See also: IRC log
<trackbot> Date: 22 January 2014
<walter> is there a way to get jabber authorisation on Zakim?
<walter> never mind
<Chris_IAB> just joined the line
<GSHans> I can scribe til 1245
<moneill2> ill give it a go
<npdoty> scribenick: GSHans
<npdoty> carlcargill, you might need to get us started, as justin may be having trouble connecting while traveling
<ninja> yes
<walter> justin: either your connection is awful, or mine
<walter> or both, of course
i am scribing
<walter> ok, then it is my lousy hotel wifi
<fielding> issue-239?
<trackbot> issue-239 -- Should tracking status representation include an array of links for claiming compliance by reference? -- raised
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/239
<ninja> http://www.w3.org/2011/tracking-protection/track/issues/239 http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_status_URL_array_for_compliance_regimes
Justin: First issue - ISSUE-239. Technically supposed to go to CfO today. NPDoty was the only person opposed to Roy's proposal.
NPDoty: Sent a quick email about ISSUE-241. Others had expressed concerns about Roy's proposal and I suggested that people would possibly prefer a 241 solution. I think that is the case. It would be descriptive and not in conflict with Roy's. I prefer Proposal 2, for compliance regimes, for the reasons previously enumerated.
<WileyS> On the side of keeping the array - makes complete sense for real-world applications
<vincent> WileyS, why using qualifiers would not?
NPDoty: Concern that we'll give less clarity to users if we can't explain a single compliance concept back to them at this time, and not sure what user agents would do with an array, except for doing white-listing or black-listing. Thus there would be an advantage in defining compliance.
<WileyS> Vincent, qualifiers in the response? I was thinking of this being in a well-known URI address by domain
<fielding> reiterate that having an array of links does not change the number of compliance regimes -- it only communicates them to the user.
Justin: Those are understandable. Local compliance regimes make sense (DAA wants to do one), other JXs may want a more rigorous standard applied to European data flows. Given that there has been controversy surrounding the compliance spec in the group, this gives more ability to set that.
<Chris_IAB> still not sure I understand Nick's proposal: can you please post it?
Justin: Does anyone agree that NPDoty's approach to link to compliance standard is the way to go, or go with Roy's array to indicate possible different compliance regimes.
<npdoty> Chris_IAB, I'll try to dig out the links where I've described it a couple times in the past
<Chris_IAB> and is Roy's in writing where we can read it before casting a preference?
<walter> I prefer the link approach
<vincent> WileyS, what's the point of having them in the URI rather than in the response?
Justin: NPDoty proposed not having a link to how one would comply, but rather a signal of compliance or non-compliance.
<npdoty> Chris_IAB, the editors' draft text since Thanksgiving shows fielding's proposed text
<npdoty> the wiki provides brief summary: http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_status_URL_array_for_compliance_regimes
<Chris_IAB> npdoty, thanks-- can we cut and paste it here?
<Chris_IAB> thanks- that's very helpful Nick
<Chris_IAB> reading now...
SusanIsrael: Could a resource indicate that it's making use of one or two of permitted uses?
NPdoty: There would be optional qualifiers that you could use more than one of.
<Chris_IAB> would love to hear from Roy on this...
NPDoty: ... had preferred that indicate a particular type of compliance in the tracking status resource, rather than allowing potentially for an array.
SusanIsrael: I understand the logic of NPDoty's approach and support that, but also could go with the opportunity to use the array of permitted uses, as long as that's optional and there can be more than one. Believe that Chris and Rob support that.
<Chris_IAB> could Roy's approach be documented as a "good practice"?
Justin: There would still be a pointer to an optional regime - is that different from Roy's proposal? Not sure that there is a distinction there.
SusanIsrael: Not sure if I understand fielding's proposal either.
<npdoty> I documented my concerns on fielding's multiple compliance proposal here: http://lists.w3.org/Archives/Public/public-tracking/2013Dec/0095.html
fielding: First we should talk
about this one issue - 239 (whether we should have a link to
one or more compliance docs in the tracking status
representation. Do we believe indicating in the TPE talks about
the compliance in terms of W3C tracking compliance
specification. is there an assumption that everything is
defined by the compliance doc? ...
... : or it may be possible that there may be multiple
compliance docs in the universe that sites might want to refer
to besides the W3C one, or that there are multiple versions of
the W3C one that might be adopted over time, and the site would
have to say which it was thinking of...
... ... if we all had perfect consensus on v1 of tracking
compliance spec, but discovered that a particular org had found
a loophole and was claiming compliance in an unsuitable way, so
we decided on a new version. now we have two specs, and sites
want to declare that they adhere to the second one rather than
just the first...
