DRAFT Minutes from
WAP-W3C workshop on mobile privacy
Day 2: Friday, 8 December, 2000
NOTE: there were some changes to the agenda. We began
with the panel on security requirements, carried over from yesterday.
Morning:
Afternoon:
- Wrap-up and next steps: Feng
Panel: Security requirements
Philippe Lucas,
Zero-Knowledge
Philippe, standing in for Eric Bergeron, presented a
high-level overview of security and privacy issues [see slides].
Main points:
- privacy defined as information self-determination
- privacy versus security:
- 8 OECD principles
- “Security is a sub-set of privacy. You can
address all of your security concerns without addressing
privacy.”
- ZKS private credentials:
- Allows for selective disclosure
- Private payment (e-cash) is a subset of private
credentials
Questions:
- Mike M: information collection?
- For a website: opt-in is default. Analogous to
having an opt-in button at bottom of a form.
- (more discussion in public policy session)
Danny Dolev, Hebrew University
@@see slides@@
Main points:
- want to enable both privacy and private
communications
- cell phone can be used as a digital signature
tool
- proposed action:
- utilize the cell phone infrastructure as
identification devices
- create a standard method to allow access from
software to hardware
- finalize standard interface to carry transactions
across platforms
Jens Berwanger, Arthur Anderson
[see @@slides@@]
Main points:
- “trust is the key to mobile business”
- mobile businesses lagging behind wireline in terms of
security
- [but Mike M says WAP 1.1 *does* allow for 3 levels
of security]
NOTE: there were various criticisms of the prepared
slides -- they did not seem to reflect current WAP models. As Jens was
stepping in for Daniela Elsner, he could not respond to these criticisms
Mark V: WAP gateway only translates between 2 protocols.
In principle no difference from, say, SSL today:
- secured end-to-end relation does not exist in wireline
environment either
- WAP gateway can (should) be within secured enterprise
environment
Comments:
- Mike M: we have the tools already (islands), what
we’re missing is the overall architecture
- Danny W: as appealing as overall architectures are
-- the security world is filled with grandiose architectural plans --
playing devil’s advocate, I would say the web has provided a level of
security without an overall plan. I agree with your assessment that
we have all the pieces, but not sure about need for a big plan.
- Mike M: my response -- grand plans have been
top-down, but we should invert it, build bottom-up. Provide hooks
into the small things, and build up.
- Dave Bevis: we’ve been hedging around how to
create trust. It’s ability for enforcement that gives one trust. It
needs to be the case that privacy statements are enforceable.
- Danny W: one of the things that we’ve found in W3C
is, we’ve been driven more and more towards guidelines and best
practices -- these are not standards per se, but they do
represent the consensus of a community of developers and users
- Philippe: I agree with Mike, there are many pieces
existing. My question is where and how can we make this work -- what
organization(s) will do this?
- Danny D: I agree with Philippe, but want to add
that it is a question of at what level [of OSI layers] that are
involved.
Panel: Public Policy
Lukas Gundermann, Independent
Centre for Privacy Protection, Schleswig-Holstein
Lukas gave an overview of data protection laws in Europe,
and key public policy considerations for mobile privacy [see slides].
Main points:
- Some basic notions privacy/data protection in Europe:
- data self-determination -- applies only to natural
persons, so does not apply to organizations
- data protection = protection of people against
unauthorized use of personal data
- data security = ways of achieving data
protection
- location data as “classic” traffic data in
telecommunications
- e.g., who called whom at what time?
- additional aspects in mobile:
- GSM -> can find out cell where mobile phone is
- but fortunately cells are quite large
- personal data on the Internet brings additional
privacy dangers
- the mobile web brings these all together:
- much more precise location information possible
(e.g., as allowed by E911 infrastructure)
- tracking user’s movement is part of the service,
and this can include creating a profile
- increasingly, services offered by third parties
=> hence, more (potential) recipients of data
- solutions:
- absolutely crucial: users have to give their clear
and unambiguous consent
- it must be an informed consent, meaning that users
have to be well informed about:
- which data will be collected
- for what purpose
- when data will be deleted
- etc.
