SV_MEETING_TITLE -- 15 Aug 2012

<Chris_IAB> I will be joining the call today, probably via Skype in about 15-min.

<aleecia> Great, Chris!

<aleecia> Ok, we should be all set.

<schunter1> thanks aleecia!

<schunter1> It worked for me (you are the 1st participant).

<schunter1> The passcode is only valid 10min before the start (AFAIR).

<aleecia> Yes.

<aleecia> Uh, yes on first 10 minutes, not yes on having issues

<aleecia> I've run into that a few times :-)

<aleecia> hi (muted)

<rvaneijk> will be joining the call in about 15 minutes...

<aleecia> Please mute

<aleecia> thank you

<aleecia> Who called in via Skype or similar?

<schunter1> Nick: Do you want to do the de-anonymisation procedure?

<Chris_IAB> just joined via Skype

<aleecia> (perhaps Chris?)

<aleecia> great

<Chris_IAB> fyi- am on mute, as I'm joining from an off-site meeting

<aleecia> Chris, so noted. We'll want an update on the action item you have due.

<BrendanIAB> BrendanIAB just joined via Skype, but I didn't see me scroll by.

<aleecia> I don't see you either, Brendan

<Chris_IAB> Aleecia, which action item do I have due?

<David> zakim - its actually MacMillan (with an 'a' in Mac)

<aleecia> Wrong Chris, sorry

<Chris_IAB> np

<efelten> Zakim DavidMcMillan is DavidMacMillan

<aleecia> Yes, none of that made any sense - need coffee.

<npdoty> schunter: sent out a list of issues I think are resolved in the draft

<aleecia> scribenick: aleecia

<npdoty> ... haven't seen any comments on the issues planning to close

Matthias: Listed issues to close based on the document, no comments.

<schunter1> scribe anybody?

I can scribe again if needed

But did last time :-)

<schunter1> Brendan?

<BrendanIAB> I annot scribe today

<JC> I will

thanks, JC

<schunter1> Thanks a lot!

<scribe> scribenick: JC

<npdoty> scribenick: JC

shcunter: Looking at overdue action items, there are 4
... action 225 Heather?

Heather: I'm not finished yet

<npdoty> action-225?

<trackbot> ACTION-225 -- Heather West to propose an alternative definition of first party (based on ownership? alternative to inference?) -- due 2012-08-01 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/225

Heather: will finish next week or we can drop it.

<aleecia> updated.

Schunter: action 229 Rigo?

<npdoty> action-229?

<trackbot> Getting info on ACTION-229 failed - alert sysreq of a possible bug

<WileyS> I only got comments to Chris last night so I think we need another week

<aleecia> I'll send email to ping.

<WileyS> Thank you

<aleecia> Shane, thanks for the info

Schunter: will send reminder on Action 229
... action 232 David

<aleecia> Getting it out by Friday would let people read it in time for the next call

dwainberg: will finish next week

<aleecia> I'll see what Chris thinks & cc you

Schunter: that closes action items. Any other issues?

<npdoty> trackbot, reload

Schunter: Callers identified?

Npdoty: Still checking a couple numbers.

<damiano> Damiano Fusco from Nielsen, on Google Talk

Are we fully confirmed on next f2f?

<efelten> 212 is New York

<chapell> 917 is chapell

Schunter: Next agenda item is TPE changes

<fielding> http://www.w3.org/2011/tracking-protection/drafts/diffs/TPE-sea-to-20120814.html

Fielding: I sent around the changes earlier. Major changes in section 4.3 & 5
... enables JS to ask for an exception or to enable APIs to ask for exception
... section 5 is big change
... holds tracking status value. N none 1 first part 3 third party
... claim by origin server stating this is how I operate
... doesn't indicate how it is used because it may not be known

<jmayer> We discussed this on the last call, and I thought we had agreement it's a Compliance issue.

<schunter1> What does "this" in your sentence refer to?

Fielding: the actual choice will be in header field or tracking resouce

<johnsimpson> apologies was stuck in LA traffic

<jmayer> Consent != first party. There are some limits on first parties, and there may be limits to the consent.

