15:51:54 RRSAgent has joined #privacy 15:51:54 logging to http://www.w3.org/2015/05/14-privacy-irc 15:51:56 RRSAgent, make logs 263 15:51:58 Zakim, this will be 15:51:58 I don't understand 'this will be', trackbot 15:51:59 Meeting: Privacy Interest Group Teleconference 15:51:59 Date: 14 May 2015 15:52:29 Zakim, this will be 7464 15:52:29 ok, npdoty; I see Team_(privacy)16:00Z scheduled to start in 8 minutes 15:52:34 rrsagent, make logs public 15:56:03 tara has joined #privacy 15:57:06 Team_(privacy)16:00Z has now started 15:57:13 + +1.650.214.aaaa 15:57:45 +npdoty 15:58:05 Zakim, aaaa is me 15:58:05 +tara; got it 15:58:19 +[IPcaller] 15:58:35 JoeHallCDT has joined #privacy 15:58:42 + +1.206.348.aabb 15:58:43 yo yo yo 15:58:46 christine has joined #privacy 15:58:49 zakim, aabb is me 15:58:49 +bhill2; got it 15:58:55 Zakim, [ip is christine 15:58:55 +christine; got it 15:59:53 +[IPcaller] 15:59:55 agenda+ subresource integrity 16:00:00 agenda+ web payments 16:00:00 zakim, [ i sme 16:00:01 I don't understand '[ i sme', fjh 16:00:05 zakim, [ is me 16:00:06 +fjh; got it 16:00:14 + +1.202.407.aacc 16:00:19 zakim, who is here? 16:00:19 On the phone I see tara, npdoty, christine, bhill2, fjh, +1.202.407.aacc 16:00:22 On IRC I see christine, JoeHallCDT, tara, RRSAgent, Zakim, npdoty, bhill2, TallTed, fjh, chaals, plinss, mkwst, hadleybeeman, terri_offline, trackbot, wseltzer 16:00:28 + +1.617.324.aadd 16:00:29 agenda+ media capture 16:00:37 zakim i am aacc 16:00:43 agenda+ security/privacy questionnaire 16:00:54 agenda+ CSV 16:00:57 keiji has joined #privacy 16:01:06 agenda+ Sensors and privilege contexts 16:01:12 agenda? 16:01:13 Ian has joined #privacy 16:01:16 +[IPcaller] 16:01:21 agenda? 16:01:21 Zakim I am aacc 16:01:26 chair: christine 16:01:31 Nick..let me know when to join 16:01:39 +Wendy 16:01:57 Zakim, who is on the phone? 16:01:57 On the phone I see tara, npdoty, christine, bhill2, fjh, +1.202.407.aacc, +1.617.324.aadd, [IPcaller], Wendy 16:01:58 zakim, who is here? 16:02:00 On the phone I see tara, npdoty, christine, bhill2, fjh, +1.202.407.aacc, +1.617.324.aadd, [IPcaller], Wendy 16:02:00 On IRC I see Ian, keiji, christine, JoeHallCDT, tara, RRSAgent, Zakim, npdoty, bhill2, TallTed, fjh, chaals, plinss, mkwst, hadleybeeman, terri_offline, trackbot, wseltzer 16:02:29 Im 202.407.aacc 16:02:32 + +1.412.965.aaee 16:02:32 don't know how to do that 16:02:36 Zakim, aacc is JoeHallCDT 16:02:36 +JoeHallCDT; got it 16:02:37 zakim, [IPc is moneill 16:02:38 +moneill; got it 16:02:40 thanks! 16:02:50 zakim, aaee is gnorcie 16:02:50 +gnorcie; got it 16:02:52 fjh_ has joined #privacy 16:03:10 happy to scribe 16:03:35 scribenick: JoeHallCDT 16:03:42 certainly! 16:03:49 Much thanks! 16:04:03 Zakim, take up agendum 1 16:04:03 agendum 1. "subresource integrity" taken up [from npdoty] 16:04:07 http://w3c.github.io/webappsec/specs/subresourceintegrity/ 16:04:19 Brad Hill is here to talk about SRI 16:04:22 +Katie_Haritos-Shea 16:04:38 Christine: brad will give an introduction and talk about the four areas where they'd like feedback 16:04:43 … it's a great, readable spec 16:04:47 moneill2 has joined #privacy 16:05:12 bhill2: SRI spec is relatively straightforward 16:05:38 zakim, call chaals-es 16:05:38 ok, chaals; the call is being made 16:05:40 +Chaals 16:05:42 … today would consider this to be the first step of a journey 16:05:56 … we want to be able to integrity tag resources on the web 16:06:00 Ryladog has joined #privacy 16:06:04 … e.g., anchor links for downloads 16:06:21 … particularly interested in dynamic resources, CSS, JS 16:06:54 … we've seen some CDN compromises, which allows compromise of all the other applications mediated by the CDNs 16:07:04 … provides control around single points of failure 16:07:18 … allows adding an integrity attribute to a or tage 16:07:33 … UAs check that resources against that hash before including it in the DOM 16:07:53 … it's an experiment, becasue