16:49:36 RRSAgent has joined #dnt 16:49:36 logging to http://www.w3.org/2013/01/09-dnt-irc 16:49:42 rrsagent, make logs public 16:49:54 Chair: schunter 16:50:03 Meeting: Tracking Protection Working Group teleconference 16:50:28 adrianba has joined #dnt 16:51:28 T&S_Track(dnt)12:00PM has now started 16:51:35 + +1.510.859.aaaa 16:51:45 fielding has joined #dnt 16:52:02 Zakim, aaaa is npdoty 16:52:02 +npdoty; got it 16:52:08 aleecia has joined #dnt 16:53:10 + +1.408.674.aabb 16:53:26 Zakim, aabb is aleecia 16:53:26 +aleecia; got it 16:53:33 Hi! 16:54:21 + +1.212.380.aacc 16:54:36 - +1.212.380.aacc 16:54:40 Zakim, mute me 16:54:40 aleecia should now be muted 16:54:58 BrendanIAB has joined #dnt 16:55:04 schunter has joined #dnt 16:55:36 dsinger has joined #dnt 16:55:52 Joanne has joined #DNT 16:55:53 + +1.212.380.aadd 16:56:28 yianni has joined #dnt 16:56:29 agenda+ Next steps for compliance 16:56:37 Zakim, aadd is IAB 16:56:37 +IAB; got it 16:56:39 efelten has joined #dnt 16:56:39 Lmastria_DAA has joined #dnt 16:56:43 + +1.415.520.aaee 16:56:44 Zakim, IAB has peterswire 16:56:45 +peterswire; got it 16:56:46 jeffwilson has joined #dnt 16:56:46 samsilberman has joined #dnt 16:56:53 Zakim, IAB has Chris_IAB 16:56:53 +Chris_IAB; got it 16:57:01 aleecia_ has joined #dnt 16:57:01 Zakim, aaee is Joanne 16:57:02 +Joanne; got it 16:57:02 Zakim, IAB has Lmastria_DAA 16:57:03 +Lmastria_DAA; got it 16:57:17 + +1.703.265.aaff 16:57:19 + +1.609.310.aagg 16:57:26 +[IPcaller] 16:57:31 Zakim, aagg is me 16:57:31 +efelten; got it 16:57:33 vincent has joined #dnt 16:57:34 zakim, aaff is jeffwilson 16:57:34 +jeffwilson; got it 16:57:35 + +1.781.482.aahh 16:57:36 zakim, [IPcaller] is me 16:57:36 +dsinger; got it 16:57:48 zakim, who is on the phone? 16:57:48 On the phone I see npdoty, aleecia (muted), IAB, Joanne, jeffwilson, efelten, dsinger, +1.781.482.aahh 16:57:51 IAB has Lmastria_DAA 16:57:51 + +1.215.286.aaii 16:57:58 zakim, aahh is samsilberman 16:57:58 +samsilberman; got it 16:57:59 jchester2 has joined #dnt 16:57:59 susanisrael has joined #dnt 16:58:07 +??P54 16:58:09 +[IPcaller] 16:58:13 Chris_IAB has joined #dnt 16:58:16 Zakim, ??P54 is schunter 16:58:18 +schunter; got it 16:58:20 + +1.646.801.aajj 16:58:21 Zakim, IPcaller is probably me 16:58:21 +BrendanIAB?; got it 16:58:30 +Cyril_Concolato 16:58:30 zakim, aajj is dwainberg 16:58:31 +dwainberg; got it 16:58:33 peterswire has joined #DNT 16:58:33 peter-4As has joined #dnt 16:58:37 zakim, 215 286 xxxx is susanisrael 16:58:37 I don't understand '215 286 xxxx is susanisrael', susanisrael 16:58:42 + +1.202.587.aakk 16:58:45 zakim, Cyril_Concolato is vincent 16:58:45 +vincent; got it 16:58:46 Zakim, aaii is susanisrael 16:58:47 +susanisrael; got it 16:58:48 +[Microsoft] 16:58:53 +jchester2 16:58:56 zakim, who is making noise? 16:58:58 zakim, [Microsoft] is me 16:58:58 +adrianba; got it 16:59:04 Zakim, IAB has Lmastria_DAA, Chris_IAB, peterswire 16:59:04 Lmastria_DAA was already listed in IAB, npdoty 16:59:04 zakim, mute me 16:59:05 +Chris_IAB, peterswire; got it 16:59:05 jchester2 should now be muted 16:59:06 dsinger, listening for 10 seconds I heard sound from the following: IAB (70%), dwainberg (76%) 16:59:11 rigo has joined #dnt 16:59:18 */*sorry for getting the syntax wrong, thanks Nick 16:59:29 zakim, code? 16:59:29 the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), rigo 16:59:30 dan_auerbach has joined #dnt 16:59:33 + +1.202.331.aall 16:59:40 Zakin, 2025874870 is yianni 16:59:50 AdamTurkel has joined #DNT 16:59:58 mecallahan has joined #dnt 16:59:59 Zakim, aakk is yianni 16:59:59 +yianni; got it 17:00:05 + +1.714.852.aamm 17:00:16 +AnnaLong 17:00:17 Zakim, who is on the phone? 17:00:17 On the phone I see npdoty, aleecia (muted), IAB, Joanne, jeffwilson, efelten, dsinger, samsilberman, susanisrael, schunter (muted), BrendanIAB?, dwainberg, vincent, yianni, 17:00:20 ... adrianba, jchester2 (muted), +1.202.331.aall, +1.714.852.aamm, AnnaLong 17:00:20 IAB has Chris_IAB, peterswire 17:00:21 zakim, aamm is fielding 17:00:21 +fielding; got it 17:00:23 + +1.301.351.aann 17:00:27 + +1.650.787.aaoo 17:00:31 AnnaLong has joined #dnt 17:00:32 justin_ has joined #dnt 17:00:38 +Rigo 17:00:39 + +1.646.827.aapp 17:00:40 zakim, mute me 17:00:40 Rigo should now be muted 17:00:44 Zakim, aaoo is BillScannell 17:00:44 +BillScannell; got it 17:00:51 + +1.703.438.aaqq 17:00:52 + +1.202.639.aarr 17:00:53 hefferjr has joined #dnt 17:01:05 Zakim, who is on the phone? 17:01:05 On the phone I see npdoty, aleecia (muted), IAB, Joanne, jeffwilson, efelten, dsinger, samsilberman, susanisrael, schunter (muted), BrendanIAB?, dwainberg, vincent, yianni, 17:01:09 ... adrianba, jchester2 (muted), +1.202.331.aall, fielding, AnnaLong, +1.301.351.aann, BillScannell, Rigo (muted), +1.646.827.aapp, +1.703.438.aaqq, +1.202.639.aarr 17:01:09 IAB has Chris_IAB, peterswire 17:01:23 646-827-XXXX is adam turkel 17:01:24 +[CDT] 17:01:31 + +1.202.296.aass 17:01:33 moneill2 has joined #dnt 17:01:44 zakim, aapp is AdamTurkel 17:01:44 +AdamTurkel; got it 17:01:45 301 is me 17:01:46 vinay has joined #dnt 17:01:58 Zakim, aaqq is richardweaver 17:01:58 +richardweaver; got it 17:01:59 zakim, aann is dan_auerbach 17:01:59 +dan_auerbach; got it 17:02:02 Brooks has joined #dnt 17:02:07 +[IPcaller] 17:02:13 + +1.678.580.aatt 17:02:19 Peter Swire, Lou Mastria and Chris Mejia dialing in from 212-380... together 17:02:21 Zakim, aatt is Brooks 17:02:21 +Brooks; got it 17:02:31 + +1.415.728.aauu 17:02:36 zakim, aauu is vinay 17:02:36 +vinay; got it 17:02:53 +Craig_Spiezle 17:02:54 zaqkim. [ipcaller] is me 17:02:56 schunter: welcome all back from the holidays 17:02:58 rvaneijk has joined #dnt 17:03:03 Zakim, [IPcaller] is moneill2 17:03:03 +moneill2; got it 17:03:08 + +1.646.654.aavv 17:03:09 zakim, [ipcaller] is me 17:03:09 sorry, moneill2, I do not recognize a party named '[ipcaller]' 17:03:10 JC has joined #DNT 17:03:24 volunteer to scribe? 17:03:29 johnsimpson has joined #dnt 17:03:32 + +1.813.366.aaww 17:03:40 scribe: susanisrael 17:03:41 eberkower has joined #dnt 17:03:41 jmayer has joined #dnt 17:03:41 Zakim, aaww is hefferjr 17:03:42 +hefferjr; got it 17:03:48 Zakim, who is on the phone? 17:03:48 On the phone I see npdoty, aleecia (muted), IAB, Joanne, jeffwilson, efelten, dsinger, samsilberman, susanisrael, schunter, BrendanIAB?, dwainberg, vincent, yianni, adrianba, 17:03:51 ... jchester2 (muted), +1.202.331.aall, fielding, AnnaLong, dan_auerbach, BillScannell, Rigo (muted), AdamTurkel, richardweaver, +1.202.639.aarr, [CDT], +1.202.296.aass, moneill2, 17:03:51 ... Brooks, vinay, Craig_Spiezle, +1.646.654.aavv, hefferjr 17:03:51 IAB has Chris_IAB, peterswire 17:03:54 + +1.650.465.aaxx 17:03:58 +Jonathan_Mayer 17:04:02 Keith has joined #dnt 17:04:03 mattias: one change= caller id to be done in background; try to get on irc and tell nick who you are 17:04:07 Hi, I will not be able to attend the call unfortunately.. 