- gradation of consent: how to arrange that some
services receive location data, but not others?
- IMPORTANT: user must have the possibility to
withdraw the consent at any time for the whole service, or for only
parts of it
- Legal framework is necessary but not sufficient
- There also have to exist technical means for
this kind of consent-management
- More solutions: Anonymity/pseudonymity
- Pseudonymous profiling would also be permitted
according to the German law (Teleservices Data Protection Act) -- does
not require explicit user consent -- but, only if no way to link back
to any real person.
- Legal framework:
- European law: 1997 directive (97/66/EG) on
protection of telecommunication data covers location data as an
example of traffic data
- A new directive is underway: it has a special
provision for location data, which states that location data can only
be processed if made anonymous or with the user’s consent
- Exception: in case of emergency calls, location
information MUST be transmitted (cf. E911 in the U.S.)
- Conclusions:
- Legal framework is important -- work underway in
Europe for mobile web applications
- More important is to develop mobile devices that
give users control over their location data
- Need for user to have granular control -- not just
yes/no options
- Technical means to minimize data flows and allow
for anonymous mobile web services should be developed
Questions:
- Bryan: you said user has to opt-in -- does that apply
to aggregation of data too (e.g., that collected by network operator)?
- Alan: what is user experience going to be, with these
requirements? What features would you like to see (in UI, for example)?
- Danny: [clarifying] For example, what would be
adequate notice?
- [@@discussion about this: could be many forms of
notice, but it must be clear to the user@@]
- Scott: the mechanism for retracting consent, does it
have to be in the phone?
- Lukas: not necessarily, but it would be good
- Mark Le M: for me, it’s a UI question. The mobile
phone is being envisioned to doing more than it was ever envisioned.
We might have a button [on the handset] that says private, or
open.
- Sven: the ultimate goal is to have this in the
handset
- Marc Le M: but do you mean option in the
handset, or the handset itself?
- Nicholas: the only way I see this working is if
it’s in trusted entity somewhere. Too complex to have all controls in
handset -- remember that your phone may be shared by family, have
multiple preferences
- Danny: important distinction here: there’s the
functional appearance to the user, and then how this functionality is
implemented
- Alan: I think UI is critical
- Mike M: I don’t think the UI problem is that big.
Think back to web surfing with lynx many years ago. UIs will get
better over time -- we don’t have to specify everything in the
UI.
- Marc Le M: I want to take an in-between position:
yes, the technology’s getting better, but no, we’re not where we need
to be yet.
- Nicholas: also, you don’t want to do everything on
your mobile. There will be times when I want to use a wireline device
(computer), because of the display, etc. [Don’t have to make phone do
everything.]
- Frank: but, there will be many cases where all you
have is a mobile phone.
- Bryan: a lot of data has to be archived for network
management. So, my question is: anonymity under what scope?
- Lukas: as long as there’s the possibility of
linkage to a real identity, then data is not anonymous.
- Mike M: how far does the law reach? Suppose I set up
my server in a not-nice place -- they put out my data, I can’t get it
back.
- Lukas: that’s why there was a proposal by data
commissioners to @@??@@
- Danny W: The Yahoo! case in France is interesting, for
this reason.
Henry Ryan, IPSE
[see @@slides@@]
IPSE = Initiative for Privacy Standardization in
Europe
Main points:
- IPSE started by CEN/ISSS (March 2000 -- Open Seminar
“Standardization: A business tool for data privacy”)
- Chair: Nick Mansfield (ICX); deputy chair: John
Borking (Registratiekamer); other members include businesses, ETSI,
etc.
- IPSE project team: Stephanie Perrin, chair; Henry
Ryan; [etc] -- consumer expert, TBA [should now be filled]
- IPSE business plans:
- managerial issues (resistance to including it in
ISO 9000, though)
- privacy enhancing technologies
- international standards
- Timetable [see slide]:
- @@among others@@ First draft report: 12/2000; open
workshop: 3/2001; public consultation 5/2001
Questions:
- Marc L: is this part of EU?