we're going to have to see how this works, how useful vs. how big of a burden 16:08:20 … also introduces some brittleness… a resource can evolve over time and if that goes out of sync with tag, can break things 16:08:41 … we expect this to be especially useful with libraries where the tag would be stable over a version of the library 16:08:52 zakim, mute me 16:08:52 Chaals should now be muted 16:08:54 … we fully plan this to be used in HTTP 16:08:59 + +1.503.712.aaff 16:09:04 … not protection for network attackers 16:09:16 Zakim, aaff is me 16:09:16 +terri; got it 16:09:18 … [lost the last bit] 16:09:19 s/for/from/ 16:09:32 … does not change the state of mixed content or privledged features 16:09:46 … doesn't change UA determinations that somethings is mixed content 16:09:56 … we want to maintain privacy guarantees of HTTPS 16:10:06 … not interest in a third UI state of integrity without privacy 16:10:23 … PING can help in a few ways 16:10:55 … concerned about cross-origin leakage of information 16:11:27 … if you know the enumeration of [] states, you could create tags for each state and be able to tell if someone is logged into a privilged context 16:11:30 http://w3c.github.io/webappsec/specs/subresourceintegrity/#is-resource-eligible-for-integrity-validation 16:11:49 … we require resources that are integrity-checked are same origin or using CORS 16:12:13 q+ to ask is that the CORS threat? 16:12:21 … additionally, we refuse to allow integrity-verification of documents with a refresh header [did I get that right?] 16:12:42 … may be other paths to leakage that we have missed 16:12:52 … certainly timing channels that are present 16:13:04 Christine: anything else to add? 16:13:08 q+ to ask about authorization header 16:13:27 q- 16:13:33 bhill2: we're interested in an evaluation of the privacy properties of this spec, thanks! 16:13:40 q+ 16:14:09 npdoty: curious about the last validation check you talked about... 16:14:28 … check for certain headers to prevent the case where some script can check hashes and see if there is a failure to check for log in 16:14:51 … does this typically cover all the logged in resources cases? 16:15:10 bhill2: that's correct, but for non-same origin resources have to use CORS mode 16:15:23 … not trying to eliminate all side channels for detecting user logged in 16:15:31 … we just don't want to introduce new side channels 16:15:49 … SRI provides syntatic sugar around verifyuing that content before DOM load 16:16:10 q- 16:16:12 ack JoeHallCDT 16:16:28 JoeHallCDT: why sha256 as the hashing algorithm and not 512? 16:16:37 bhill2: examples use Sha256 because it's compact for the spec 16:16:55 … secion 3.2 mandate that you support sha256, sha384, sha512 16:17:21 … UA will select the set of algos that are the strongest and check the hashes against those 16:17:32 Christing: any more Qs? 16:17:42 … thanks a ton bhill2 16:17:48 … you want input before 26 May 16:17:52 bhill2: that would be great 16:17:58 s/Christing:/Christine:/ 16:18:05 added to our wiki list 16:18:16 … let's get comments we can get to them before that 16:18:16 if someone wants to shepherd or gather the comments, that'd be great 16:18:20 thank you all for your time and consideration! 16:18:49 zakim, call Ian-Office 16:18:49 ok, Ian; the call is being made 16:18:50 +Ian 16:19:09 Zakim, take up agendum 2 16:19:09 agendum 2. "web payments" taken up [from npdoty] 16:19:25 Ian: on the w3c staff, as of Feb. head of web payments activity 16:19:25 http://www.w3.org/TR/2015/WD-web-payments-use-cases-20150416/ 16:19:44 … sent a note to a few groups in the WPIG charter 16:19:57 … want to tell you about the document and the broader plans we ahve 16:20:00 … launched last Oct 16:20:12 … working on a timeline to have a WG started before TPAC 16:20:23 … one or more charters proposed to members by August 16:20:37 … in June's meeting, we'll have to reach a decision on scope of work 16:20:47 … we are going