Fielding: other response is consent. If consent is answer then a link to consent controlling resource is necessary
... another response could indicate that a consent may have changed for monitoring cache changes
... I also moved some text around.
... section 5.4 is about the same.

<npdoty> regarding "C", consent, the current spec says sites SHOULD provide a control URI in such a case. (I had thought earlier we had agreed on MUST, but would have to check.)

Fielding: changed partner array to third-party array for clarity and consistency.
... received and response member has been removed.

<WileyS> Nick, we stayed with a "SHOULD" in discussion as a full out-of-band experience wouldn't require a control URI (meaning the entire experience occurs outside of the DNT context - consent and control - and this only serves as a reminder to the user)

Fielding: qualifiers nobody liked so they have been removed.

<jmayer> Could you say what that just meant?

<dsinger> (all the qualifiers indicating claims of permissions, etc. are gone)

Fielding: section 5 the section on status codes,

<jmayer> npdoty, I thought it was a MUST too - that was the compromise.

<WileyS> Jmayer, how is consent a compromise?

Schunter: lets take questions before moving to Dsinger
... you have one week to respond to issues

<npdoty> schunter: reminder to raise any issues with closing the list of issues by the 20th; let schunter know if you need more time

Jmayer: Could you clarify the removal of qualifiers?

<aleecia> It seems to me that it's very premature to drop things for lack of expected implementations.

Fielding: I couldn't find anyone who wanted to define them for every resource

<schunter1> The main justification was that we discussed and agreed in seattle.

Fielding: the only person who wanted it on the client was Tom, but if no one implements why bother.

<aleecia> I'd expect post-LC to be a time we'd find out about implementations at earliest

Jmayer: How do we manage issues that are important, but no one wants to work on it?

<jmayer> Um, no JC.

<fielding> right, chair called it in seattle

<jmayer> Jmayer: Maybe this stays in the spec, maybe it doesn't. But some people care about it. So we should have more process than a unilateral decision by an editor.

Schunter: Roy implemented based on Seattle discussions

<aleecia> I believe you're hearing sustained disagreement with that approach, Matthias

<fielding> and the text was a proposal from me, not consensus from the group

Dwainberg: was is the tracking status of n and how to state that no tracking is occurring

<aleecia> We've been reviewing the text from Ninja on that.

<aleecia> On the compliance side.

<npdoty> I heard agreement in Seattle that we would want a definition of such a term.

<aleecia> We talked about that 2-3 calls ago

<adrianba> ACTION-110?

<trackbot> ACTION-110 -- Ninja Marnau to write proposal text for what it means to "not track" -- due 2012-02-10 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/110

<tl> +q to point out that this is not what we agreed.

<aleecia> Or, Adrian can find it - thanks!

Schunter: there are three levels of tracking N not tracking 1 first party 3 third parthy

<Chris_IAB> for better :)

Ifette: We spent a lot of time defining DNT 0 & 1, exceptions a questions was asked about implementation and no one said yes

<aleecia> Quite.

<jmayer> Stay on topic...

Ifette: from a process standpoint is it worth spending time on issues if no one is willing to implement things
... that makes me worry

<dsinger> for us, the devil is in the details, indeed

<sidstamm> yes, agreed dsinger

Schunter: I hope people consider what is likely to be implemented or not. But for now it is just hearsay
... we should try to reach consensus

<Chris_IAB> yes, but how does that affect compliance?

<WileyS> If there is no exception framework I don't see why industry would implement this standard

Schunter: we should not automatically kill an idea because some people say they won't implement it
... Ifette what did you mean no one implements dnt:0

<BrendanIAB> There is a difference between "nobody will use" vs "nobody will implement"

<Chris_IAB> Mozilla did say they were going to implement DNT:0

Ifette: No one agreed to implement it or have currently

<aleecia> Ian is asking specifically about browsers, and it *has* been implemented

<dsinger> no-one really explained why a *general preference* for dnt:0 makes sense. dnt:0 for exceptions does make sense

<jmayer> Actually, I have implemented a prototype of exceptions, and Mozilla said they're looking into it.