- Henry: Yes and no -- CEN funded by EU, but
standards organizations do not develop standards, are just the
framework for initiating work
- Karen Kremer (Ericsson): wouldn’t ISO certification be
something companies would want, to show consumers that they are taking
privacy seriously?
- Henry: you’re making the argument that some on the
project team made. Yes, but we have to see whether previous standards
(e.g., ISO 9000) really helped companies, or if they just imposed
hurdles on business.
- Eric: WIPO has said individuals have intellectual
property rights over personal data -- why aren’t they here at this
workshop?
- Danny: my personal view is, I think copyright is a
terrible way to protect privacy. I don’t think property rights is the
way to go, and so I guess that explains why WIPO isn’t here.
Panel: Technology integration
Simone Fischer-Hübner,
Karlstad University
[see slides]
Main points:
- Mobile privacy issues:
- WAP gateway/proxy: anonymization is enabled, but
complete profile of user activities is available (i.e., user ID, CPI,
user location)
- presents serious privacy problems
- international harmonization of privacy laws has
been difficult
- Combining CC/PP and P3P:
- initial request with minimal profile
information
- user should be able to define P3P preferences for
whole CPI (profile information) or for CPI components or
attributes
- P3P preferences for CPI: computer, preferences,
location
- Suggestions for P3P enhancements:
- P3P alone does not fulfill several EU-Directive
requirements: legitimacy; adequacy; right of access; adequate
protection for transborder data flow
- working on formal task-based privacy model, which
(with third-party assurance) could protect P3P data at the server
site
Questions:
- Marc L: if I roam, do I use same WAP gateway?
- Scott: why would you want to use the same gateway?
- Mike M: I would turn around -- why would you want
to use multiple web servers?
- [discussion about WAP gateways and how content is
served up in Europe versus in the U.S. -- this was off-scope]
- Simone: protection at WAP gateway site is possible,
e.g., using anonymizing proxies or mix net concepts (such as that used in
Zero-Knowledge’s product)
- Bryan: what is the purpose of anonymity -- to protect
the subscriber, or make user completely unknown to origin server? Seems
like that making user unknown would be infeasible/impractical?
- Simone: from the user’s standpoint, the optimal
situation would be to allow for anonymity whenever user wants to be
anonymous
- Mike M: even having a pseudonym does not protect
me from spam
- Lukas: true, but this is not quite the same as
privacy. Spam is intrusion, yes, but it’s not the core of data
protection. Protecting against identity theft is more like a core
privacy concern. Question is how user can keep control over
his/her identity.
- Marc L: also, you can walk away from a
pseudonym [if it gets spammed], but you can’t just walk away from
your real life identity
Scott Alperin, DoubleClick
[no slides, but see Fiona’s @@paper@@]
Scott, stepping in for Fiona Walsh (who was ill),
presented the Internet ad companies’ perspectives.
Main points:
- Important for ad companies to have a solid position on
privacy: “users really just have the right to know what we’re doing”
- Might users have more control in online world? For
instance, following the DoubleClick-Abacus merger, you can now opt-out of
Abacus databases, which previously had tracked you offline
- Ad companies need to be able to track:
- Reach -- number of unique users who saw ad (“reach
is everything”)
- Frequency -- how many times has user [= target]
seen this ad?
- Conversion -- did user buy/do something because of
this ad?
- Assertion: advertising is needed to pay for
content
- For large advertisers, precise location not that
important. More general location information -- such as what country,
state, or city you’re in -- is sufficient, and these can be obtained
without locational services
- A common website now exists for opting out of all
advertising services (DoubleClick, Engage, Avenue A, etc.) @@URL@@
- There are still misunderstandings about cookies among
the public
Comment:
- Sven: I just want to clarify the question about
whether you can do profiles on pseudonyms -- it depends on what the
purpose is for. But the point I want to make is that German law would not
allow a DoubleClick to do such profiling -- DoubleClick would be a
third-party to the data in this case, and this is not allowed.