about this by publishing first use cases 16:21:19 … goal over all is to make web payments more secure, and sharing only information necessary to conduct a transaction 16:22:00 … document is intended to be approachable and describe what we have in mind for any payer to payee flow in a transaction 16:22:21 … from when you decide to make the purchase, to how the guts work, to transaction completion 16:22:47 … in Section 6, we have very small statements of use cases that we'd like a web payments architecture to address 16:23:02 … you can read the little scenarios and think about whether the privacy considerations are sufficient 16:23:25 … we're early enough where that is a valuable piece of work where we could use PINGs help 16:23:47 … at the next stage when we want to describe the specific functionality, there will be more privacy considerations still 16:23:52 … but we haven't published that yet 16:24:33 christine: could you take one of the use cases that has privacy considerations and walk us through it? 16:24:35 cool, I'm not sure we've looked at a separate use cases document before, or a document written with this annotated style 16:24:52 ian: sure, we wrestled with this document quite a bit... 16:25:12 … btw, I'm new to payments world, and we worked hard to eliminate assumptions specific to the payments world 16:25:22 … makes the use cases document easier to read and more modular 16:25:27 … one example 16:25:33 … Section 6.1.1 16:25:44 … doc is organized as a flow for a common payment 16:25:52 … first phase is "discovery of offer" 16:25:57 … point of sale kiosk 16:26:12 … Corey shopping for groceries as ChowMart, ... 16:26:25 … privacy consideration is giving the user control over how much information they want to share with merchant 16:26:40 … classic case of merchant that may want to exchange discount for information about purchasing habits 16:26:57 … there is a robust desire on the merchant side to have this kind of purchase history 16:27:12 … we aren't proposing this, but we expect to work on it in a WG 16:27:17 just calling out for the next level down, for the implementation in later spec work -- interesting 16:27:33 … there's one further own about pre-authorization 16:27:46 Zakim, who is making noise? 16:27:56 npdoty, listening for 10 seconds I heard sound from the following: JoeHallCDT (25%), gnorcie (4%), moneill (15%) 16:28:16 … there are cases wehre the best UI is no UI, can be accomplished by pre-auth 16:28:40 … use the use case of a smart vehicle communicating with a petrol pump 16:28:54 … one way to think about this document is to tee up privacy considerations for later work 16:29:15 q? 16:29:18 (Best way to send comments is to -> public-webpayments-comments@w3.org ) 16:29:23 (Also happy to chat about them here) 16:30:59 q+ 16:31:38 JoeHallCDT: cases of collapse between real world and virtual world identifiers and metaphors 16:31:46 ... like loyalty cards vs. branded credit cards 16:32:37 gnorcie: loyalty card, branded credit card, rewards-based credit card -- the meaning of "loyalty card" used differently in different contexts in the document 16:32:47 Ian: +1, thanks, good to note 16:33:27 Ian: discussion in webappsec about same-origin policy 16:33:51 ... browser vendors in the group; know it will be important to work through with the use cases 16:34:28 JoeHallCDT: a couple cases where the payer seems to be transmitting all of their payment options, rather than the merchant providing the range and the user selecting one 16:35:37 ... client-side verification or sending attestations, in a zero-knowledge client-side approach 16:36:10 Ian: does there need to be a negotiation at all between different groups of payment instruments? 16:36:55 ... hearing that people have use cases for verification on both the server and the client side 16:37:25 ... credentials vs. assertions, what are the credentials requirements? credentials community group has a general purposes infrastructure for attestations 16:37:52 q? 16:37:54 q- 16:38:03 scribenick: JoeHallCDT 16:38:05 +1 to making comments! 