Ifette: let's see what happens when Aleecia sends out poll

<aleecia> It's built into b2g, and it's on the roadmap for FF

<Chris_IAB> should we survey all the browser makers on this?

Schunter: Let's not kill the feature unless all browser vendors say no

<Zakim> dsinger, you wanted to ask about my email

<fielding> WileyS, to implement DNT you only need DNT and any consent mechanism -- it is far easier for us to use cookies as a consent mechanism than cookies for 90% of browsers and a half-baked API for the other 10%

<dsinger> http://lists.w3.org/Archives/Public/public-tracking/2012Jul/0202.html

Dsinger: End of July I sent out questions using WKR and others, but no one responded
... what do we need resource and tracking header to answer?

Schunter: Dsinger still wants answers to email?

<johnsimpson> David, can you resdend the email?

Dsinger: I would like to encourage peole to respond otherwise it is hard to design it

<dsinger> archived here, johnsimpson http://lists.w3.org/Archives/Public/public-tracking/2012Jul/0202.html

<Zakim> tl, you wanted to point out that this is not what we agreed.

<fielding> dsinger, I would like to move those questions and answers to section 5.6

<npdoty> ACTION: schunter to follow-up re: David, regarding purposes of the WKR [recorded in http://www.w3.org/2012/08/15-dnt-minutes.html#action01]

<trackbot> Created ACTION-238 - Follow-up re: David, regarding purposes of the WKR [on Matthias Schunter - due 2012-08-22].

<Chris_IAB> Schunter1, re: Ian's point, I would suggest that this working group survey (even privately) if major browsers and UAs will implement DNT:0, so as to avoid unnessesary work on this...

TL: I want to reiterate point about procedure. Maybe Roy is right or perhaps not, but in Seattle we agreed to a specific format and had consensus

<WileyS> Roy, if cookies were enough then the current opt-out structure is just fine and DNT is not needed

TL: it would make more sense to have a document that reflects our consensus

<npdoty> from the Bellevue minutes: <aleecia> AGREED: fields become part of optional member of tracking status resource

TL: if there are changes lets have that discussion rather than having editor drop it on floor

<ifette> +1 fielding

<rvaneijk> I had an interest as well, tl was not alone :)

Ifette: we never had consensus on that issue

Fielding: of Ifette

<tl> +q

<aleecia> Nick, can you grab additional context to note what "fields" these are?

Fielding: if you want something in the document create an issue and we can add it back

TL: we had it in the document based on a whiteboarding session
... after the 25 minute session we had consensus

<jmayer> One year in, we still don't have a clear process for accepting edits. How wonderful.

Schunter: We should look at the minutes and make a decsion
... if you disagree with the proposal then make a counter proposal

<dsinger> sounds like Roy may be mistaken in his perception of what the consensus was on qualifiers; maybe we should re-confirm that. The question is, is the onus on those who want them out, or on those who want them in?

Schunter: we may have changed our mind or missed a consensus. In the end we should have text we call all live with

<aleecia> what?

TL: we had a process where we discussed what we were going to do. Reproposing things is not a good approach.

<justin_> Wait, editors can decide whose opinion matters? Awesome.

<npdoty> aleecia, I believe we're referring to the list of qualifiers for permitted uses (which would need to be updated)

Dsinger: Is the onus on the editor or the people who don't want text removed.

<WileyS> David, you weren't at the meeting but I believe the consensus was to remove the fields

Fielding: let's work with chair on issue

<fielding> I was told to remove the fields by the CHAIR

Schunter: Let's repropose as needed. I would look at minutes and see what I can find.

<npdoty> I thought we had agreed to drop them (the permitted use qualifier fields) from the header and make them optional in the WKR

<WileyS> +1 to Nick

<amyc> agree with nick and shane

Schunter: if not in minutes let's work together to fix text

<WileyS> that's exactly my memory as well

<aleecia> With sustained objections

<dsinger> for the record, I was disturbed to see them completely gone, but I was not in Seattle

???

