W3C

- DRAFT -

Tracking Protection Working Group Teleconference

28 Jan 2015

See also: IRC log

Attendees

Present
npdoty, [FTC], Carl_Cargill, rvaneijk, moneill2, Fielding, WileyS, dwainberg, hefferjr, schunter, Chris_Pedigo, Amy_Colando, WaltMichel, kulick, WSeltzer
Regrets
dsinger, justin
Chair
schunter
Scribe
npdoty, wseltzer

Contents


<trackbot> Date: 28 January 2015

<npdoty> agenda for January 28: https://lists.w3.org/Archives/Public/public-tracking/2015Jan/0004.html

<WileyS> I hear no one on the call - is it working?

<WileyS> I hear typing now - I guess we're good

<WileyS> Thank you Nick

<fielding> TPE changes since LCWD are diffed at http://www.w3.org/2011/tracking-protection/drafts/diffs/TPE-LCWD-to-20141217.html

<npdoty> Compliance changes since WD are diffed at http://services.w3.org/htmldiff?doc1=http%3A%2F%2Fwww.w3.org%2FTR%2F2014%2FWD-tracking-compliance-20141125%2F&doc2=http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html

<npdoty> scribenick: npdoty

schunter: welcome back. agenda for today, looking at TPE review and then Compliance

… any comments for the agenda?

TPE changes

schunter: ask fielding to walk us through the changes

… goal is moving to next step, Candidate Recommendation

… give the group two weeks to review, if the changes are okay, then would like to move this to Candidate Recommendation

<fielding> http://www.w3.org/2011/tracking-protection/drafts/diffs/TPE-LCWD-to-20141217.html

fielding: this is a diff of changes from the Last Call draft

… slight change in wording about the HTTP specs

… line 433, in response to a comment, removed the %31 notation, everyone understands “1” and “0”

… line 459, moved javascript property back to navigator

… based on discussion with browser folks

… “nullable” property, just clarifies

… added a note about possible extension text

… value for “G” was added, and a new section for a Gateway response

… (section hasn’t changed since last list discussion of that topic)

<WileyS> I haven't

… wileys, did you review that section?

<WileyS> But I don't believe my issues were significant enough to hold up the process

<fielding> section 6.2.4 of http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html

fielding: 6.3.1, just a little more text to describe “G” as a potential answer

… 6.3.2 changed MAY to can because not interoperability requirement

… note about status-id resolution, which is a response to a Last Call comment

… do we need a wider character set to allow in the well-known URL request?

… don’t currently see any reason to do so

… fixes in the references

… in exceptions API section, changes to improve the definitions of origin, based on conversations with browser folks

… definitions are much shorter, an improvement

schunter: makes it easier to re-use algorithms. now points to existing references, RFCs and Recommendations

fielding: +1. just a terminology change, but makes it easier for implementers

… clarified later in that section that lack of exception might not imply DNT:1 (for example, if user generally sends nothing)

… in the StoreExceptionPropertyBag, added “expires” and “maxAge” parameters

fielding: make it the same as what cookies are able to describe

… per moneill

… may have further comments on that

… (do we need both?)

… description of those parameters

… using referenced terminology, rfc6265

… in 7.6, changed to refer to DNT preference rather than header field (since it might be expressed through the DOM as well)

… suggestion about the use of a “t” qualifier for transferred consent

… addition from dsinger that claims are being made by the site and not the user agent

… “Nonetheless, at the time of the call”

… explanation of why the API doesn’t need a return value / asynchronous response

… additional references, others just moved around

schunter: any comments or questions?
... set a two-week deadline for comments

<wseltzer> npdoty: About the Gateway response, do we have any feedback from implementers or commenters?

<WileyS> I will in the next week

<wseltzer> npdoty: process points before transition to CR

<wseltzer> ... we need to respond to all LC comments

<wseltzer> ... and bring info to the Director, including potential responses from commenters

<fielding> Other things remaining for me: 1) mark DNT-extensions as at-risk; 2) look into changing the ABNF of representation to a more JSONish description (editorial)

<wseltzer> ... Group needs to decide it wants to move forward.

<wseltzer> ... So: we decide we want to move forward, present to director

<wseltzer> fielding: Editorial marking for "at-risk" features?

<wseltzer> ... For the DNT extension mechanism

<wseltzer> npdoty: I'll look into that

<wseltzer> schunter: In 2 weeks, we'll freeze the document.

<wseltzer> ... then go into CR transition

<WileyS> Are there any companies that have signed-up for candidate review?

<WileyS> What happens if no one signs up?

