thing. UA can check. But this is the debugging we need

<npdoty> schunter: agree, but think it's just a question of debugging on the text

dsinger: answer to npdoty DNT - signal as a preference is responsible for the UA, exception signal is result of site

<npdoty> the DNT:0 cancels out the DNT:1 though

<Brooks> cylon

<eberkower> LOL

<dwainberg> old school cylon

<npdoty> Walter, please call back, we couldn't hear you

<npdoty> rigo: it's really okay for the DPAs, because the responsibility is with the correct party, the general preference is with the browser and the exception is with the site

RRSAgent: please draft minutes

schunter: want that people respond to Ian's message. New approach has shortcomings. New one has to be even better than the old ones addressing all concerns

npdoty: clarify, not prefer new approach. Think that new approach is a dangerous path.

<fielding> npdoty, note that sending DNT:0 instead of DNT:1 is never dangerous for the user -- this is not a security protocol. The only danger would be to a site that caused a false signal to be set and then made improper decisions based on the false signal.

schunter: keep the old text as an option? And in one or two weeks you see if your concerns are resolved and in two weeks we see whether it works out

<dsinger> ACTION: singer to work with Ian's text, Adrian's text, and Nick's cleanup to produce a new exception API proposed specification [recorded in http://www.w3.org/2012/11/07-dnt-minutes.html#action03]

<trackbot> Created ACTION-333 - Work with Ian's text, Adrian's text, and Nick's cleanup to produce a new exception API proposed specification [on David Singer - due 2012-11-14].

npdoty: only a couple of things that are controversial

<npdoty> fielding, I meant a dangerous way of deciding and sending signals, not that it's a security risk to send DNT:0

<tlr> +1 to Nick and David working out the mechanics.

Decision: dsinger to include Ian Fette's text into the document and work with Nick to figure which old text should remain

<npdoty> I'm fine with whatever the editors think is the best editorial method, I just wanted to note the concern

<npdoty> I'll also follow up with my concerns on the mailing list

<npdoty> rigo: I think we should open an issue around this

<npdoty> don't we have an issue on the exceptions API?

but you can't attach actions to actions

<npdoty> issue-144?

<trackbot> ISSUE-144 -- User-granted Exceptions: Constraints on user agent behavior while granting and for future requests? -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/144

tlr: let nick and dsinger figure it out

schunter: prefer issue. will create issue and attach actions

<tlr> we have issue-144 already....

<npdoty> schunter, rigo, we have issue 144 already which looks to be very relevant

Walter: would prefer exceptions and responses to exceptions to be fiully machine readable
... and with javascript that risks not to work
... unless we could define the javascript in a way that is machine readable

<Walter> machine readable in the sense that it is accountable

npdoty: I think it works

<dsinger> walter, I don't understand. could you write a discussion email of your concerns?

<dwainberg> seems like that would be up to UAs if they want to create some sort of log, right?

Walter: his and her preferences are stored. It may not be stored ...

<Walter> dsinger: I will

npdoty: Walter, lets take that to the mailing list

<npdoty> npdoty: I think you can still have a UA that acts that way (no exceptions, all exceptions), using JavaScript, follow up on mailing list

How to handle sub-domains (ISSUE-112)?

<dsinger> issue-112?

<trackbot> ISSUE-112 -- How are sub-domains handled for site-specific exceptions? -- pending review

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/112

schunter: one was to use cookie like tools..
... this is for site wide exception, domain matiching is broken, with all subdomains listed

<WileyS> The List is too difficult to manage - use wild cards: *.yahoo.com

schunter: current approach in the Specification is list of all subdomains

dwainberg: clear from past conversation, we need wildcard

<vinay> +1 to Shane. That and the list changes (like the addition of a new site)

<moneill2> is this about the targets?

<WileyS> For a web site like wordpress, they should NOT use wildcards

<WileyS> Matthias, not sure what you mean by "cookie rule"?

schunter: does wildcard mean cookie rules or different?

<fielding> they do not imply the same thing

<WileyS> I have proposed text already out there

<WileyS> +q

schunter: if no action is created, we keep the text

WileyS: it is several month old, but covers suffixes and where wild cards are allowed

<npdoty> apologies, I'm getting caught up on the conversation from July

<fielding> we could allow *.[www.]?{origin domain}

<dsinger> there are a lot of emails linked to the issue

WileyS: don't know where this action was related to

<npdoty> I wasn't aware of a concrete proposal

dsinger: 2 questions: Can you ask for an exception for a bunch of third parties sites that have wildcards on

<moneill2> Ians version cannot do that

<WileyS> David - yes, that's the one

dsinger: 2/ ?? which first parties are we talking about

<npdoty> agree that there's a distinction between expanding 1st party and expanding 3rd party; I noted that here: http://lists.w3.org/Archives/Public/public-tracking/2012Aug/0191.html

<moneill2> no first party string parameter

<npdoty> rigo: relates to our conversation about transitive permissions in the auction model, and our conversations at least as far back as DC

<npdoty> ... if it makes it easier for implementers, all the better

<npdoty> ... should clarify what we mean when we say it's the same party

shane?

<WileyS> Rigo?

<WileyS> Okay - thank you Nick

<WileyS> I thought it was already concrete :-)

<WileyS> Nick can have it

npdoty: go back with Shane and take action to clear that

npdoty will create the action

schunter: will push the remaining issues to the call next week

<npdoty> ACTION: doty to re-update on handling of sub-domains, clarify concrete options (issue-112, perhaps with Shane) [recorded in http://www.w3.org/2012/11/07-dnt-minutes.html#action04]

<trackbot> Created ACTION-334 - Re-update on handling of sub-domains, clarify concrete options (issue-112, perhaps with Shane) [on Nick Doty - due 2012-11-14].

schunter: Any other business?

nope

Meeting next week on compliance -- adjourned

<Chris_IAB> npdoty?

trackbot, end meeting

- DRAFT -

SV_MEETING_TITLE

07 Nov 2012

Attendees

Contents

overdue action items http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner

new approach to exceptions

How to handle sub-domains (ISSUE-112)?

Summary of Action Items

Scribe.perl diagnostic output