16:38:12 christine: bit thanks to Greg, Joe, Kaeping for providing comments 16:38:20 yes, on the wiki 16:38:23 Yes, many thanks! 16:38:28 … npdoty can add this to the wiki: please volunteer to take a look and provide comments 16:38:44 … this is a great high-level way to provide input with use cases 16:39:09 Ian: interested as well from an editorial perspective if the structure we have lends itself to good review 16:39:24 … if you like this, and find it's easy to jot down notes, let's propogate that 16:40:20 JoeHallCDT: really like this style. earliest we can typically give input is the charter, but starting with use cases ahead of time is a good way to incorporate privacy considerations as early as possible 16:40:20 +1 to that 16:40:30 (The next level down is challenging for us....how to extract requirements and how to organize necessary capabilities....stay tuned!) 16:40:39 (Cheers!) 16:40:50 Zakim, take up agendum 3 16:40:50 agendum 3. "media capture" taken up [from npdoty] 16:40:52 -Ian 16:40:56 christine: next item, renewed request on privacy and security considerations of MEdia Capture and Streams 16:41:04 http://www.w3.org/TR/2015/WD-mediacapture-streams-20150414/#privacy-and-security-considerations 16:41:22 Katie. 16:41:40 ack Ryladog 16:41:49 Ian has left #privacy 16:41:49 http://www.w3.org/TR/2015/WD-mediacapture-streams-20150414/ 16:41:53 http://www.w3.org/TR/2015/WD-mediacapture-streams-20150414/ 16:42:03 Katie's email from October: https://lists.w3.org/Archives/Public/public-privacy/2014OctDec/0004.html 16:42:09 last call working draft 16:42:42 I was supposed to help with that. very sorry. :/ 16:42:48 q+ 16:43:01 christine: wendy? 16:43:15 … sent it back to PING's attention because it is in LC 16:43:31 … it could be valuable to look back at it and consider if they've incorporated our feedback 16:43:38 … thanks mucho to Katie for taking a look at that 16:43:49 just to confirm: were these sent to the group already? did the group respond to them? 16:43:50 … we like specs with privacy and security considerations to start 16:44:20 … we should look again, as getUserMedia() is requesting pretty senstitve access to mic and cam 16:44:27 Katie: would love someone else to look at this 16:44:42 christine: Joe? 16:44:58 I think we're on a tight timeline. their Last Call comments is requested by tomorrow 16:45:02 q+ 16:45:54 ack wseltzer 16:45:56 wendy: +1 that we have an obligation to the web to look for privacy and security considerations 16:46:11 … if something has gotten to last call or wide review and is still missing critical elements 16:46:16 … we should be ready to point those out 16:46:35 … still better to capture something in LC (far from a W3C Rec), than to look back on it 16:47:29 me: can't turn it around by tomorrow (when LC comments are due) 16:47:54 wseltzer: process puts special obligations on specs to address comments 16:48:05 … groups are required to respond to reasonably source comments 16:48:10 … so it will still be valuable later 16:48:28 … important spec used by WebRTC, big push for real-time p2p comms 16:48:39 … new features are already present in many browsers that are relying on this 16:48:56 … while still in early phases of feature imp., still valuable and important for experts to look at it 16:49:12 Kate: can look by tomorrow to see if my comments were addressed 16:49:26 … had some questions that not sure if they're answered 16:49:31 … would like to get more eyeballs 16:50:23 chrisine: most generous to do that in such a short timeframe, Katie! 16:50:43 … for our call next month, let's put this on the agenda, with the expectation that several people will have looked at it, prepared in advance 16:50:55 … so we can discuss it, decide what we want to do as PING 16:51:02 … others please put your hand up on the wiki 16:51:14 … any thing else on Media streams? 