<fielding> Then propose text to make them optional in the resource -- I have no such text and am not going to waste my time on it any further.

<WileyS> David, not completely gone - moved to an optional element

<rvaneijk> Minutes: matthias: we have consensus to remove the tokens except for p

<rvaneijk> http://www.w3.org/2012/06/22-dnt-minutes#item04

Schunter: I will go through minutes to see what I can find. Nick will add actoin.

<fielding> p is now C

Schunter: any question on Fieldings update?
... David provide update

<npdoty> ACTION: schunter to review minutes regarding permitted use qualifiers [recorded in http://www.w3.org/2012/08/15-dnt-minutes.html#action02]

<trackbot> Created ACTION-239 - Review minutes regarding permitted use qualifiers [on Matthias Schunter - due 2012-08-22].

Dsinger: minor change to reconfirmation of exceptions

<vincent> what if he reject the exception request, shoudl we ask again?

Dsinger: big change resolving tention between people who want explicit list of third parties and giving peole ability to modify list
... is this mechanism operational or not. Can user agent deal with explicit list or deal with them as a site-wide exception. this should be reviewed
... what do we tell the first party. It could add itself to third-party list and get DNT:0, but seems like bad idea. Maybe modify header to handle.
... for remove call I simplified it by making it a general removal to clean state and put back needed exceptions
... web-wide exception not changed. Added section on API for user's general tracking preference.
... what if exception request is rejected?

vincent: User agent must know when exceptions are granted

Dsinger: also must be able to know when exceptions are removed
... the return callback indicates if the exception was granted or not

<npdoty> I think vincent is perhaps noting that the user agent might remember that the user has rejected this request before and not bother the user?

<vincent> yes that's it :)

<jmayer> +q

<vincent> thx npdoty, ifette

<npdoty> sites can use cookies and other mechanisms to remember what happened the last time they did something

Ifette: How does user agent know when to ask if exception is still granted?

Cookies don't work very well

<jmayer> -q

scribe: how do we track when an exception is not granted

<WileyS> Nick, if cookies were enough then the current opt-out approach would be fine and DNT would not be needed

<ifette> it's not about how the UA handles it, it's whether there's any way for the site to handle it

Schunter: do we want to change protocal or place requirements on UA?

Ifette: The question is whether the site can know if it needs to ask for exception

Schunter: according to spec it is okay to cache response

<npdoty> WileyS, I'm not suggesting use of cookies for opt-out, just if a site wanted to remember a rejected request from a past interaction, the way sites will continue to use cookies to remember other preferences

<WileyS> Its up to the site to determine how many times it wants to request an exception

Dsinger: is not clear on cookieing the user. It is not suggest not forbidden

<WileyS> They can use any mechanism they desire

<npdoty> +1, up to the site's design

Dsinger: this is a site design question that could be a rathole for us
... do we need an issue?

<WileyS> +q

<jmayer> Yep. I don't think a cookie like "HaveAskedForException=True" would raise objections.

<BrendanIAB> If the UA can cache the user response, and the site cannot determine if it has received a cached response or a direct user response, there is the possibility of problem with regards to server response.

<aleecia> +1

WileyS: We should speak to it directly to idicate server can implement mechanism of it choice to remember user choices

<jmayer> We should also be explicit about browsers limiting excessive requests.

WileyS: if a site wants to ask user everytime that should be a fair outcome though not suggested.

<dsinger> ACTION: dsinger to insert a note on how sites can avoid repeatedly asking the user for an exception [recorded in http://www.w3.org/2012/08/15-dnt-minutes.html#action03]

<trackbot> Sorry, couldn't find user - dsinger

Dsinger: I will drop a note to that effect

<jmayer> And that there are limits on the designs that might be allowed.

<efelten> Non-normative text giving some example implementation approaches?

<WileyS> jmayer, use can leave site if they feel requests are excessive

<npdoty> ACTION: singer to insert a note on how sites can avoid repeatedly asking the user for an exception [recorded in http://www.w3.org/2012/08/15-dnt-minutes.html#action04]

<trackbot> Created ACTION-240 - Insert a note on how sites can avoid repeatedly asking the user for an exception [on David Singer - due 2012-08-22].