17:04:09 +Chris_Pedigo 17:04:12 aavv=eberkower 17:04:15 Regrets+ rvaneijk 17:04:21 David has joined #dnt 17:04:21 ChrisPedigo_OPA has joined #dnt 17:04:23 Zakim, aavv is eberkower 17:04:23 +eberkower; got it 17:04:26 mattias: welcome-looking forward to a couple productive months to finish both specs 17:04:31 WileyS has joined #dnt 17:04:39 Success ! 17:04:46 mattias: had productive 2012, identified issue, shouldn't be a big deal finishing this year 17:04:48 +[Microsoft] 17:04:52 BillScannell has joined #dnt 17:05:01 Lia has joined #dnt 17:05:02 agenda+ Action items 17:05:05 + +1.310.392.aayy 17:05:09 agenda+ Revised exceptions approach 17:05:09 Zakim, agenda? 17:05:10 I see 3 items remaining on the agenda: 17:05:10 1. Next steps for compliance [from npdoty] 17:05:10 2. Action items [from npdoty] 17:05:10 3. Revised exceptions approach [from npdoty] 17:05:11 ....peter would like to spend a couple min on compliance doc then i will discuss tpe. comments on agenda? 17:05:18 agenda+ multiple first parties 17:05:22 + +1.408.349.aazz 17:05:24 bryan has joined #dnt 17:05:26 agenda+ updates to JS API 17:05:34 agenda+ Service Providers 17:05:42 zakim, 310.292,aayy is johnsimpson 17:05:42 sorry, johnsimpson, I do not recognize a party named '310.292,aayy' 17:05:43 agenda+ Pending Review 17:05:47 agenda+ Open issues 17:05:47 +Peder_Magee 17:05:51 Peter Swire: Happy new year. I will talk for a while to give people background of what will happen next week. .... 17:05:56 Zakim, aayy is johnsimpson 17:05:56 +johnsimpson; got it 17:06:02 ...my goal is to be inclusive. 17:06:09 zakim, 310.392.aayy is johnsimpson 17:06:10 sorry, johnsimpson, I do not recognize a party named '310.392.aayy' 17:06:13 pedermagee has joined #dnt 17:06:25 zakim, aayy is johnsimpson 17:06:25 sorry, justin_, I do not recognize a party named 'aayy' 17:06:38 Wanted to get to know as many stakeholders as possible. IN those conversations was trying to identify a path forward. More than 30 meetings so far. 17:07:24 Peter: have responded to all messages and have told people when I would be in various cities. want to build confidence and get to know people. If i have not responded to you I apologize 17:07:35 ping me again if you want and we'll try to have a good discusison. 17:07:37 tedleung has joined #dnt 17:08:17 Peter: in those meetings the area of de-identification or de-linking seemed quite promising. another topic was default settings and I don't expect to address that soon. But ,,,, 17:08:33 + +1.206.664.bbaa 17:08:45 zakim bbaa is tedleung 17:08:56 de-identification is an area where people of different views think it would be helpful to work on this. advertising industry says they don't use pii and ngo's/advocates also interested. 17:08:58 Zakim, bbaa is tedleung 17:08:58 +tedleung; got it 17:09:35 It's important on compliance side. If it's not linked, you are not tracked, roughly speaking. So working on de-identification is somewhat like defining what tracking is. Not exact, but similar.... 17:09:37 Zakim, Lou Mastria from DAA is here too, on the same line 17:09:37 I don't understand you, Chris_IAB 17:09:53 so not surprising that what counts as not tracked/de-identified will be important. 17:10:21 ifette has joined #dnt 17:10:24 kj has joined #dnt 17:10:47 peter: there may some win-wins that can happen here. de-linking may improve privacy but permit better utility for data. Could see wins for people who want to use data and people who don't want to be identified. 17:10:53 i get a busy signal when trying to call in 17:11:08 (3x) 17:11:13 turns out to be related to permissible uses. 17:11:18 i cant dial in either 17:11:55 peter: with that as background we can see why this set of issues is important and will have to be addressed in any spec.seems a necessary step to any eventual standard 17:11:56 David has joined #dnt 17:12:01 zakim, who is on the call? 17:12:01 On the phone I see npdoty, aleecia (muted), IAB, Joanne, jeffwilson, efelten, dsinger, samsilberman, susanisrael, schunter (muted), BrendanIAB?, dwainberg, vincent, yianni, 17:12:05 ... adrianba, jchester2 (muted), +1.202.331.aall, fielding, AnnaLong, dan_auerbach, BillScannell, Rigo (muted), AdamTurkel, richardweaver, +1.202.639.aarr, [CDT], +1.202.296.aass, 17:12:05 ... moneill2, Brooks, vinay, Craig_Spiezle, eberkower, hefferjr, +1.650.465.aaxx, Jonathan_Mayer, Chris_Pedigo, [Microsoft], johnsimpson, +1.408.349.aazz, Peder_Magee, tedleung 17:12:05 IAB has Chris_IAB, peterswire 17:12:20 Zakim, aazz is WileyS 17:12:20 +WileyS; got it 17:12:40 peter: beyond that these issues of de-identifiication are important in their own right. have been the focus of a lot of attention--in uk and through hhs in us, and canada on healthcare side has done work on this 17:13:02 Uk, health & human services, Canada, FTC - sources of other thoughts on identification 17:13:19 ty 17:13:21 (wow, irc lag) 17:13:23 peter: a lot of technical people who have done good work on this turn out to be in the w3c process. It may be we have some meetings and do work on this, produce some white papers for people working on this. 17:13:41 Zakim, DAvid is David_MacMillan 17:13:41 sorry, David, I do not recognize a party named 'DAvid' 17:13:45 this is an area where policy makers have been confused, debates contentious, maybe we can help 17:13:47 Zakim, David is David_MacMillan 17:13:47 sorry, David, I do not recognize a party named 'David' 17:13:55 peter: if good work to do here, what is our path? 17:14:19 Zakim, +1.650.465.aaxx is DAvid 17:14:19 +DAvid; got it 17:14:34 peter: there was a sense, in meetings that one challenge is that people some times talk past each other, use different definitions, have different threat models, don't have common vocabulary 17:15:06 peter: so this sort of technical descriptive side seems to be something where it s positive to get conversation moving. 17:15:25 +Bryan_Sullivan 17:15:30 if you're calling in from one of these numbers, please identify via IRC: +1.202.331.aall, +1.202.639.aarr, +1.202.296.aass, +1.408.349.aazz 17:16:11 peter: one goal i had was to make sure i had some good technical folks from different perspectives working on this, for example, EFF, and Ed Felten. IAB chris, david wainberg will be there in person, with shane wiley on phone 17:16:39 +[Google] 17:16:44 Peter: You should have presented this first to the entire group, explain your plan then move forward. That it would make it legitimate. Instead of cherry-picking people. 17:16:46 not intended to exclude others, but wanted to make sure we have the key people in the room. This weekend got enough yeses to make sure we have range of views in room to make this worthwhile. 