<justin> P3P
<npdoty> PICS- or P3P-style
fielding: ... that's the kind of thing that happens with protocols. want to communicate as much transparency as possible. Could include a version status, could add a field that describes all types of compliance, but in this case all that we're doing is giving opportunity to sites to make a list of links that would indicate where or what compliance regimes or regulations they're adhering to...
fielding ... that list is an "and "list, so if there's more than one, you can adhere to more than one. this allows sites to implement tracking status signaling mechanism and not find issues down the road with a new compliance spec.
<Chris_IAB> That seems reasonable to me
Justin: Follow up Qs for fielding or NPDoty?
<Chris_IAB> not really understanding why npdoty prefers to remain silent on this issue?
Justin: Previous calls seemed to show more support for fielding's proposal. If there are people besides NPDoty who want to go with his approach, OK to keep open for a few more days. If npdoty is the only one who supports, he has agreed to just move forward with fielding's proposal...
<susanisrael> Justin, I think Chris and rob may want to comment, so leaving this open for a few more days would be helpful.
<npdoty> indeed, I think my repetitively bringing this up doesn't qualify as "silent" ;)
Justin: OK to not move to CFO or closing right way, to see what work might done on npdoty's going forward.
<Chris_IAB> Notin favor of pigeon holing compliance to W3C only
<Chris_IAB> which Chris??
<npdoty> well, normally we have the practice of a 2-week notice to the mailing list in case people have been traveling and have objections we didn't realize
<susanisrael> Chris pedigo. But feel free to join discussion
<justin> ANY CHRIS!
<justin> (who is in the working group)
<Chris_IAB> Thanks Susan… to the chair, please specify WHICH "Chris" you are referring to :)
<susanisrael> Nick did reach out to us and we did support his proposal, but I feel I can't articulate the whole discussion adequately.
CarlCargill: What is the minimal amount of support needed to make a proposal? How do we close and move on, or do we just wait?
<walter> wseltzer: thanks
<susanisrael> Carl, I apologize, but I think just a couple more days would be helpful. I don't think this is a deliberate delay.
<susanisrael> * Apologies, i was typing.
<susanisrael> I think we would be able to resolve this today but both Chris Pedigo and Rob Sherman are traveling today and would like to have a couple more things to say.
Justin: Don't think that people are trying to deliberately delay. There is some effort to work it out. For years we had assumed that the two documents would be closely linked, so we are now radically changing that.
<susanisrael> Thank you, Justin
<npdoty> my understanding is that there may be some people who don't object either way, but that's distinct
<susanisrael> It's really a scheduling issue.
<susanisrael> I think focus was lost a bit over holidays, and that is the other reason a few more days might be helpful.
CarlCargill: NPdoty, what will it take to communicate that we're going to CFO or have consensus?
<fielding> I thought we just did that.
NPDoty: It's up to chairs but we tend to alert over the list.
CarlCargill: What would indicate support or no support?
<susanisrael> I think if we hear Rob and Chris join Nick in this discussion and the group reacts we can resolve it.
NPDoty: There is some interest in this issue.
<fielding> that is a DIFFERENT issue
CarlCargill: Let's have that specified by Friday.
<Chris_IAB> how about we issue a group-wide poll?
SusanIsrael: Want to hear thoughts from people beyond NPDoty - e.g. Rob and Chris - there might be a chance to get more of a reaction.
<Chris_IAB> keep in mind our attendance is low this week due to the short US week (MLK holiday) and folks taking vacation this week
CarlCargill: Let's say before next week, it's incumbent to NPDoty to determine if we have enough objection, otherwise we'll close next week.
<susanisrael> I don't think I adquately understood the context of the discussion on this issue when I participated, so I am reluctant to represent others.
Chris_IAB: Just hearing the debate there, if the Q is re: are there documents outside W3c, that's something pretty pivotal.
<npdoty> that's also the purpose of the we're-closing-this-in-2-weeks reminder email
Justin: would prefer to not do a group-wide poll.
<walter> sort of a straw poll?
<npdoty> ... to catch up people who have missed multiple weeks of discussion
<fielding> The question is whether compliance is explicitly communicated to the user or implicitly tied to an undefined specification. The number or source of compliance has nothing to do with it because OTHER specs can add their own fields to TSR
Chris_Iab: We could do a more "what do you think?" poll? less attendance today.
Justin: We'll try to close this if we're not getting much of a response.
<susanisrael> I think I may have been confusing the two issues as well, apologies.
NPDoty: there is another issue that we've been talking about (241) which indicates party status. But sending the email re: 2 weeks to close is the way to do notice.