<WileyS> Jmayer, "user" can...

<jmayer> WileyS, requests might not originate from a site.

<jmayer> *first-party site.

<npdoty> issue-116?

<trackbot> ISSUE-116 -- How can we build a JS DOM property which doesn't allow inline JS to receive mixed signals? -- pending review

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/116

Schunter: Issue 116 is there an agreement on status

<WileyS> jmayer, if a 3rd party is the source of the request then the first party will manage the issue if the requests are excessive (aka - kick the 3rd party off of their site)

<rvaneijk> Wiley, leaving a site because of excessive requests contradicts the element of free choice. It will definitely become a problem in EU.

<schunter1> Not if we permit user agents to cache decisions.

<WileyS> Rob, I disagree with the thought that free choice can be applied in this context from a EU legal perspective

Npdoty: We have the JS property. the value will be one was sent to the first party. third party should only use it if there not expecting an exception

<fielding> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#js-dom

<rvaneijk> I know we disagree

Schunter: what was disagreement and how we come to agreeable conclusion

<WileyS> rvaneijk, can you provide any case law that supports your position? :-)

Fielding: I don't know how to describe disagreement

<jmayer> WileyS, you are endlessly entertaining. We all know that many first parties have very little control over the third parties on their website.

<rvaneijk> see my presentation on consent in brussels

Dsinger: what is problem

Npdoty: difference between text and what was sent on ML

<WileyS> jmayer, not true. 1st parties have complete control. Any tag "initially" placed on a page is done so by the 1st party. Its my assumption it would be possible to track the source of excessive requests to its source and backtrack and take appropriate action as a 1st party.

<fielding> trying to find Nick's message

<WileyS> jmayer, allow the free market to manage itself in this context versus building arbitrary definitions of "excessive"

Npdoty: header should be per sight and not general value

<WileyS> rvaneijk, I have reviewed it - not meaningful case law in this area

Npdoty: it should reflect the value of the header originating the page request

Dsinger: can't there be a cross site scripting problem

<justin_> If I'm a publisher, and a third party is spamming my users, I'm going to find a way to put a stop to it. I don't see how adding "excessive" to a W3C spec is helpful.

Schunter: is there a need for feature?

<ifette> also, should it be off of navigator or window?

Ifette: Should that be off Navigator or Window?

Npdoty: if top level page Window, otherwise Navigator

<sidstamm> +1 to npdoty … global setting should hang off navigator

<fielding> npdoty, I can't find your text on list -- did you send it just to editors?

<jmayer> Hanging from window and pegging to the frame location seems the most reasonable approach to me.

<schunter1> There is no concept of a "general preference" defined yet. User agents may use heuristics (reflecting user preference) to determine DNT;0 vs. DNT;1

Adrianba: we put things on Navigator because Window is the global namespace, and can cause conflicts with other names

<npdoty> fielding, my original proposal is at: http://lists.w3.org/Archives/Public/public-tracking/2012May/0313.html and regarding our particular differences I sent just to you and dave, I think

Ifette: I understand name conflicts, I don't know how we solve, but I prefer it not on Navigator

<adrianba> agree with ifette - makes sense

<fielding> to be clear, the current text does not have the top-level origin part

<ifette> ifette: if it's a property of the origin and changes depending on what site

Schunter: Do we need this feature and for which use case?

Fielding: for js runing on a page

<ifette> ifette: depending on what site i'm on, then it's not really a property of the navigator but rather of the window. especially if an iframe on a different origin can discover something about the parent, that seems suboptimal

Dsinger: What is the use case for understand general preference

Fielding: so it can avoid sending header to sites that do not implement dnt

Npdoty: It can be valuable to know what value was received to avoid a call

Dsinger: It should be careful with interactions with sites that do not implement DNT

Schunter: a user can use a mechanism to indicate prefence, but do not want to obligate UA

Fielding: we have the concept

<npdoty> schunter: we don't have a defined concept of a general preference, user agent and user can use whatever heuristic they want

<npdoty> fielding: we do have the concept of being "enabled"

<dsinger> oh, a UA is allowed to say "european sites don't get DNT, Ugandan ones do"

Schunter: a user can send what it wants to sites as long as it can prove it reflects user preference
... how do we move forward?