17:16:47 Zakim, Google has ifette 17:16:47 +ifette; got it 17:17:39 peter: Khalid El Ahmid phd with book on subject will be in dc on that date, and morning of 17th avoids conflict with NTIA that afternoon. CDT will host. 9-12:30/12:45 EDT 17:17:57 Is this a short notice f2f? Sorry, just dialing in now... 17:18:02 6 am pacific. Spiffy 17:18:09 if you're calling in from one of these Washington DC numbers, please identify: +1.202.331.aall, +1.202.639.aarr, +1.202.296.aass 17:18:39 peter: we will scribe and have call in and open invitation for people to come physically. room holds 30-35 maybe 40. If you want to come pls send email to yanni lagos ylagos@futureofprivacy.org. 17:18:49 we will attend remotely 17:19:24 peter: that's just to get a sense of the numbers. IF too many will figure out a good way to proceed. Maybe limit it to 1 person/organization, but may try other things. 17:20:08 Object to the flurry of short-notice meetings here... 17:20:21 peter: separately, have been working with thomas roessler about meeting in brussels when i am there jan 23-35. Not grand meeting for decisions, maybe tech meeting on de-identification. include people who will be in brussels then for dpdp or otherwise. 17:20:23 So Ian was not deemed a technical expert? 17:20:56 peter: this is an informal auxiliary meeting so does not need 8 weeks notice, but will try to have a call. 17:21:15 peter: now lets talk about how i think 17th meeting will go. 17:21:56 peter: for meeting on 17th, ground rules would be to focus on descriptive discussions. focus on what de-identification is, how it works. 17:22:09 Zakim, unmute me 17:22:09 schunter should no longer be muted 17:22:14 peter: i will consider it out of order to discuss what w3c standard should include 17:22:19 Keith has left #dnt 17:22:32 peter: this is intended to be technical clearing of brush around technical issues. 17:22:57 mattias: quick question. so do i understand that prupose is to make tech proposals but not put anything in spec? 17:22:59 aleecia, apparently neither am I 17:23:23 is this meeting to work through different technical use cases? 17:23:27 Keith has joined #dnt 17:23:39 peter: even more careful than that. having watched debate, it's not right now to draft tech specs but a step prior to that --getting understanding of common vocabulary/use cases. 17:23:53 The 17th will be a great trust-building exercise. 17:23:59 Well, I guess Google and Adobe are small players :-) I'm sure this will all work out differently next time. 17:24:10 am I the only one who finds the irony of proposing to have the tech meeting in Europe when many of our technical participants (most browse participants, roy, etc) are in the US? 17:24:13 peter: ability of people to talk past each other in this area is great, but there is more agreement than it seems 17:24:36 s/browse/browser/ 17:24:37 I think peter's suggestion was not that he found a time that worked with all technical experts, but that there was some minimum that were available, and so it would be useful to have them meet 17:24:46 202.296.1883 is Keith Scarborough with ANA 17:24:59 nick, with a small subset not including any of the browsers i'd be surprised if we saved any time 17:24:59 peter: thought would be this is a step towards face to face in mid february. i don't have text or extra pieces in my own mind. when we hvae quality people talking about de-identification we can move toward tech drafting 17:25:02 zakim, who is on the phone? 17:25:02 On the phone I see npdoty, aleecia (muted), IAB, Joanne, jeffwilson, efelten, dsinger, samsilberman, susanisrael, schunter (muted), BrendanIAB?, dwainberg, vincent, yianni, 17:25:05 ... adrianba, jchester2 (muted), +1.202.331.aall, fielding, AnnaLong, dan_auerbach, BillScannell, Rigo (muted), AdamTurkel, richardweaver, +1.202.639.aarr, [CDT], +1.202.296.aass, 17:25:05 ... moneill2, Brooks, vinay, Craig_Spiezle, eberkower, hefferjr, DAvid, Jonathan_Mayer, Chris_Pedigo, [Microsoft], johnsimpson, WileyS, Peder_Magee, tedleung, Bryan_Sullivan, 17:25:05 ... [Google] 17:25:05 IAB has Chris_IAB, peterswire 17:25:05 [Google] has ifette 17:25:24 zakim, cdt has justin_ 17:25:24 +justin_; got it 17:25:25 Yes 17:25:26 Zakim, aass is KeithScarborough 17:25:26 +KeithScarborough; got it 17:25:29 peter: hope is on feb 11-13 we can try to see how far we can get in mit. responsive mattias? 17:25:35 npdoty, it's being referred to as "The Brussles technical meeting" 17:25:35 at 6am ;-) 17:25:57 peter: shifting to list of some topics. Talking to Khalid about possible topics. 17:26:20 peter: what are incentives to do de-idnetification now: privacy policy, worrry about breach, etc. 17:26:21 ifette, Peter had suggested that it might also be useful for those attending CPDP to talk about technology in late January in Brussels (in addition to next week in DC) 17:26:30 peter: what are measures of risk of re-identification 17:26:44 hober has joined #dnt 17:27:08 peter: what are roles of tech safeguards vs administrative safeguards. privacy act from 70s talks about tech, admin, physical safegurads 17:27:40 It might be helpful to have a reading list to level-set prior to the focused meeting 17:27:46 peter: hashing. discussion of what anybody means by magic term of persistent identifiers. 17:27:55 +1 on reading list 17:28:00 that is a potential list of things that might occupy us for 3 1/2 hr meeting. 17:28:01 and a wiki 17:28:21 if we'd like a wiki for our WG on the home page, I can set that up 17:28:26 Because to fly coast to coast for 3.5 hours, and pay full fare, I'd like to make damn sure it's useful 17:28:27 peter: this work on de-identification arose from meetings with a lot of groups including jeff chester's privacy group 17:28:34 ... in fact, we have that set up for Privacy in general, and could set up some pages there 17:28:43 That's not true, Peter. You asked for a general meeting with US NGOs. That's what the Privacy Coalition meeting in DC was about. You should have done this differently. 17:28:43 q? 17:28:54 + 1 nick 17:28:54 peter: now public discussions that start next thursday. still in remedial state of seeing how to get chat to work. 17:28:55 It would also be useful to know who the technical experts are who will be there. 17:29:18 q? 17:29:19 q+ 17:29:24 peter: i apologize that i talk better than mulitask and my irc channel went dead. 17:29:26 Request reading list by Saturday 17:29:36 thx for the help for me (I guess I forgot all about Zakim over the holidays). 17:29:41 q? 17:29:47 ack jmayer 17:29:51 (on bus, so not going to speak) 17:29:52 ack jmayer 17:29:53 ack ri 17:29:56 Zakim, unmute me 17:29:56 schunter should no longer be muted 17:30:16 peterswire has joined #DNT 17:30:32 jmayer: had a question about attendance. I understand that many members of group might be there but can organizations bring in software engineers and tech staff. 17:31:02 limited to W3C member organizations, right? 17:31:19 peter: want more phds and fewer jds, so yes. not trade secrets of companies but work through issues that concern companies. 17:31:23 Are press invited or barred? 