See also: IRC log
<trackbot> Date: 27 February 2013
<aleecia_> Wil be heavily multitasking and not able to speak or type for large portions today's
<npdoty> volunteer for scribing second half of the call?
<schunter> Nick/Peter: I am offline and listening only.
<Yianni> Yes
<peterswire> yianni -- can you scribe
<npdoty> scribenick: Yianni
peter: organizational about
today's call and next week's call
... today's call working through agenda, assigning some action
items
... chris pedigo has a definitino of servie provider
<RichLaBarca> Zakim 6318032933 is me
peter: will include definition of
append and how that is handled
... will move to definition of first party
... focus on clarify of writing, heather just sent a slightly
altered version
... Sid Stamm will give a breifing on the steps of the Mozilla
patch on third party cookies
<sidstamm> thanks, npdoty
peter: next week on wednesday is
beginning of IAPP summit
... peter will be there
... room at that meeting
<JC> -1
<Joanne> -1
<eberkower> -1
<justin_> +1
<moneill2> -1
<vinay> -1
<JC> Will be in flight on Wednesday
peter: how may people will be going to the meeting, +1 is a yes
<ChrisPedigoOPA> +1
<sidstamm> -1
peter: item 3 of agenda is to assign action items
<kulick> -1 for wed, +1 for thurs & fri
peter: would be glad to have
volunteers
... pretty far toward permitted uses: frequency capping,
security, debugging
... could do with editor's, want people to agree to action
items for these
... does anyone agree to frequency capping action item?
... will move to editor's for language
<npdoty> I believe I've proposed text on frequency capping in an earlier round
peter: for security and fraud
prevention, Callas found he was comfortable with language
... does anyone want to come forward with text on that
issue?
...third: debugging, does anoyone want to take an action
item?
... peter will work with Editors for language next week
... general approach is to sllim down number of open
issues
... next item on list is chris pedigo has circulated updated
definition of service provider or processor
... context from peter: this is language that has not been
closed
... want to look at language from chris, then people may want
to raise related issue of appending data
chris: Vinay and chris worked on language
chris: allow an enitty to work on behalf of another company as long as certain conditions are met
<tlr> http://lists.w3.org/Archives/Public/public-tracking/2013Feb/0138.html
chris: seperate data, only use
data as directed, and there has to be a contract that
stipulates that
... included sentence at bottom, service provider still subject
to same restriction of original party
... permitted uses should still apply for service
providers
... Rigo said that would not fly in the EU
<efelten> Is this new language, or an attempt to consolidate the pre-existing proposed language?
chris: not really appropriate in
US either
... some discussion about data append, happy to get into
later
Peter: any questions or comments from the floor
<jchester2> I think the data append issues are inextricably linked to this definition. so we understand the parameters.
<dsinger> this came out while I was commuting; I'll need to read it and discuss it with my colleagues, alas
<rigo> unmute rigo
<ChrisPedigoOPA> ed, this is an attempt to consolidate
<efelten> Thanks, Chris.
Rigo: chris already mentioned
exchange, valid point that data processor that processes on
behalf of another party
... they still have to secure their services, still have to do
debugging
... thought it was clear
... adds explanation that is worthwhiled
... in Europe good understanding of data processor
<susanisrael> *Zakim, Comcast person may by Walt Michel
Rigo: in US not as good an understanding
Peter: within Europe, certain
approved processing, security and debugging
... in explanatory text in US, it would make sense to do
what?
Rigo: peter understands
correctly, we should not change definition but add explanatory
text
... all those permitted uses must be clear in the container of
the contract to the data controller
Amy: I like the text
... like the additional detail
<susanisrael> +1
Amy: we as a publisher, use
vendors to help us detect fraud
... we typically allow them to detect threats to apply their
learnings from working with other companies
... this is a suspicious IP address or angle of attack
... can that kind of scenario be addressed?
Peter: Is that permitted under EU law and practice
Rigo: I would like Rob's
oppinion
... there is a specific security exception in all data
protection laws
... if you collect for security and store forever and
distribute forever
<tlr> I guess the question is whether it's third party + permitted use, or service provider.
<susanisrael> I think making the exception for learnings about security risks makes sense. But other service providers would not get any independent rights to the data itself.
Rigo: if we apply the normal
exception for security, we have a general rule of use and
retention limitation for as long as neccesary
... if you apply this to service providers, DPA could swallow
that
<fielding> specific comments: remove "in a specific network interaction"; remove the last sentence (self-contradiction); don't use a bulleted list; don't use ambiguous targets like "other party" (be specific).
