16:02:39 <RRSAgent> RRSAgent has joined #dnt
16:02:39 <RRSAgent> logging to http://www.w3.org/2017/05/15-dnt-irc
16:02:41 <trackbot> RRSAgent, make logs world
16:02:41 <Zakim> Zakim has joined #dnt
16:02:43 <trackbot> Zakim, this will be TRACK
16:02:43 <Zakim> ok, trackbot
16:02:44 <trackbot> Meeting: Tracking Protection Working Group Teleconference
16:02:44 <trackbot> Date: 15 May 2017
16:02:48 <wileys> wileys has joined #dnt
16:02:57 <Bert> present+ mikeoneill
16:03:03 <Bert> present+
16:03:23 <walter> present+
16:05:49 <Dsinger_> Dsinger_ has left #dnt
16:05:56 <schunter> https://github.com/w3c/dnt/issues/22
16:05:59 <dsinger> dsinger has joined #dnt
16:06:27 <walter> yes, that's best
16:06:28 <schunter> Text proposal for otherParties (from Rob):
16:06:44 <at> at has joined #dnt
16:06:48 <schunter> Since a user's experience on a given site might be composed of resources that are assembled from multiple domains, it might be useful for a site to distinguish those domains that are not subject to their own control (i.e., no information might be obtained via the controller property or the same-party property). An origin server MAY send a property named other-party with an array value containing a list of (sub)domain names that the origin server claims to [CUT]
16:07:19 <schunter> to the extent they are referenced by the designated resource, and if all data collected via those references do not share the same data controller as the designated resource.
16:08:08 <walter> q+
16:08:16 <wileys> I thought we agreed that we have OtherParty from the Site Specific Domain List?
16:08:20 <mikeoneill> q+
16:08:53 <schunter> q?
16:09:01 <schunter> two usages:
16:09:11 <schunter> 1. Information/transparency from a privacy point of view
16:09:31 <schunter> 2. Declaration what third parties are expected to appear on this site
16:09:52 <schunter> Question: should this constrain a site-wide exception?
16:11:37 <schunter> q?
16:11:39 <dsinger> ok, so this is for the case of a site-specific exception that’s granted for “*” (all embedded sites), either because the site asked for * or the UA ‘broadened’ the request to *, the UA ‘may’? restrict the exception to the origin site and its other-parties?
16:12:15 <schunter> q?
16:12:20 <schunter> ack wal
16:14:11 <schunter> ack mike
16:15:57 <wileys> Has nothing to do with DNT - it’s a tracking preference list
16:16:02 <wileys> tracking protection list
16:16:05 <wileys> +q
16:16:18 <schunter> q+
16:17:01 <wileys> With this new perspective of “OtherParty having NOTHING to do with DNT” then we should remove this from the discussion.
16:17:31 <schunter> IMHO we agreed that all parties that are not on otherParties should receive DNT;1 (if it is declared)
16:17:37 <wileys> This is more clearly another form of Tracking Protection List
16:17:43 <schunter> Those guys would then be listed in the API for publisher transparency
16:18:01 <schunter> It is not about blocking. It is about who should receive DNT;1
16:18:25 <wileys> They should recieve whatever the user has selected as their default setting
16:18:33 <schunter> ack wil
16:19:48 <dsinger> so, this theory says it’s about a claim of trustworthiness on the part of the site about other-parties, and might result in UAs not visiting (aka blocking) third parties not on the other-parties list; orthogonal to DNT. No relationship to exceptions and DNT.
16:20:02 <walter> q+
16:20:24 <wileys> q-
16:21:31 <wileys> Then what is its value?  As a publisher I should be able to provide a list via a link - not a machine reasable list
16:21:35 <wileys> readable
16:21:55 <wileys> Trying to make the list machine readible
16:22:17 <wileys> Revert back to a link and we meet the legal bar
16:22:26 <schunter> q?
16:22:29 <schunter> ack sc
16:22:29 <dsinger> OK, so now Matthias is back to linking it to exceptions. I am confused. We have two completely different theories
16:22:31 <schunter> ack wal
16:22:57 <dsinger> what consent?
16:23:07 <wileys> Transparency can be provided by a link - not a machine readable list
16:23:18 <wileys> Machine readable = tracking protection list
16:23:26 <schunter> Agreement was: otherParties: Field that declares third parties and may be used to constrain a  "*" exception.
16:23:59 <wileys> I would avoid the “*” and just list the 3rd parties in my site specific name value pair list
16:24:19 <schunter> API should allow publisher to retrieve all TPs that appeared that did not receive DNT;0
16:24:23 <wileys> It is not required to provide a machine readable list - a link will suffice
16:25:56 <wileys> Read the email list - Rob would like this to serve as a blocking list
16:26:26 <schunter> otherParties: 1. transparency: what are the third parties that may potentially appear on the site and track you
16:26:34 <walter> schunter: your sound is breaking up a bit at times
16:26:42 <walter> (this may just be my connection though)
16:26:50 <wileys> Coming through clear for me
16:26:54 <schunter> 2. This may be to used to constrain a site-specific expceiton with the pattern "*"
16:27:13 <mikeoneill> q+
16:27:24 <schunter> Whenever a publisher has a site-wide exception and some TPs do not receive DNT;0, then this be discoverable via an API
16:27:48 <dsinger> What you just said is a spec violation on the part of the UA.