17:31:38 We don't have room for press :) 17:31:47 IPR policy would be a concern otherwise - as technical solutions are being discussed 17:31:49 You don't have room for participants 17:31:51 peter: is it limited to w3 member organizations? staff might help but i think it could be someone there on behalf of an organization 17:32:01 It needs a larger venue that CDT. 17:32:08 I'm fine with that 17:32:18 peter: press? i would have expected it to be on same basis as other calls. 17:32:19 As am I, we were just trying to help! 17:32:21 zakim, mute me 17:32:21 Rigo was already muted, rigo 17:32:22 action: doty to set up wiki page for sharing reading list / technical papers on deidentification 17:32:22 Created ACTION-347 - Set up wiki page for sharing reading list / technical papers on deidentification [on Nick Doty - due 2013-01-16]. 17:32:26 ack ri 17:32:30 Just wanted clarity (fine with no press, that is. Also fine with larger venue) 17:32:36 peter: if count gets to 50 in next few days will look for another venue 17:32:40 peter: other questions? 17:32:51 Reading? 17:32:52 -efelten 17:32:55 zakim, unmute me 17:32:55 Rigo should no longer be muted 17:32:57 Peter: if no other questions or comments, turn this over to Mattias. 17:33:01 Could someone raise that? 17:33:09 q+ 17:33:19 q- 17:33:25 mattias: when you post you should describe goals and initial definitions would be helpful 17:33:32 Thanks, Matthias -- if we could get a list of reading by sat 17:33:33 Would be great to hear who the technical experts in attendance will be. Would be a shame if it's the same cast of policy and law characters. Would enjoy a deep engineering chat. 17:33:43 justin: there was agreement on irc that agenda and reading in advance would help 17:33:45 That would help us all start with uniformly higher clue 17:33:49 Zakim, agenda? 17:33:49 I see 8 items remaining on the agenda: 17:33:50 1. Next steps for compliance [from npdoty] 17:33:50 2. Action items [from npdoty] 17:33:50 3. Revised exceptions approach [from npdoty] 17:33:50 4. multiple first parties [from npdoty] 17:33:50 5. updates to JS API [from npdoty] 17:33:50 6. Service Providers [from npdoty] 17:33:50 7. Pending Review [from npdoty] 17:33:51 8. Open issues [from npdoty] 17:34:00 Zakim, who is on the phone? 17:34:00 On the phone I see npdoty, aleecia (muted), IAB, Joanne, jeffwilson, dsinger, samsilberman, susanisrael, schunter, BrendanIAB?, dwainberg, vincent, yianni, adrianba, jchester2 17:34:04 ... (muted), +1.202.331.aall, fielding, AnnaLong, dan_auerbach, BillScannell, Rigo, AdamTurkel, richardweaver, +1.202.639.aarr, [CDT], KeithScarborough, moneill2, Brooks, vinay, 17:34:04 ... Craig_Spiezle, eberkower, hefferjr, DAvid, Jonathan_Mayer, Chris_Pedigo, [Microsoft], johnsimpson, WileyS, Peder_Magee, tedleung, Bryan_Sullivan, [Google] 17:34:04 IAB has Chris_IAB, peterswire 17:34:04 [CDT] has justin_ 17:34:04 [Google] has ifette 17:34:08 peter: a couple of initial docs would be hhs guidance and ico guidance that i mentioned and i will send around links 17:34:11 & nick, thanks for adding them to the wiki 17:34:26 mattias: what do we do with open items on compliance spec. Pause and push again? 17:34:32 Can we deal with this on the next call? 17:34:33 q+ 17:34:39 ack ri 17:34:42 Please do not close & recreate, but Peter dropped 17:34:51 Off to Admin Law. Until next week... 17:34:59 -Jonathan_Mayer 17:35:25 mattias. we need to decide soon what to do with open items on compliance spec-can discuss offline 17:35:29 peter: yes, offline 17:35:39 peterswire has joined #dnt 17:35:48 Zakim, take up agendum 2 17:35:48 agendum 2. "Action items" taken up [from npdoty] 17:35:49 mattias: overdue action items next on agenda, will ignore compliance items and review others 17:36:10 mattias: action (343?) on nick. item 102. 17:36:14 -[CDT] 17:36:25 peterswire has joined #dnt 17:36:41 npdoty: since i wrote up summary there has been active thread so i am not sure my summary on issue 112 matches what group thinks now 17:37:00 npdoty: can write up and see if there are changes. can do mine within week 17:37:15 mattias: close action, open issue bc no agreed on text 17:37:32 npdoty: just push my action out a week and i will have a proposal. not sure if only proposal 17:37:35 (do we have minutes to review?) 17:37:53 http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner 17:37:56 action-340? 17:37:56 ACTION-340 -- Joanne Furtsch to update on audits field proposal and any normative requirements as necessary -- due 2012-12-05 -- OPEN 17:37:56 http://www.w3.org/2011/tracking-protection/track/actions/340 17:37:59 Mattias: ok. next action 340, update on audit fields on joanne furtsch. any news 17:38:21 joanne: iwill need a little bit of...actually thought we closed this bc fine with language in current draft of tpe 17:38:29 mattias: ok. 17:39:22 mattias: next one is 342. on me. ask for objections to new ex ception model. i will mark this as closed bc will discuss new model in a min. does not mean we agree just doesn't make sense to discuss now 17:39:31 mattias: on david action 345. 17:39:54 apologies, I have responding to dsinger on my to-do list 17:40:03 action-345? 17:40:03 ACTION-345 -- David Singer to condense non-norm examples on non-JS third parties and integrate into spec -- due 2012-12-12 -- PENDINGREVIEW 17:40:03 http://www.w3.org/2011/tracking-protection/track/actions/345 17:40:07 dsinger: i wrote email but did not get feedback. ought to get that before close. will put it up again. 17:40:37 mattias: david resent text once. my suggestion is to put in text and can then fine tune. is non-normative text 17:40:44 dsinger: ok will integrate into text 17:40:56 kj has joined #dnt 17:41:19 mattias: action 332 on dwainberg. 17:41:26 action-332? 17:41:26 ACTION-332 -- David Wainberg to review TPE spec to ensure iframes are fine for exception API; if not, propose text changes -- due 2012-12-05 -- OPEN 17:41:26 http://www.w3.org/2011/tracking-protection/track/actions/332 17:41:42 dwainberg: i did spend time on this but was a while ago. if we could push another week, i will review notes and follow up 17:41:53 mattias: ok so i think this is all the tpe related actions 17:42:04 Zakim, take up agendum 3 17:42:04 agendum 3. "Revised exceptions approach" taken up [from npdoty] 17:42:44 mattias: revised approach on exeptions. david has integrated into text. browser responsible for getting user preference than puts in browser for storage and may check with user if it wants 17:43:06 q? 17:43:07 Zakim, drop aall 17:43:07 +1.202.331.aall is being disconnected 17:43:07 q+ 17:43:08 link? 17:43:09 - +1.202.331.aall 17:43:12 Zakim, drop aarr 17:43:12 +1.202.639.aarr is being disconnected 17:43:12 to what david put in? 17:43:14 - +1.202.639.aarr 17:43:17 ack adrianba 17:43:18 mattias: so push for later, david said we need addtional functionality and on agenda item 5 we need feedback on what david put in spec 17:43:53 can we get a link to the specific changed text? 17:43:57 q+ to note that it's good that there are no UI requirements (but sync/async) 17:44:01 efelten has joined #dnt 17:44:03 efelten has left #dnt 17:44:06 -[Microsoft] 17:44:23 adrianba: i think i mentioned before but 3 points on which i have feedback. 