<WileyS> Actually implement DNT on the server side

<WileyS> And if no one implements?

npdoty: CR is a Call for Implementations, but you don’t have to commit to ahead of time

fielding: if nobody implements it, it won’t go to a full Rec

<WileyS> Thank you

+1, need implementations to progress further

Compliance

<wseltzer> scribenickk: wseltzer

<scribe> scribenick: wseltzer

<npdoty> http://services.w3.org/htmldiff?doc1=http%3A%2F%2Fwww.w3.org%2FTR%2F2014%2FWD-tracking-compliance-20141125%2F&doc2=http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html

npdoty: Diff between current ED and what we published in November as WD
... 1st significant change, sec 1 "Scope"
... Change proposals and comments addressed
... Issue-209
... Definitions: clarifying that party status is just with respect to a given user action
... Server compliance: changes in indicating compliance/non-compliance
... Added paragraph on DNT:0 (moved)
... 1st party compliance, one-word change to fix an ambiguity I had introduced
... 3.3.1.3 ... use defined term "tracking data"
... 3,3,2,1 remove line so as not to duplicate requirement from general permitted uses
... UGE, improve handling

<npdoty> https://lists.w3.org/Archives/Public/public-tracking/2014Dec/0028.html

npdoty: That was the full set of editorial corrections.
... Still a few comments in email

<npdoty> Perhaps we could change:

<npdoty> > A party MUST provide public transparency of the time periods for which data collected for permitted uses are retained.

<npdoty> to:

<npdoty> > A party MUST publicly describe definite time periods for which data collected for permitted uses are retained.

<npdoty> https://lists.w3.org/Archives/Public/public-tracking/2015Jan/0001.html

npdoty: don't think there's more to do on non-normative text
... welcome group's review

schunter: not yet to 2-week deadline

fielding: there was an issue on server log files
... not sure if current text is sufficient to cover temporary log-file use

<npdoty> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#server-compliance

npdoty: server compliance section

fielding: does the text there cover, or are we waiting for more text?

npdoty: I'm not anticipating more text

fielding: I think it covers sufficientl
... chairs can do a call to close issue-134

<npdoty> +1

schunter: other comments?

fielding: the text in the document hasn't gotten any comments in a while

issue-134?

<trackbot> issue-134 -- Would we additionally permit logs that are retained for a short enough period? -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/134

scribe: so I'd suggest chairs call to close issue-134.

npdoty: still waiting for cfo response on isseu 235, 219
... several issues we've resolved or editorial, need to revirew with group

<npdoty> http://www.w3.org/wiki/Privacy/TPWG#Change_proposals

<fielding> http://www.w3.org/2011/tracking-protection/track/products/5

fielding: is this compliance current or compliance next?

npdoty: Current

<npdoty> if the Tracker is out of date, that’s something we should ask Justin about

schunter: we made some progress on CFOs

issue-235?

<trackbot> issue-235 -- Auditability requirement in Reasonable Security section -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/235

schunter: we determined consensus to remove auditability language

issue-219?

<trackbot> issue-219 -- Limitations on use in a 3rd party context of data collected in a 1st party context -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/219

schunter: whether parties can collect info as first parties and use in third-party context? We determined consensus not to permit 3d pty use of 1st pty data
... One important point, there can be UGE

<fielding> or prior consent

schunter: that was closer to user expectations

<npdoty> yeah, we use “UGE” when we could more precisely refer to “user-granted exceptions, in band or out of band, or other prior consent”

<npdoty> I can make those changes to the draft this week

schunter: interesting, on 219, Roy had objections to both cases, but there was no third option

<npdoty> and then have fewer issue blocks

<fielding> I reserve the right to object to sound proposals as well ;-)

schunter: AOB?

npdoty: take a couple weeks to review issue resolution, couple weeks to review document overall
... hope that's all we have left before LC

[adjourned, meet again next week]

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015-01-28 17:57:41 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Found ScribeNick: npdoty
Found ScribeNick: wseltzer
Inferring Scribes: npdoty, wseltzer
Scribes: npdoty, wseltzer
ScribeNicks: npdoty, wseltzer
Default Present: npdoty, [FTC], Carl_Cargill, rvaneijk, moneill2, Fielding, WileyS, dwainberg, hefferjr, schunter, Chris_Pedigo, Amy_Colando, WaltMichel, kulick, WSeltzer
Present: npdoty [FTC] Carl_Cargill rvaneijk moneill2 Fielding WileyS dwainberg hefferjr schunter Chris_Pedigo Amy_Colando WaltMichel kulick WSeltzer
Regrets: dsinger justin
Found Date: 28 Jan 2015
Guessing minutes URL: http://www.w3.org/2015/01/28-dnt-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]