Eric Brunner, Engage
[no slides]
Eric presented his take on the of results of the
workshop:
Suggested action items from Eric:
- Each side (WAP and W3C) provide the other with access
to specs
- WAP: deploy P3P on their content sites
- Need to have policy reference files, etc., on
their hardwire sites
- P3P WG needs to prototype a mobile/WAP extension and
implement it
- WAP browsers need to try to implement “P3P core” --
i.e., policy reference files, etc. @@see requirements of CR draft@@
- P3P community should do a IPv6 draft
Other observations from Eric:
- Clear that we don’t have a shared, common
taxonomy
- Clear that we don’t have a consistent idea of
architecture
- We need use cases
- Need to come up with (or reference) fair location
information practices
- Do we need a query mechanism?
Comments/questions:
- Frank: wouldn’t I need scenarios first, to know what’s
needed for an extension of P3P? Seems like prototyping an extension is
premature.
- Mike M: are you saying that P3P 1.0 is the only
option?
- Eric: that’s why we’re here. If you don’t want to
use P3P, you should opt out by walking through that door
- Patrick: I’m going to overrule that comment. P3P
is, we hope, a good starting point, but we don’t mean to suggest it is
the whole or only solution.
- [@@disagreement between Eric and me on necessity
of P3P@@]
- Mike M: P3P 1.0 will not work for mobile -- should
not assume a priori that this is what will work in mobile
environment
General discussion:
- Danny W: could someone explain the difference between
bandwidth and roundtrips for wireless?
- Mark V: bandwidth is throughput; roundtrips are what
really slow down mobile.
- Marc Le M: latency depends on type of mobile device,
e.g., GSM is not as bad as GPRS.
- Marc L: I want to question the need for a query
mechanism (i.e., a way to negotiate between site’s policies and user
preferences). It might be a nice feature, but I don’t really see use
scenarios.
- Marc Le M: a use case would be: a vendor can get you
a dinner and a movie package versus just a movie, if you are willing to
give out some data that you normally would not.
- Marc L: I don’t see that as negotiation. They
offer me something, and if I accept it, fine.
- Ewan: another use case would be a friend-finder --
do you want friends to be able to locate you by your mobile?
- Marc L: I don’t see how this is different from
today. Maybe we don’t have the same definition of negotiation --
what I mean is automated negotiation [between server and
client]
- Marc Le M: I still think a requirement is to have
audit/record of “negotiations” that take place, when these go beyond
user’s preferences
[Note: there was considerable
disagreement/misunderstanding about what “negotiation” means. For Marc L, it
is automated negotiation that takes place in background, between client (UA)
and server (website). For Marc Le M, it is whenever a service prompts user
for data that normally would not be given out, based on that user’s
preferences.]
(Lunch)
Note: the Friday afternoon session was more of a
discussion than a presentation. Patrick’s slides changed over the course of
the afternoon, to reflect comments from workshop participants.
Common themes and next steps,
Patrick Feng (RPI)
Patrick summarized some common themes that had emerged
during the course of the workshop [see slides]:
- User control is underlying goal for all of us
- Users have high expectations for trust in mobile
environment
- P3P is an important starting point, but does not
address all problems
- Tension between “walled garden” and web model?
- Privacy as a business opportunity, not just legal
obligation
- Need to expand dialogue with legal and public policy
communities
- Need for further collaboration between WAP and
W3C
Discussion:
Additional items?
- Danny: Let’s talk about first two slides and see what
we need to add, and what we need to take away. Does this seem like it
reflects our consensus?
- Mark V: We need to address roaming
- Marc Le M: Need common experience across mobile
and wired environments
- Alan: Solutions should also work in isolation,
i.e., if user only has a single experience (only uses mobile
phone)
- Marc Le M: So roaming also includes different
devices, not only different nets
Different business models
- Nicholas: What is meant by “walled garden” tension?