1. need api to be able to understand whether exception granted....important bc asking owner of site to be responsible for informed consent.... 17:44:40 http://www.w3.org/mid/DD4C0887-F30F-42AD-BD75-01AFEEC02968@apple.com 17:44:40 ...they need to know if they must ask or have already asked and been granted exception 17:44:43 +[Microsoft] 17:44:51 + +1.202.639.bbbb 17:45:01 * cab someone else take over scribing for a while? 17:45:09 scribenick: npdoty 17:45:16 adrianba: 2nd point re subdomains 17:45:23 adrian: regarding subdomains, implicit parameter of the current document origin 17:45:25 *thanks nick 17:45:41 adrianba: as much as I'd like that we wouldn't have to deal with subdomains, I think we will have to 17:45:48 ... have to deal with subdomains 17:45:58 npdoty: if you want me to take it back after a while i can scribe again after a few min 17:46:00 ... common out-of-band mechanism would be a cookie, which can be stored across sub-domains 17:46:30 Exceptions persistence is preferred as it is at parity with the persistence of the DNT signal 17:46:32 ... if we don't have that capability for the exception API, then either sites will have to use both, or choose between them 17:46:55 ... making the exception API work in exactly the same way as cookies is going to be necessary 17:46:55 Full domain will inadvertently pull in some third parties 17:47:10 Aleecia - do you have examples? 17:47:13 E.g. Analytics.acme.com 17:47:27 ... 3) today we have the ability to provide an array of domain strings 17:47:33 That doesn't exist in the real-world. Do you have a real-world example? 17:47:46 ... when I request an exception, I can say that it's for a certain domain 17:47:47 It does -- apple 17:47:57 ... currently optional, has a huge amount of complexity 17:48:04 +1 to adrianba 17:48:11 ... Microsoft, since it's optional, would ignore 17:48:19 aleecia, all outreach measuring in Germany is done by ivwbox.journalxyz.de that reports to a common third party. So the third party uses a subdomain of the content provider 17:48:20 Aleecia, are you saying there are locations where apple is being captured as a sub-domain on another 1st party site? 17:48:55 ... when your list changes, do you have to call it again with the full list? requires the site to manage complexity 17:49:07 ... would prefer to remove it completely 17:49:10 hm, to adrian, it's optional on both sides, so if it's too complex for you on either side, don't use it. can you post your questions to the list? 17:49:11 *.apple.com can cover third parties like google or adobe, who provide analytics 17:49:12 + +1.646.666.bbcc 17:49:21 q+ 17:49:27 ... otherwise like the direction we're moving in 17:49:34 We've covered this in compliance 17:49:40 Aleecia, so are you saying there is a "google.apple.com" domain in the real-world? 17:49:49 efelten_ has joined #dnt 17:49:49 Yes 17:50:06 Chapell has joined #DNT 17:50:15 q? 17:50:16 David Singer - can you comment on Aleecia's claim? Is there a "google.apple.com" domain that your company current supports? 17:50:24 I think anything that is x.apple.com is under a legal SP relationship with apple (I don't actually know for certain) 17:50:26 ack npdoty 17:50:26 npdoty, you wanted to note that it's good that there are no UI requirements (but sync/async) 17:50:31 scribenick: susanisrael 17:50:37 q? 17:50:47 WileyS: see my example, this is the way outreach is measured in Germany 17:50:58 Questions that are open: 17:51:04 - exact set of JS APIs 17:51:06 Aleecia, so if its a service provider, is that okay to you that exceptions to the host domain cover their service providers as well? 17:51:09 - Sync vs async APIs 17:51:14 npdoty: i appreciated that when david integrated this he eliminated ui requirements, but making api synchronous demands that user not show interactive ui and don't know why we would foreclose 17:51:15 - Handling of subdomains 17:51:32 Rigo, I'm very familar with Germany's approach - but I don't believe that's what is being discussed here. 17:51:34 What I'm saying is, let's not break that as possible, and also not rely on *.foo.com all being foo 17:51:36 the user agent is no longer *required* to confirm; it still may 17:51:42 ....i think this is worse than old approach since user will no longer be confirning that user wants to send dnt 0. 17:51:58 .....i think it would cast doubt on what dnt 0 means 17:52:06 q? 17:52:06 Aleecia, as a company that would like to actually implement the W3C's version of DNT, I believe *.domain.com is going to be necessary. 17:52:12 ack ifette 17:52:19 aleecia, if service providers are considered third parties, there is no incentive for siloing data by first party 17:52:21 *nick should i continue or are you scribing again? 17:52:41 ifette: agree with adrian's 3 points... 17:53:08 ...there is a general trend in new apis to try to get away from asynchronous apis which are more complex to implement 17:53:37 ifette: if site is confirming, browser should store, no reason to be asynchronous. 17:53:57 q+ 17:54:12 q+ 17:54:13 +1 to Ian on site driven exception process (default) 17:54:26 ifette: think we need to keep it as model where site asks on its own real estate and explains why it is asking exception. no tsaying browsers can't confirm but don' thave to. synchronous api makes more sense 17:54:27 Opinion/Question: The DNT header is the only normative transmission mechanism for DNT;0 (i.e., the values returned by JS are only indicative) 17:54:33 I agree with Nick that a specification should not foreclose the browser confirming the storage of an exception 17:54:39 it wouldn't just be the default though, it would make it impractical to implement a UI that confirmed 17:54:57 I'm not sure we ought ask for reimplementations, Roy, but if you think your customers are up for it, you'd know better than I do. Is google also in? If we add "everything under *.acme must be acme," I'm fine 17:55:05 mattias: i think whatever comes back from javascript just responses on whether script was received. permission management is only about values you may or may not send. 17:55:23 That would simplify a lot of problems 17:55:35 I'd expect objections against that from a lot of corners. 17:55:47 q? 17:55:53 ack schunter 17:55:54 ack schunter 17:55:55 ....i would go for synchronous too 17:55:56 ack dsinger 17:56:01 Then expect me to object to treating *.acme as axiomatically first party 17:56:18 aleccia, ownership is irrelevant to privacy controls; I cannot even confirm your assumption regarding adobe and apple 17:56:22 dsinger: i think synchronous ok but harder for UA to confirm what user wants to do. 17:56:22 q+ 17:56:32 (cannot understand david) 17:56:49 ....if really anal about it could hold request while confirms with user but doesn't mean api must be aynchronous. 17:56:58 David - are you speaking on a speaker phone? Hard to hear you clearly... 