16:51:19 … getting close to time 16:51:56 christine: model for tabular data and metadata on the web 16:52:02 … has anyone had a look at these drafts? 16:52:11 … anyone involved in this sort of work? 16:52:18 … move to the agenda for the next call 16:52:37 … will do some research on how best to deal with privacy requests on several of their documents 16:52:50 … next item: TAG privacy and security review questionaire 16:53:14 npdoty: we [royal we?] met with the TAG in San Francisco where this was discussed 16:53:24 … TAG has been very interested in privacy and security process 16:53:38 … invited npdoty, mikewest, tantek to discuss the questionairre 16:53:53 … they've take it over and put it in their repo 16:54:02 q+ 16:54:18 … want it to be a more established state so folks can use it 16:54:22 https://w3ctag.github.io/security-questionnaire/ 16:54:48 christine: have a question: would our POC be mnot? 16:55:06 npdoty: not sure there is a single POC… Dan Applequist, Mark and Yan Zhu 16:55:41 was this your questionairre or from scratch? 16:56:03 npdoty: mikewest started this internal to google, from scratch 16:56:16 … part of our work is to merge in some of the questions we had from the wiki 16:56:20 q+ 16:56:25 -bhill2 16:56:44 -Chaals 16:56:55 q- 16:57:05 [Apologies, I have a conflict from now] 16:57:37 christine: TAG has an interest in this area would be great to combine PING and TAG forces to move this forward 16:57:39 it's also a questionnaire that I used as the basis for the app manifest review 16:57:56 … should move the privacy considerations document into this, fingerprinting doc, and possibly SPA 16:58:11 … we'll get in touch with the TAG to figure out a way to move forward 16:58:12 q- 16:58:29 … we'll leave for the next call should sensors require privileged contexts? 16:58:30 q+ 16:58:37 Present+ Frederick_Hirsch 16:58:50 Katie: are we expecting a PING meeting in TPAC in Japan? 16:58:54 Christine: yes, we are. 16:59:01 Yes she would! 16:59:06 … speaking for Tara, she'd apprecite input and help in organizing it 16:59:19 (appreciate help/input that is. :-) 16:59:23 … dates for next meeting? 16:59:28 June 11 or June 18 or June 25? 17:00:11 … likely the 18th or 25th 17:00:13 scheduling to be determined on the list 17:00:16 … will send out summary 17:00:21 bye! 17:00:24 -gnorcie 17:00:24 thanks 17:00:25 -tara 17:00:25 -Katie_Haritos-Shea 17:00:26 -npdoty 17:00:27 -christine 17:00:28 -fjh 17:00:29 -Wendy 17:00:30 - +1.617.324.aadd 17:00:31 -JoeHallCDT 17:00:36 trackbot, end meeting 17:00:37 Zakim, list attendees 17:00:37 As of this point the attendees have been +1.650.214.aaaa, npdoty, tara, [IPcaller], +1.206.348.aabb, bhill2, christine, fjh, +1.202.407.aacc, +1.617.324.aadd, Wendy, 17:00:40 ... +1.412.965.aaee, JoeHallCDT, moneill, gnorcie, Katie_Haritos-Shea, Chaals, +1.503.712.aaff, terri, Ian 17:00:40 -terri 17:00:40 -moneill 17:00:42 Team_(privacy)16:00Z has ended 17:00:42 Attendees were +1.650.214.aaaa, npdoty, tara, [IPcaller], +1.206.348.aabb, bhill2, christine, fjh, +1.202.407.aacc, +1.617.324.aadd, Wendy, +1.412.965.aaee, JoeHallCDT, moneill, 17:00:42 ... gnorcie, Katie_Haritos-Shea, Chaals, +1.503.712.aaff, terri, Ian 17:00:44 RRSAgent, please draft minutes 17:00:44 I have made the request to generate http://www.w3.org/2015/05/14-privacy-minutes.html trackbot 17:00:45 present+ Keiji 17:00:45 RRSAgent, bye 17:00:45 I see no action items 17:01:02 RRSAgent has joined #privacy 17:01:02 logging to http://www.w3.org/2015/05/14-privacy-irc 17:01:05 rrsagent, make minutes 17:01:05 I have made the request to generate http://www.w3.org/2015/05/14-privacy-minutes.html wseltzer 17:01:16 bhill2 has left #privacy 17:01:26 rrsagent, bye 17:01:39 npdoty has changed the topic to: Privacy Interest Group - minutes for May: http://www.w3.org/2015/05/14-privacy-minutes.html 17:02:18 rrsagent, make logs public 17:02:21 rrsagent, bye 17:02:21 I see no action items