16:28:00 <dsinger> We don’t need fields to report violations of the spec.
16:29:05 <schunter> q?
16:29:10 <schunter> ack mike
16:30:08 <schunter> It seems as if our consensus is falling appart. I will issue a CfO for the next week's call. Any objections?
16:31:01 <wileys> +q
16:31:03 <dsinger> for a CfO, we need the proposed spec. text (and background)
16:32:03 <dsinger> to be clear, I am not sure we are the impasse that a CfO is supposed to resolve; we seem to be confused about what the proposal is
16:32:23 <dsinger> it may be that given spec. text, we can reach consensus
16:32:36 <schunter> https://github.com/w3c/dnt/issues/21
16:32:43 <wileys> I want to reconfirm that invited guests (non-paying members) are not able to participate in the CfO vote
16:33:26 <walter> wileys: which is correct AFAIK
16:33:48 <wileys> Thank you Walter
16:33:49 <schunter> A Tracking Exception MUST only be granted when the document origin requesting it has a valid Tracking Status Resource at the well-known location, from which information about the domain’s controlling entity(s) and their privacy policy can be ascertained.
16:34:05 <schunter> A user agent MAY refuse to grant a Tracking Exception for a Site-Specific “target” domain (see Section 7.3.2) which does not have a valid Tracking Status Resource at the well-known location.
16:34:44 <dsinger> Mike’s text has a contradiction: is it MUST or MAY?
16:34:48 <dsinger> q+
16:34:48 <walter> wileys: mind you, in the *vote*
16:35:06 <schunter> q?
16:35:10 <wileys> Correct - invited guests can contribute to the discussion of course, just not the vote
16:35:17 <wileys> q_
16:35:20 <walter> then we're on the same page
16:35:20 <wileys> q-
16:35:27 <dsinger> …and, are there any required fields in the TSR? Would an empty TSR satisfy the formal requirement?
16:38:05 <walter> wileys: it may help you in convincing others to participate more that in BXL there's way more attention for the DNT WG than before. NGOs are getting questions about it from MEPs
16:39:30 <schunter> Clarify: mandatory fields: controller and compliance-url
16:39:36 <dsinger> ok, thanks; MUST applies to the caller, MAY applies to targets; the only question is whether a TSR with just a tracking status is at all useful
16:40:01 <wileys> BXL = BRU?
16:40:06 <walter> wileys: yes
16:40:29 <walter> well, BRU is the IATA-code, for other purposes BXL is typically used as an abbreviation
16:40:47 <schunter> https://github.com/w3c/dnt/issues/19
16:43:22 <dsinger> q+ to ask about a detail: reference to or copy of?
16:48:05 <wileys> Walter - cool - that’s new for me.  We usually refer to locations by their airport code in the US and abroad
16:48:20 <dsinger> q-
16:50:16 <dsinger> three possible fixes: remove the permission for UAs to broaden the request; remove the requirement to report the broadening back to the server; introduce a return value to report it.
16:51:01 <dsinger> but if we are going to promises, we should put this information in the promise call-back
16:51:45 <schunter> https://github.com/w3c/dnt/issues/26
16:52:23 <wileys> Most sites would likely require a more seriel implementation - meaning a user won’t move forward until the UA provides a signal the exception was recorded as expected
16:53:05 <schunter> e.g. other-party ==> otherParty
16:56:50 <walter> wileys: it is .be specific abbreviation, or the wider benelux, I should not have used it in an intercontinental context
16:57:44 <wileys> Walter - I like it - BXL is cooler than BRU :-)
16:58:00 <wileys> Walter - generally anything with an “x” in it is cooler :-)
16:58:50 <schunter> Since a user's experience on a given site might be composed of resources that are assembled from multiple domains, it might be useful for a site to distinguish those domains that are not subject to their own control (i.e., no information might be obtained via the controller property or the same-party property). An origin server MAY send a property named other-party with an array value containing a list of (sub)domain names that the origin server claims to [CUT]
17:01:15 <wileys> We’re over - I have to go but want to jump into this conversation next week
17:01:21 <schunter> Suggestions: (1) David and Roy have an 1:1 to educate David
17:01:22 <wileys> wileys has left #dnt
17:01:31 <schunter> (2) next week we rediscuss this issue a final time
17:01:52 <schunter> (3) I will explain the CfO process and rules and we may or may not go for it (depending on the outcome of (2))
17:15:16 <dsinger> dsinger has joined #dnt
19:06:09 <Zakim> Zakim has left #dnt