17:57:03 s/aleccia/aleecia/ 17:57:05 We've discussed this at length, months ago. My info comes from this grou 17:57:05 dsinger: leads to complication for browser 17:57:05 David says that user agent can reconfirm with user before actually acting on a JS request from a site. Thus sync API should be OK. 17:57:31 * thanks schunter 17:57:44 I'm having a very hard time understanding david 17:57:51 dsinger: if too complicated for browser to implement don't do it 17:58:01 hard to understand dsinger--voice is muffled 17:58:05 And I'm not sure why you think ownership is irrelevant... But I suspect we're into a very different discussion there 17:58:19 [this comment was for aiming at the explicit/explicit lists: they are optional on both sides] 17:58:28 q? 17:58:32 If *.foo is not always foo, but we treat it as if it is, we're failing 17:58:35 ack npdoty 17:58:44 dsinger: could lead to users declining. understand caution about requiring browser confirmation but should permit it 17:58:57 Cannot understand David 17:58:59 -DAvid 17:59:18 npdoty: will try to respond to dsinger and repeat some 17:59:28 The only way out of that is to put all liability on the first party, but that's not going to happen. 17:59:49 ?!?!?! 17:59:49 ....1> synchronous version of api ok bc if browser wants to confirm could do after and revoke if necessary 17:59:55 so you lie to the site? 17:59:57 that's nuts 18:00:03 Aleecia, if a domain holder claims *.domain.com as their own, then I think we're on the same page. A domain holder should not request a full *.domain.com exception if they don't manage all the sub-domains associated with the core domain. 18:00:03 What? 18:00:03 npdoty: preferable 18:00:05 "Yes, I have stored your request, but not really" 18:00:30 semantics: "Yes, I received your request and I started processing it". 18:00:47 "once the processing is completed, I will act on the outcome" 18:00:49 npdoty: other reason for specific lists is that user might not approve request that would cover all trackers. 18:01:02 ....this was way to get more users to grant exceptions. 18:01:11 kj has joined #dnt 18:01:19 ...if ua not the one requesting exception then maybe thats not relevant 18:01:21 aleecia, control is the relevant issue -- the domain ownership has no relation to the companies that touch data via that domain. The only thing ownership states is who can map the address to a new destination. 18:01:38 fielding has it exactly right 18:01:47 +DAvid 18:01:50 the http cookie spec doesn't demand that the UA store every cookie, does it? 18:02:27 schunter: would like to close this discuss, feeling we may have consensus. no strong objection to synchronous API. Nick should also check whether his semantics covered in spec. May create issue, post resolution then close again. 18:02:32 suggest (a) make sure the spec. does not preclude 'pending' the request while getting confirmation (b) adding the 'does my exception stand' APIs 18:02:36 npdoty, if the cookie isn't stored then we see sites using other fingerprinting which is not really a practice we want to encourage 18:02:42 I'm still inclined to prefer async for reasons Nick notes, though as I understand David's point, that strikes me as a reasonable alternative 18:03:03 q+ 18:03:06 schunter: explicit/explicit. should have explicit. if browsers find too complext don't need to implement (david's point) 18:03:06 q? 18:03:20 ifette, do you think that's a reason for IETF to update the cookie spec to demand that all cookies be stored, even if the user/UA doesn't want them? 18:03:25 I've yet to hear any UA say that they intend to implement the specific-specific 18:03:32 dsinger: i should take action to make sure UA not precluded from confirming request. 18:03:43 npdoty, RFC6265 has a MAY ignore the Set-Cookie 18:03:54 npdoty frankly yes, i think cookie blocking has gotten us into a far worse state from the stance of transparency and user control 18:04:23 action: dsinger to ensure that the exception APIs do not preclude the UA from pending the set to get user approval 18:04:24 Created ACTION-348 - Ensure that the exception APIs do not preclude the UA from pending the set to get user approval [on David Singer - due 2013-01-16]. 18:04:25 schunter: jscript api --will discuss in a minute. all on item 5 on agenda. 18:04:26 ifette, well, that's a good thing for us to take up with Adam Barth and others, eh? 18:04:39 npdoty i have to pick my battles 18:04:47 action: dsinger to propose 'does my exception stand' APIs for both site and web exceptions 18:04:47 Created ACTION-349 - Propose 'does my exception stand' APIs for both site and web exceptions [on David Singer - due 2013-01-16]. 18:04:47 q? 18:04:48 schunter: keep new approach, people can generally live with it. 18:04:52 ack dsinger 18:04:55 ack dsinger 18:04:58 We have an unsolved issue that I will object strongly to 18:05:11 Zakim, agenda? 18:05:11 I see 8 items remaining on the agenda: 18:05:13 1. Next steps for compliance [from npdoty] 18:05:13 2. Action items [from npdoty] 18:05:13 3. Revised exceptions approach [from npdoty] 18:05:13 4. multiple first parties [from npdoty] 18:05:13 5. updates to JS API [from npdoty] 18:05:13 6. Service Providers [from npdoty] 18:05:13 .....schunter: item 6--multiple parties on site. 18:05:14 7. Pending Review [from npdoty] 18:05:14 8. Open issues [from npdoty] 18:05:17 aleecia, which? 18:05:17 Zakim, take up agendum 4 18:05:17 agendum 4. "multiple first parties" taken up [from npdoty] 18:05:25 ....roy started proposing text. 18:05:31 can roy recap? 18:05:57 (and I just got 2 pages of irc lag. Catching up) 18:06:08 fielding: original qu was how do we indicate in response protocol that there are multiple 1st parties on a site or page. Can we? answer was not in current spec 18:06:24 ....proposal was to give an array of links that answers who first party is. 18:06:39 as I understand it, the new issue would be a correspondence to issue-181, regarding multiple first parties in the Compliance doc 18:07:15 fielding: david asked when this would occur. think this is us getting rusty over break. many co-branded promotional sites. 18:07:35 ...in these cases more than one real first party receives data entered on site. 18:07:52 -adrianba 18:08:02 solution fairly simple. haven't heard complaints re needing identifier for site. 18:08:18 ....for service provider this is no harder ... 18:08:27 q+ 18:08:35 schunter: my impression also is that this was fairly uncontested. 18:08:37 q? 18:08:39 http://lists.w3.org/Archives/Public/public-tracking/2012Nov/0004.html 18:08:40 ack npdoty 18:08:50 schunter: who likes/dislikes? 18:09:11 npdoty: does this replace policy representation? or have both first party and policy and have them mean different things? 18:09:26 peterswire has joined #DNT 18:09:32 fielding: latter. Like creative commons. 1st party link would simply identify first party 18:09:35 Basically this untangles policy and first party (that used to be intermingled9. 18:09:36 ). 