- Danny: My impression is that there exists a set of
complicated @@issues@@. Users on the one hand have the expectation
that wireless device is trusted gateway to trusted environment, but at
the same time wireless network operator can not always guarantee that
trust.
- Bryan: Because of business models, there are
various approaches to @@providing mobile service@@. We need to
recognize that while we are in competition, we must also cooperate.
We would fail if we didn’t partner. We need to have those “walled
garden” fans work together with those who want an “open
experience”.
- Danny: Along the lines of Marc, might say that
there are multiple devices, multiple access models for mobile web
- Marc Le M: Yes, there are different value models
-- sometimes carrier adds value, sometimes carrier is just a pipe.
I’m not sure if I agree with Bryan [about partnering across companies]
-- we don’t know who are our partners are, who our competitors
are.
- @@??@@: People talk about “walled gardens”, but I
haven’t seen anybody having one.
- Danny: Maybe the way to say this is like Marc and
Bryan have done -- that there will be a variety of models out there,
and we have to deal with this.
Security and privacy
- Danny D: We need to distinguish between privacy and
security preferences. And that there will be exceptions to users’
preferences. If you are able to allow in my preferences that I’m willing
to accept exceptions, then you can have business models. We should
conceptually agree that there are security and privacy preferences, and
that there are exceptions that I will have in my preferences.
- Danny W: So you want flexible privacy
relationships?
- Danny D: Yes, but under user control!
User interface
- Alan: We not only need to talk about user experiences,
but also merchant experience, etc.
- Danny: Can we phrase this as “question on UI
issues”?
- Alan: Yes, we need to identify issues, come up
with designs, and see how this fit into a regulatory environment.
- Marc Le M: I agree this is an important item.
- Danny: I just want to point the limitations in the W3C
process of being able to standardize or restrict the UI -- there’s
generally no process for this.
- Marc Le M: We could do the same as what Phone.com
did with style guides -- if they wouldn’t have done that we would have
no guidelines [in our industry].
- Mike: How about “guidelines”? We already have
this concept in the WAP Forum.
- Danny: OK, guidelines is good
- Scott: Seems to me they are separate things, UI
guidelines and user experience
- Marc Le M: Yes, we also need to talk about
experience!
- Danny: OK, so a consistent experience across
devices, operators, etc. is important.
P3P as starting point
- Bryan: We need to expand on P3P as a starting point --
what is missing, what are the gaps?
- @@??@@: P3P is part of the solution, but entire
solution needs to be defined still!
- Eric: About P3P as starting point -- I’m not sure what
alternatives exist for a policy publishing announcement vehicle.
- Mike: But there is more to privacy than P3P
- Eric: But it is the only announcement vehicle
available, so if it’s just a starting point, I need alternatives.
- Mike: No, we might agree that P3P is a good
announcement vehicle, but there’s more to privacy than
announcement.
- Eric: yes, certainly, as we recognize for wireline
too
- Mike: I would have a problem with the idea of
optimizing P3P for wireless environment. There are definite issues
that P3P left out -- and rightly so -- and we have to address them.
For example, enforcement of policies.
- Eric: But P3P is only an announcement tool.
- Mike: Right, but we need this [enforcement of
policies] for a complete privacy solution.
- Danny: So we need regulatory support. Look at our
bullet “expand dialogue with legal and public policy communities.” We
might want to get more “feedback” from them about our proposed
requirements.
Next steps:
Patrick proposed possible next steps for WAP-W3C [see
slides].
- P3P vocabulary extension for mobile Web
environment:
- Location
- State
- Device profiles
- Other?
Where to do the work?
Discussion: additional vocabulary?
- Scott: This seems to be asking for additional language
for dependencies
- Danny: Not sure I understand
- Bryan: If a privacy policy is based on context --
and the context could be time of day, location, etc. -- then there
needs to be a way to represent “context” in the P3P vocabulary.