<dsinger> propose that those who want to change something propose exact text changes?

Schunter: we should reopen issue and collect use cases

Dsinger: giving we have a proposal lets make changes pending reviews

Schunter: so we should make proposals and counter proposals as needed

<dsinger> to propose the changes you suggest...

Npdoty: I will take action to make suggested changes

<npdoty> ACTION: doty to propose changes regarding issue-116 (and also "general preference") [recorded in http://www.w3.org/2012/08/15-dnt-minutes.html#action05]

<trackbot> Could not create new action (failed to parse response from server) - please contact sysreq with the details of what happened.

<trackbot> Could not create new action (unparseable data in server response: local variable 'd' referenced before assignment) - please contact sysreq with the details of what happened.

Schunter: 137 is open

<npdoty> ACTION: doty to propose changes regarding issue-116 (and also "general preference") [recorded in http://www.w3.org/2012/08/15-dnt-minutes.html#action06]

<trackbot> Could not create new action (failed to parse response from server) - please contact sysreq with the details of what happened.

<trackbot> Could not create new action (unparseable data in server response: local variable 'd' referenced before assignment) - please contact sysreq with the details of what happened.

Schunter: if service provide on page they should indicate they are part of first party or send something different
... this is not closed

<dsinger> we sent a discussion document to the list, without reaction

<fielding> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value

Dsinger: hard to know where we are

<fielding> Right, as it says in text: No, in practice there may be dozens of service providers on any given request. If the designated resource is operated by a service provider acting as a first party, then the responsible first party is identified by the policy link or the owner of the origin server domain. This satisfies the use case of distinguishing between a service provider acting for some other site and the same service provider acting on one of its own sites.

Fielding: I placed resolution of our discussion in IRc

<dsinger> discussion at http://www.w3.org/mid/0EF8FE6B-77A3-4B82-A10C-3918477EA59B@apple.com

Fielding: I explained why SP tag does not provide usefulness and it is an open issue.
... people should review text

Dsinger: there is a difference between a hosting provider and a site acting on behalf of first party

Schunter: If a site uses a service provider it must satisfy constraints and indicate it is first party otherwise third party

Dsinger: the site can, but the user may disagree
... the site should indicate that it is acting as service provider

<npdoty> well, yimg.com is part of the 1st party even though it's a different domain name than yahoo.com

<aleecia> We've spent a long time talking about this and I thought we agreed that there is a difference between 1st party and acting as a 1st party but is a Service Provider

<aleecia> or, 3rd party acting as a different 3rd party

Schunter: That is a UA can not tell difference between 1P and SP

<aleecia> Yes.

Schunter: the question is how do we indicate to UA

<aleecia> I thought we'd agreed to do so in Seattle

Fielding: there could be dozens of SP on major web sites

<jmayer> +q

Schunter: I agree with David on this. Analytics provide all the rule so they are part of the 1P.
... that could be confusing to user

Fielding: that is a different issue

Schunter: how can a UA differentiation between first party and accidentaly included 3rd party

<jmayer> I would prefer we resolve this now.

<dsinger> am happy to write up the issue/question

Schunter: I will work with David on how to resolve

<dsinger> issue-137?

<trackbot> ISSUE-137 -- Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s) -- pending review

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/137

<jmayer> It's been in the backlog for awhile, we have the right participants on the call.

<aleecia> SP can also be acting for a 3rd party

Fielding: will SP need to indicate that it is not first party in tracking status resource
... I added requirement that a SP is acting as first party domain must be run by first party or tracking must be provided and point to first party
... must know when SP is acting as first party for main site or other site
... hard to describe but text is in spec

<johnsimpson> Where in spec?