18:09:41 npdoty: thanks, understand now. 18:09:55 right, I now see why we want to untangle those two. 18:10:26 schunter: other feedback? no? so suggest roy update spec with issue 190 next to text in spec then i will ask if there are objections, ok? 18:10:36 schunter: if no objections we will close issue 190 18:11:01 action: fielding to update tpe regarding multiple first parties, per proposal in action-328 18:11:01 Created ACTION-350 - Update tpe regarding multiple first parties, per proposal in action-328 [on Roy Fielding - due 2013-01-16]. 18:11:14 Zakim, agenda? 18:11:14 I see 8 items remaining on the agenda: 18:11:16 1. Next steps for compliance [from npdoty] 18:11:16 2. Action items [from npdoty] 18:11:17 3. Revised exceptions approach [from npdoty] 18:11:17 4. multiple first parties [from npdoty] 18:11:17 5. updates to JS API [from npdoty] 18:11:17 6. Service Providers [from npdoty] 18:11:17 7. Pending Review [from npdoty] 18:11:17 8. Open issues [from npdoty] 18:11:21 Zakim, take up agendum 5 18:11:21 agendum 5. "updates to JS API" taken up [from npdoty] 18:11:28 schunter: closes item no 6 on agenda. No 7 is update to jscript API. couple of changes, first to move dnt property to window from navigator 18:11:50 ....no one objected. 2nd point from nick was to remove "DNT status?" since it was redundant 18:12:21 q+ 18:12:22 npdoty: could call on navigator to see if will get dnt for site. now jscript should know if it has exception now without asking 18:13:01 that is, it should know by checking the window.doNotTrack property what the value is for my iframe 18:13:07 dsinger: to summarize, 2 current APIs. one asks what is user preference. Other: what header would i get? 18:13:20 ....different questions. we may not need to answer both. 18:13:33 dsinger: ok to discuss both 18:13:36 right, I was suggesting that we don't need to be able to ask about the general preference, which I'm not sure will be a consistent concept 18:14:05 schunter: don't have notion of general preference. have header and that is preference. don't care how finegrained preference management. 18:14:11 I thought fielding thought was that we did have a general preference 18:14:36 dsinger: do we delete old API and just keep one that just asks what header would i get? 18:14:44 -[Microsoft] 18:14:51 efelten has joined #dnt 18:15:14 fielding: i don't know if necessary but other API i don't understand 18:15:16 +[Microsoft] 18:15:26 dsinger: let's take offline, thought it was fully fleshed out 18:15:34 fielding: not in the draft 18:15:58 fielding: have APIs from amsterdam been reflected in spec? 18:16:17 dsinger: 6.6. that's the one script should be using 18:16:32 fielding: possible it's not relevant any more i have not reviewed 18:16:39 dsinger, I thought the proposal was to move doNotTrack from navigator to window and drop requestDNTStatus? 18:16:49 schunter: simpler=better, and no one pushing to keep it 18:17:13 npdoty: is proposal to remove request dnt status? 18:17:23 fine with me 18:17:37 -Craig_Spiezle 18:17:38 schunter: yes. will have to debug anyway, and better done in implementation than on paper 18:18:02 dsinger: not request dnt status we want to drop....navigator do not track (prompted by fielding 18:18:08 is there a difference between window.doNotTrack and navigator.requestDNTStatus() ? 18:18:45 schunter: move jscript dnt status to window, remove navigator dnt 18:18:47 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#js-dom 18:18:59 schunter: nick and david can you work on proposal and just do it? 18:19:24 action: singer to make updates to window/navigator version of doNotTrack (with Nick) 18:19:24 Created ACTION-351 - Make updates to window/navigator version of doNotTrack (with Nick) [on David Singer - due 2013-01-16]. 18:19:31 schunter: second half of item 7 is while writing text david found two quesitons not answered by current api text. elaborate? 18:20:09 dsinger: api may want to respond to response re: user preference/exception grant or refusal 18:20:15 http://lists.w3.org/Archives/Public/public-tracking/2013Jan/0026.html 18:20:20 q? 18:20:24 q- 18:20:24 ack dsinger 18:20:34 ....not possible generally to find out does my exception still stand. think this is uncontroversial 18:20:35 David - what is your proposal to answer those questions? 18:20:54 +q 18:20:58 schunter: suggest david update spec to answer those 2 questions 18:21:19 I'm not sure I see the value in a separate API to answer those questions (separate from whether I have a DNT:0) 18:21:22 shane wiley: david, how were you expecting to answer those questions, which i think are valid 18:21:44 dsinger: want to write api that answers with simple yes/no 18:22:03 setter + getter 18:22:07 dsinger: confirm webwide exception, confirm site exception..... 18:22:30 I think it would be best if we get the current state (as believed by David and Nick and whoever else has proposals for the API) in the draft and then ask for a review of editors draft 18:22:33 schunter: david and/or nick can you update to include this change? 18:22:40 ...then we can debug 18:22:42 action: singer to write a confirm-exception-still-exists api 18:22:42 Created ACTION-352 - Write a confirm-exception-still-exists api [on David Singer - due 2013-01-16]. 18:22:42 action: dsinger to design the 'confirm exceptions' APIs 18:22:42 Created ACTION-353 - Design the 'confirm exceptions' APIs [on David Singer - due 2013-01-16]. 18:22:52 close action-352 18:22:52 Closed ACTION-352 Write a confirm-exception-still-exists api. 18:23:06 action-352: duplicate, see action-353 18:23:06 Notes added to ACTION-352 Write a confirm-exception-still-exists api. 18:23:19 Note that first-party array will change this text. 18:23:37 schunter: would like to spend 4 min max on item 8. had many discussions on service providers, discussed that sp often not visible. does david's text make sense? 18:23:42 Zakim, take up agendum 6 18:23:42 agendum 6. "Service Providers" taken up [from npdoty] 18:23:44 -moneill2 18:23:56 schunter: roy would you update to include first party array 18:24:04 agree that we need that update 18:24:18 schunter: if you like direction, just account for first party array, we can take up updated text 18:24:35 fielding: don't necessarily like direction, but can do it 18:24:38 Makes sense - will be important that there be a single first party array that all entries in the array can reference (even if across domain origin boundaries) 18:24:39 action: fielding to update Service Providers proposal to incorporate first-party array 18:24:39 Created ACTION-354 - Update Service Providers proposal to incorporate first-party array [on Roy Fielding - due 2013-01-16]. 18:24:56 issue-112? 18:24:56 ISSUE-112 -- How are sub-domains handled for site-specific exceptions? -- open 18:24:56 http://www.w3.org/2011/tracking-protection/track/issues/112 18:25:04 q+ 18:25:05 schunter: what are next steps on subdomains (don't want to take up agenda items 9/10 18:25:07 q? 18:25:15 ack WileyS 18:25:18 ack npdoty 18:25:19 .....opinions on subdomains? 