- Eric: If we go back to changing the vocabulary, we
would be punching ourselves in the face. We already have an extension
mechanism in the P3P specification, we should use this.
- Danny: I think that’s what we meant by the
slide.
- Patrick: People should certainly feel free to use
the extension mechanism. In addition, we might consider making
extensions to the P3P vocabulary in future versions.
- Eric: I also want to point out that if we attempt to
add to the vocabulary itself, we put at risk the P3P timeline for both
wireline and wireless deployment.
- Danny: We are only talking about extensions
mechanisms for now.
[More next steps]
- Need for integration of CC/PP, UAProf, and P3P
specifications. (How and where to do this?)
- Need to identify appropriate groups to work further on
privacy issues. Is WAP able to suggest a specific group?
Danny: Let me give an example: while developing XHTML, we
had WAP people sit in on the W3C oversight group. So, in this instance we
created a special liaison group. So, in terms of action items, this group
could answer “Who should be in charge at W3C of doing this?” -- and the same
was true for WAP. What we’re looking for is the interface, how WAP and W3C
can collaborate.
- General use cases for mobile privacy and architectural
requirements
- Collaboration zone for exchange of docs (Danny takes
action item to investigate)
- Investigate user interface: what are best practices
for informing mobile users about privacy
- WAP and W3C should identify process for moving ahead
with joint work
Discussion: where to do work?
- Mike: There is an organization that’s not in WAP, but
is close to WAP, which is MET. MET has been looking at security
guidelines for WAP. They are the handset manufacturers in WAP.
- Alan: I don’t think this work should be done
outside WAP.
- Mike: Well, WAP has a strict policy of not doing
UI, so MET might be your best choice.
- Philippe: MET is nice place, but it is quite
(industry?) oriented. Maybe user interface question might be handled
by MET, but they certainly shouldn’t deal with more than that. There
should be a separate “requirements” group that enumerates what [those
requirements are], and then have this resolved top down rather than
bottom up.
- Danny: Let me be very candid: the question is, who’s
responsibility is it to sketch larger privacy requirements? W3C does not
have an overall privacy architecture. I hear some interest from WAP for
doing this, at least for the WAP sphere of interest. But I don’t want to
create the expectations that W3C would go ahead and do this. WAP might
have a larger interest in this than W3C -- I don’t want people to think
that there is symmetrical interest in this.
- Alan: I agree, and that’s why we need to have
groups like WAP and [others who represent industry] figure out where
we are going to do such kind of work.
- Phillip: Maybe privacy can be the first item that
could be solved by a joint group between WAP and W3C?
- Stefan: The WAP forum also has procedures on how
to tackle larger scale requirements. This is what happened 8 months
ago with the location drafting committee: we looked around for who’s
responsible and created the location drafting committee. Maybe, along
the same lines, we would come to the conclusion this time that it
might not be sufficient to have a WAP-only group tackle this
issue.
P3P vocabulary extension?
- Danny: Is there someone who wants to work on the
vocabulary extension for P3P?
- Mark V: This MUST be done before we start
this.
- Bryan: Maybe I heard that the exact way of doing
this might be disputed, but it is clear that we need to have such an
extension to talk about these issues.
- Patrick: In WAP, there are many people who have
thought about how location affects their business model. Do you imagine
working through your cases and creating a list of requirements that you
pass on to the P3P group, or do you see yourselves using the P3P extension
mechanism and doing it yourself?
- Frank: I’d rather work out from the use-cases, and
then find requirements from there.
- Alan: We are meeting with some WAP Forum people
[during the WAP Forum meeting] and can bring this up, to talk about
finding a place in WAP that would be responsible for defining
these.
- Mike: There are already use cases, for example in
the location drafting group.
- Dave: And we do have liaisons already [between WAP
and W3C], so there is nothing to stop us doing something like this
again [i.e., hold a workshop] for privacy.