Schunter: what is attribute

<npdoty> fielding, you're saying the user agent would need to check the `policy` element and if it re-directs to the domain name of the responsible first party?

Fielding: when acting as SP information is provided indicating who first party is

<fielding> If the designated resource is operated by a service provider acting as a first party, then the responsible first party is identified by the policy link or the owner of the origin server domain.

<dsinger> I assume 5.4.3, "An optional member named same-party may be provided with an array value containing a list of domain names that the origin server claims are the same party, to the extent they are referenced by the designated resource, since all data collected via those references share the same data controller.

<dsinger> "

<fielding> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#tracking-status-value

Schunter: I will work with David to see how UA can make choice. New text should determine if flag is needed.

<BrendanIAB> Is it absolutely necessary for the UA to be able to determine in-transaction the state (1P/3P/SP) of the server with which they are communicating?

<fielding> it isn't an excpetion

Jmayer: some people feel SP needs to be known. Need to know how exception will be used. Getting rid of this is not workable outcome

<schunter1> Roy: In order to inform user agents whether another URL claims to be part of the 1st party (as service provider or for some other reason), then it either needs to be part of the 1st party domain or else be listed in the "same-party" attribtue at the well-known location.

Jmayer: there is not a lot of controversy

<dsinger> some sites might object to their providers effectively saying "I am Acme corp." vs. "I am acting solely on behalf of Acme corp." :-)

Jmayer: three scnarions. 1 send http request as 3rd party, 2 send something as 1st party, send something as SP, but not know for whom
... need to indicate if acting as 1st or 3rd party. I would like to get this resolved know

Schunter: Okay I will draft an outline with David and everyone can respond, ok?

<aleecia> 7 minutes left

Dsinger: please send response on ML jmayer

Jmayer: so we cannot finish on call?

<aleecia> But I agree with David: Jonathan, that was uncommonly lucid, and could really help as a quick post

<jmayer> aleecia, well, at least we got a lot done in the prior 83 minutes.

Dsinger: Only 7 mins left

<fielding> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dfn-policy

<aleecia> I hear you.

Schunter: Have new issues that came up that I would like to resolve

<WileyS> Link please?

Schunter: issue 158 effect of redirect

<npdoty> http://www.w3.org/2011/tracking-protection/track/issues/158

<schunter1> http://www.w3.org/2011/tracking-protection/track/issues/158

<WileyS> Thank you Nick

<WileyS> And Mr. Schunter :-)

Dsinger: they are not considered. should be considered on top level domain and target

<fielding> object because that effectively kills auctions, right?

<WileyS> Site-wide vs. explicit-explicit exception?

<WileyS> If site-wide, this isn't an issue is it?

Npdoty: If DNT:0 needs to go with redirect needs to have site wide exception

<fielding> okay, never mind

Dsinger: yes, if you ask for site-wide exception you do not have problem

<WileyS> But we've not solved explicit-explicit, have we? Do we need to solve that first?

Schunter: what happens if you do nothing?

Dsinger: we can drop corner case (auctions) for now

<npdoty> WileyS, singer presented an updated version of the exception proposal today, including an option to include a list in addition to the site-wide option

<npdoty> WileyS, in any case, you can ask for a site-wide exception if you need DNT:0 to be sent to all third parties, including re-directs related to auctions

<npdoty> user-generated content is another case where you might not know/trust all third parties

Dsinger: we should be fine with just asking for site-wide exceptions.

Schunter: therefore we can close 158:

<npdoty> fine to close 158

Schunter: closing
... leaving 159 and 160 and Raised

f2f firm???????????

<npdoty> I think it makes sense to postpone 159, as suggested just now by singer

<johnsimpson> more details on F2F?

<dsinger> thx for your patience

<npdoty> yes, we're confirmed on October 3-5 in Amsterdam, hosted by an IAB Netherlands member company

<ifette> i'll get it one of these days :(

- DRAFT -

SV_MEETING_TITLE

15 Aug 2012

Attendees

Contents

Summary of Action Items

Scribe.perl diagnostic output