18:25:36 -tedleung 18:25:44 Thank you, Shane 18:25:49 q+ 18:25:55 q+ 18:25:59 ack dsinger 18:26:00 wileys: active discussion on list/irc. subdomains must be supported in wildcard and other(?) context 18:26:03 (trying to keep up here through lag) 18:26:13 +Ted_Leung 18:26:35 dsinger: aware there was side conversation in irc today but did not follow 18:26:41 wileys: will work with david 18:26:52 Sounds good 18:27:06 schunter: suggest david makes proposal, sends to shane and aleecia see what comes back, ok? 18:27:19 Happy to work with Shane & david 18:27:36 http://lists.w3.org/Archives/Public/public-tracking/2013Jan/0007.html 18:27:39 dsinger: posted jan 7 18:28:02 schunter: repost pls? 18:28:25 npdoty: i thought there was not agreement and people did not want to use cookie model 18:28:30 see http://lists.w3.org/Archives/Public/public-tracking/2013Jan/0007.html 18:28:38 peterswire has joined #DNT 18:28:46 Nick - what do you mean by "the cookie model"? That sub-domains be supported in exception recordings? 18:28:49 schunter: i think opinion has changed. adrian pointed out people feel they must use cookie model though they don't like it 18:28:58 - +1.646.666.bbcc 18:29:13 npdoty: will take offline. will take my action on 112 to write up model not like cookies. 18:29:27 efelten_ has joined #dnt 18:29:30 I suggest to pick either cookie model or same-origin model. Most importantly, don't add another model. 18:29:35 WileyS, sorry, "cookie model" is too brief 18:29:46 Among the two, I'd recommend against the cookie model. But that's just me. 18:29:46 the cookie model has the ugly problem of public suffixes 18:29:49 -Bryan_Sullivan 18:29:56 -richardweaver 18:29:58 schunter: thanks, we did more than i expected. let's keep this pace. peter and i will synch and post agenda, happy new year. 18:30:03 I thought there was support for the document origin model, which wouldn't automatically include all subdomains 18:30:07 -samsilberman 18:30:08 -vinay 18:30:08 -susanisrael 18:30:10 -KeithScarborough 18:30:14 -[Google] 18:30:16 -dan_auerbach 18:30:17 Nick, I think so 18:30:18 -BrendanIAB? 18:30:20 -dwainberg 18:30:20 -Ted_Leung 18:30:21 -vincent 18:30:21 zakim, unmute me 18:30:21 Rigo was not muted, rigo 18:30:24 -dsinger 18:30:25 tedleung has left #dnt 18:30:25 -Joanne 18:30:27 dsinger, I *hope* that's where we end up... 18:30:30 -[Microsoft] 18:30:37 -johnsimpson 18:30:38 just from a technical sanity perspective :) 18:30:41 Nick - I'm open in either direction. If origin model, then wildcards will need to be supported. 18:30:44 -fielding 18:30:45 -Rigo 18:30:45 -schunter 18:30:46 -AdamTurkel 18:30:46 -hefferjr 18:30:46 -Peder_Magee 18:30:47 - +1.202.639.bbbb 18:30:48 -Brooks 18:30:51 -yianni 18:30:52 rrsagent, draft minutes 18:30:52 I have made the request to generate http://www.w3.org/2013/01/09-dnt-minutes.html npdoty 18:30:52 -DAvid 18:30:52 -WileyS 18:30:55 Zakim, drop IAB 18:30:55 IAB is being disconnected 18:30:57 -IAB 18:31:04 -Chris_Pedigo 18:31:08 johnsimpson has left #dnt 18:31:10 peterswire_ has joined #DNT 18:31:36 -jchester2 18:31:41 -BillScannell 18:31:45 -eberkower 18:31:46 Zakim, list attendees 18:31:46 As of this point the attendees have been +1.510.859.aaaa, npdoty, +1.408.674.aabb, aleecia, +1.212.380.aacc, +1.212.380.aadd, +1.415.520.aaee, peterswire, Chris_IAB, Joanne, 18:31:49 Who is that? 18:31:50 ... Lmastria_DAA, +1.703.265.aaff, +1.609.310.aagg, efelten, jeffwilson, +1.781.482.aahh, dsinger, +1.215.286.aaii, samsilberman, schunter, +1.646.801.aajj, BrendanIAB?, dwainberg, 18:31:50 ... +1.202.587.aakk, vincent, susanisrael, jchester2, adrianba, +1.202.331.aall, yianni, +1.714.852.aamm, AnnaLong, fielding, +1.301.351.aann, +1.650.787.aaoo, Rigo, 18:31:54 ... +1.646.827.aapp, BillScannell, +1.703.438.aaqq, +1.202.639.aarr, +1.202.296.aass, AdamTurkel, richardweaver, dan_auerbach, +1.678.580.aatt, Brooks, +1.415.728.aauu, vinay, 18:31:54 ... Craig_Spiezle, moneill2, +1.646.654.aavv, +1.813.366.aaww, hefferjr, Jonathan_Mayer, Chris_Pedigo, eberkower, [Microsoft], +1.310.392.aayy, +1.408.349.aazz, Peder_Magee, 18:31:58 ... johnsimpson, +1.206.664.bbaa, tedleung, WileyS, DAvid, Bryan_Sullivan, ifette, justin_, KeithScarborough, +1.202.639.bbbb, +1.646.666.bbcc, Ted_Leung 18:31:58 -AnnaLong 18:31:58 -jeffwilson 18:32:06 Who is bill scanell? 18:32:14 -aleecia 18:32:24 Georgia tech, elsewhere? 18:33:49 EMC, it seems 18:34:53 Zakim, bye 18:34:53 leaving. As of this point the attendees were +1.510.859.aaaa, npdoty, +1.408.674.aabb, aleecia, +1.212.380.aacc, +1.212.380.aadd, +1.415.520.aaee, peterswire, Chris_IAB, Joanne, 18:34:53 Zakim has left #dnt 18:34:55 rrsagent, bye 18:34:55 I see 8 open action items saved in http://www.w3.org/2013/01/09-dnt-actions.rdf : 18:34:55 ACTION: doty to set up wiki page for sharing reading list / technical papers on deidentification [1] 18:34:55 recorded in http://www.w3.org/2013/01/09-dnt-irc#T17-32-22 18:34:55 ACTION: dsinger to ensure that the exception APIs do not preclude the UA from pending the set to get user approval [2] 18:34:55 recorded in http://www.w3.org/2013/01/09-dnt-irc#T18-04-23 18:34:55 ACTION: dsinger to propose 'does my exception stand' APIs for both site and web exceptions [3] 18:34:55 recorded in http://www.w3.org/2013/01/09-dnt-irc#T18-04-47 18:34:55 ACTION: fielding to update tpe regarding multiple first parties, per proposal in action-328 [4] 18:34:55 recorded in http://www.w3.org/2013/01/09-dnt-irc#T18-11-01 18:34:55 ACTION: singer to make updates to window/navigator version of doNotTrack (with Nick) [5] 18:34:55 recorded in http://www.w3.org/2013/01/09-dnt-irc#T18-19-24 18:34:55 ACTION: singer to write a confirm-exception-still-exists api [6] 18:34:55 recorded in http://www.w3.org/2013/01/09-dnt-irc#T18-22-42 18:34:55 ACTION: dsinger to design the 'confirm exceptions' APIs [7] 18:34:55 recorded in http://www.w3.org/2013/01/09-dnt-irc#T18-22-42-2 18:34:55 ACTION: fielding to update Service Providers proposal to incorporate first-party array [8] 18:34:55 recorded in http://www.w3.org/2013/01/09-dnt-irc#T18-24-39 18:34:57 ... Lmastria_DAA, +1.703.265.aaff, +1.609.310.aagg, efelten, jeffwilson, +1.781.482.aahh, dsinger, +1.215.286.aaii, samsilberman, schunter, +1.646.801.aajj, BrendanIAB?, dwainberg, 18:34:57 ... +1.202.587.aakk, vincent, susanisrael, jchester2, adrianba, +1.202.331.aall, yianni, +1.714.852.aamm, AnnaLong, fielding, +1.301.351.aann, +1.650.787.aaoo, Rigo, 18:35:02 ... +1.646.827.aapp, BillScannell, +1.703.438.aaqq, +1.202.639.aarr, +1.202.296.aass, AdamTurkel, richardweaver, dan_auerbach, +1.678.580.aatt, Brooks, +1.415.728.aauu, vinay, 18:35:02 ... Craig_Spiezle, moneill2, +1.646.654.aavv, +1.813.366.aaww, hefferjr, Jonathan_Mayer, Chris_Pedigo, eberkower, [Microsoft], +1.310.392.aayy, +1.408.349.aazz, Peder_Magee, 18:35:06 ... johnsimpson, +1.206.664.bbaa, tedleung, WileyS, DAvid, Bryan_Sullivan, ifette, justin_, KeithScarborough, +1.202.639.bbbb, +1.646.666.bbcc, Ted_Leung