<ninja> https://www.w3.org/2011/tracking-protection/track/issues/241
<npdoty> the we're-closing-this-in-2-weeks reminder email tends to take 2 weeks
<susanisrael> Thank you, Justin. Apologies, Nick for being a bit confused despite your taking the time to talk through this offline.
Justin: OK to indicate still under discussion
<Chris_IAB> seems reasonable
<fielding> issue-240?
<trackbot> issue-240 -- Do we need to define context? -- open
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/240
Justin: Next issue is 240. Do we need to define context? New proposal from Susan, Chris Pedigo, and Rob Sherman. SusanISrael, so you want to explain it? Closely tied to def of parties.
<ninja> wiki - http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_the_definition_of_context
<walter> Question, how do people feel about the idea to let each party signal what context it believes to be operating in?
<JackHobaugh> Regarding Issue-240 will there be a "NO NEED TO DEFINE" option presented in the call for objections?
SusanIsrael: That's a reasonable assessment. Would prefer to have people read it and continue discussion on the list, or on next call.
<WileyS> This is better
<walter> (can't speak due to really poor internet connection)
Justin: This seems to align with definition of parties, but you should take a look. OK to have "No def" as an option. JackHobaugh, can you send a note articulating that?
<npdoty> JackHobaugh, that's been mentioned, but I'm not sure we have explicit support -- if you'd support that, let the group know
Justin: Had a lot of discussion on this issue last week. Not sure if there are other thoughts.
<fielding> http://lists.w3.org/Archives/Public/public-tracking/2014Jan/0040.html
Ninja: schunter sent an email to the list regarding the definitions on the wiki from an email on January 10.
<ninja> I think this use case question may help the group to understand differences in the proposals
Schunter: defs that were proposed except lifetime collection of things. If I have a widget on the site and visit periodically. Is widget allowed to retain data on visit history indefinitely? If for third parties, does it also mean that it can keep lifelong search history? May not meet user expectations regarding being tracked through multiple sessions.
<fielding> just once is enough, unless the context is facebook
Schunter: ... eg. FB, widget could know how often I visit FB over a long period of time. Users may not expect that kind of perpetual retention of visit data.
Justin: FB widget could be like farmville. If Farmville knows I've visited FB... Is there a lesser meaning of signals to a first party? Seems contrary to discussions re: compliance and agreement, but if people want to propose that, context should degrade - that's an idea people can bring to the gropu.
Schunter: def of tracking should reflect user expectations, and compliance is the degree to which we meet that. Dependent on party status. Gut feeling would be that some users would be creeped out if there was lifetime history of visits.
<fielding> we will probably have a long discussion about referral information at some point, but that is about compliance (I think the user would consider it tracking, as does the definition we have, but it might be permitted tracking)
<moneill2> +q
<npdoty> so would it be useful for people who are proposing "context" definitions to answer schunter's scenario questions?
Justin: Group members who like that persecutive should propose language.
<ninja> fielding, it is not completely a compliance issue. If it's not “across contexts” it's out of scope from the beginning
Fielding: if Q is should we add a notion of time to context, not sure if anyone would be wiling to go in that direction in terms of implementation, but it's worth considering.
<Chris_IAB> time, as in context is ephemeral?
schunter: could be something like subsequent network interactions. could be different contexts depending on time or technical means.
<Chris_IAB> or… context is, in the moment?
<Chris_IAB> yes, agree with Roy
fielding: issue - how do we define in a way that is applicable to all sites. Many sites depend on the memory of context.
can we switch scribes?
<Chris_IAB> maintaining state is important for many applicatioins
<npdoty> I think most of our work has assumed that a widget you interact with multiple times will remember even DNT:1 visitors
<walter> the whole point of DNT is to make context ephemeral *again*
fielding: would be much more constraining than discussions re: first party compliance.
schunter: important that tracking definitions reflect what users want.
fielding: it should be discussed re: the need for a limit.
moneill: context in data control. would be worth mentioning the idea of having a time limit. connected with the way tracking happens re: repeated transactions. there's usually a duration associated. DNT could mean that user IDs are linked for a period of time, whatever it is. it lays another layer of complexity.
npdoty - can we switch scribes?