- Danny: Right, so we’ve brought our two groups together
in this workshop, that was our first action item [from the WAP-W3C
coordination group]. Now, what is our second action item?
- Ewan: To find a group in WAP to be responsible for
privacy.
- [@@discussion about what would be appropriate
group in WAP@@]
- Danny: The question is, when do you want to come back
together, and what do you promise to come back with?
- Dave: there is a Specification Requirements
Committee (SPECCOM, or SRC) -- they can identify what to do next if an
issue comes up.
- Stefan: Right, my proposal would be to take this
to SRC. I will initiate this and then they would come back with some
form of liaison statement.
- Mike: I agree, they are the right people to take
this to.
- Phillip: To whom should they report back?
- Danny: To the WAP-W3C coordination group.
- Eric: Who is in the W3C portion of that coordination
group?
- Danny: The chair (Jean-François Abramatic), all 4
domain leaders, and Johan Hjelm
Timeline?
- Danny: I’m concerned about lack of dates for these
action items. We [W3C] will circulate minutes, and present a report by the
end of January. What is the timeline for other action items?
- Mike: There seems to be consensus that P3P does not
solve all privacy issues for mobile environment. Is anything planned in
terms of future work on P3P?
- Danny: No, nothing planned.
- Mike: We [WAP] are afraid to take P3P and add things
to it, and then be accused of adding things that are incompatible with
other specifications.
- Danny: P3P invites addition -- that’s why there’s
an extension mechanism -- so there’s no problem from our side. Any
concerns from your side that we might run with your additions later
and use them in ways you don’t like?
- Mike: No, our main concern is not to do work
twice. So, we might come back with our work and show you “here’s what
was missing,” and in this way add some form of a WAP-stamp to the rest
of the work.
- Danny: Well, you could just go ahead and make your
own additions, and then we would look at them. It’s a dialogue. WAP
has some requirements, and we touched on them today. These could be
sorted out purely in a WAP context, or they could be sorted out in a
broader web context. What I am pushing for here is timelines, because
it would help us in P3P planning process.
- Mike: What’s the timeline for P3P after 1.0?
- Danny: There’s no committed timeline after 1.0
yet. It would be nice, since we’ve identified action items on both of
our sides, to get timelines on when we could solve these items.
- Alan: Since we hadn’t really had discussed these in
WAP, we need to be fair to WAP members and allow them to discuss
things.
- Danny: I agree. I just want some deliverables that we
can measure. If WAP comes back in several weeks with a timeline, then I’m
happy.
- Patrick: So Stefan, is this a possible scenario?
- Stefan: I can bring this up at the next meeting,
and in maybe 2 months or so they might be able to produce a document
with some market requirements.
- Danny: I just want to get a date for when to check
back with each other.
- Mark V(?): What I’m hearing here, no one from WAP is
willing to take the lead here. So Stefan, if you are able to get back to
Danny here in 2 weeks or so, and let him know where the SRC stands
- Danny: Yes, I don’t want to create pressure here,
I just don’t want to say “we had a nice talk, thanks” and leave it at
that.
- Alan: In all fairness, we need some time to
socialize, to put things on the calendar. So maybe by next Friday, we
could give you a date at which to meet again.
- Danny: What I’d like is not a date, but a reason to
get back together. I’d like to be clear on who is committing to
what. We need a collective feedback from WAP on where we go from here --
what parts are separate, and what parts do we do together? I’d like this
to be the question on which we hear back from WAP. And I’d like a date
for when I would need to pay attention to this again. <grin>
- Patrick: So Stefan will get the ball rolling -- try to
get a response from WAP SRC. He, or someone else in WAP, could be the
informal liaison to us in the meantime.
- Danny: What I’d like to know is something along the
lines of “In x number of weeks we’ll get back to you.”
- Dave: The earliest time would be the WAP February
2001 meeting, when we next get together.
- Danny: That’s great, that’s enough for now. We will
supply minutes and documents of this meeting. Thanks everybody!
[Meeting ends at 15:20]