<fielding> this is not an invitation to reopen ISSUE-5
<moneill2> ok
<npdoty> scribenick: moneill2
<fielding> "within the scope of the service requested"?
chris_IAB: agrre with mike, complexity may not be appropriate now, may make spec unimplementable, lets get v1 out, then maybe more complexity
justin, email is thit part of context
<npdoty> fielding, that seems to add ambiguity for cases where I might sign up for a service like Facebook (for years, or the rest of my life)
chris_iab, revisit later if necessary
<npdoty> Chris_IAB: in favor of not adding time as a component of context
ok later this evening
<ninja> ISSUE-241: Distinguish elements for site-internal use and elements that can be re-used by others (1/3) https://www.w3.org/2011/tracking-protection/track/issues/241
<trackbot> Notes added to ISSUE-241 Distinguish elements for site-internal use and elements that can be re-used by others (1/3).
matthias: issue 241 about misuse taking site elements out of context 1 ir 3 not longer these rules maybe its a debuuging help, not 100% sure if we need it
mattgis: no strong opinion either way, if nobody strongly promiting I would drop them
<npdoty> http://lists.w3.org/Archives/Public/public-tracking/2014Jan/0106.html
nick: i dropped text on list here
it is. might be possible to supply informative qualfiers,
isless about helping implementors but more about informing
users
... compliance implications in compliance regime
matthias: opnions?
<fielding> that text is compliance: "may be used"
<WileyS> Neutral on this one - pros/cons in both directions
carl: comments?
roy: it argues compliance it cannot be anything else, we are adding a lot more terms we need to explain. people will demand explanation
nick: roy pointing out ambiguity in my text, not using MAY in proper sense
<fielding> it should be : tracking might occur for X
nick: we do not need to define in great dsetail what debugging purpose should be
<npdoty> thanks for that correction, I will correct for "might"
matthia: is this v important req.. for you?
matthias: they may mix this up with 1sp p exception. Thuis does not make a difference for 1st or 3rd party compliance
mathias: my way forward is cCoE or batch closing email
matthias: or just postpone
car: lets not kick the can
susanisrael: sevveral of these proposals need other input, lets wait till Friday
mathhias: email to group
carl: make it a group
<WileyS> Thank you Matthias
carl: closed by 1st meet in Feb
<justin> [Can we link this in with the email that goes to the group on 239?
matthias: i will send note
nick: ahead of ourselves here. lrets have initial changes today, early on only an hour to review text.
<fielding> npdoty, your email used the wrong issue number -- that is issue-241
matthias: final call next week CfO 2 weeks
<ninja> I will create a wiki page
matthias: lets go CfO in 2 weeks, final text next, 241 or 239
carl: this is 241
<npdoty> apologies, my email says issue-241 in the Subject line, but I see that I said "239" in the body, which I shouldn't have
+q
<justin> Sorry about suggestion to link 239 and 241!
<Chris_IAB> I always like keep it simple, but I'd like time to study it
<JackHobaugh> Based on the milestone confusion for Issue 241, can I get a clarification on the status of Issue-240 also?
<npdoty> moneill2: sent something about regarding making the whole thing simpler
<ninja> yes
<Chris_IAB> +1 to Jack's request above
ninja: will get back to me
<fielding> do we have a wiki page on 241?
<npdoty> JackHobaugh, I believe the milestones were to have all the Context proposals in today, and try to narrow them down and go to CfO next week if necessary
<Chris_IAB> what is "Cfo"?
<Chris_IAB> call for objections?
<vincent> ?
<ninja> Chris_IAB, yes
matthias: anything else? otherwise adjorn
<Chris_IAB> ok, thanks-- are we really saving a lot of time by making up new 3-letter acronyms? ;)
nick: publish working draft on tuesday
justin: publish both of them
nick: tuesday
<justin> Thanks all
<npdoty> fine with me, I expect new Working Drafts of both documents, with status sections, to go out Tuesday, January 28
<wseltzer> [adjourned]
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found ScribeNick: GSHans Found ScribeNick: moneill2 Inferring Scribes: GSHans, moneill2 Scribes: GSHans, moneill2 ScribeNicks: GSHans, moneill2 Default Present: npdoty, Wendy, Ninja, Jack_Hobaugh, Jeff, moneill2, vincent, Ari, Carl_Cargill, kulick, +1.813.366.aaaa, Chris_IAB, GSHans, eberkower, hwest, dwainberg, Fielding, MECallahan, sidstamm, walter, Chapell, justin, WileyS, hefferjr, SusanIsrael, hober, schunter, WaltMichel, Amy_Colando, LeeTien Present: npdoty Wendy Ninja Jack_Hobaugh Jeff moneill2 vincent Ari Carl_Cargill kulick +1.813.366.aaaa Chris_IAB GSHans eberkower hwest dwainberg Fielding MECallahan sidstamm walter Chapell justin WileyS hefferjr SusanIsrael hober schunter WaltMichel Amy_Colando LeeTien Regrets: BryanSullivan dsinger ChrisPedigo Found Date: 22 Jan 2014 Guessing minutes URL: http://www.w3.org/2014/01/22-dnt-minutes.html People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]