Roy: few specific comments
... generally focus seems fine, could work on log data 2 weeks
after network interaction
... last sentence in description is self contradictory
<rigo> fielding; remove "in a specific network interaction"
Roy: the last thing is there are
ambiguous references to other party, replace with data
controller
... all are editorial, caution to use word data controller
Peter: data controller has legal
connotation, may use party providing service
... does last sentence cause any problems
Roy: no mischief
Peter: why is the language in there about specific network interactions
<vinay> So, I added that following the form of previous definitions
<vinay> I'm fine with Roy's edits
Chris: not sure why it is in
there
... did not want to exclude others working on log files
Peter: data processor for that
time has all of these things, shifting between roles
... language that says that someone might act as data processor
for some and not all activities
<susanisrael> I am happy to work with Chris and Vinay on cleaning up language. I think peter is right about where language came from
<susanisrael> peter, yes, I think you are right.
<aleecia> Q later
<aleecia> Grn
<aleecia> Thanks
Chris: data being seperated sort of addresses Peter's concern
<rigo> fielding; remove "in a specific network interaction"*In a specific network interaction"
<vinay> fine by me, too
Peter: motion to take out clause specific network interaction
Chris: fine by me
Rigo: you would also have to remove from first party definition
<tlr> errrm, no
Rigo: data processor is logically dependent on first party definition
<dsinger> but taking it out of 1st party means we could no longer distinguish 1st and 3rd, which is all contextual on the interaction...
<justin_> It makes sense in the definition of first party --- because it's distinguishing first from third. Don't need it for service provider.
<fielding> another note: it says "separated", but not separated from what … it should be siloed by first party.
Peter: Rigo, specific network interaction, processor could have different roles
<susanisrael> +1 to siloed by first party
Peter: seems you could keep for first party and not here
Nick: ask about the differences
from option 1
... might be easier to review if we compare to option 1
... different I see: 1st bullet seperated by is a little less
clear
... is it seperate from each data controller, or other
seperation?
... 2nd bullet, more concern with other party, seems to be a
little too open ended
... if I contract you to build a profile, is that a service
provider relationship
<fielding> "A Data Processor is subject to the same restrictions as the other party."
Chris: if you pair with same restrictions of other party that gets to the restrictions
<Chris_IAB> FYI- I can't join via phone today, only IRC. If you need something from me, please ping me here.
Chris: so they could not share
the data because it is restricted
... no sharing with any third party
Peter: will get to first party sharing with third party later
Nick: first parties will share information, facebook sharing information with friends
<susanisrael> Npdoty, i would argue that you, not facebook, are sharing when you post
Chris: no intent to create a loophole
<dsinger> the first party restriction is fairly clear: "The First Party must not pass information about this transaction to non-service provider third parties who could not collect the data themselves under this Recommendation."
Aleecia: couple things: 1 - great
to see text
...2: think I am hearing that there is no permitted uses except
for security
<npdoty> ChrisPedigoOPA, I
didn't mean to imply that you were intending to create a
loophole! I just wanted to think through the implications of
that bullet
...2: from Amy, we may need to change the way we are thinking
about the security permitted use
... a note of need to look at how we look at security
... we need transparancy with the third parties, including with
service providers
<jchester2> +1
<rigo> I think security will only work with a use-limitation (security as finality)
<fielding> Just as shoon as
you have transparency regarding employee names ..
...2: could use with header response, we could do with
discoverability beyond we have affiliates
... we need someway to tell users where there data went
<npdoty> dsinger, I think we have lingering uncertainty about when first parties can share data (like the intentional sharing-on-Facebook case)
Susan: listening to Aleecia,
transparancy for service providers with no right to use data is
different than affiliates
... we expect first parties to disclose affiliates who have
rights to the data
<jchester2> +q
Susan: service providers are different, some service providers cannot be disclosed and change frequently
<dsinger> npdoty: I think we're talking in this definition about passing data to services. clearly if I publish something on my first-party site, I have no control over who reads it...
<aleecia> Agree there's nothing new here. My view remains unchanged: no secret databases
Susan: whole idea of their role, as publisher who uses service providers, we would not want service providers to use data independently
Jeff Chester: talking about whole different class of service providers
scribe: very important for users to understand where their data is going
<susanisrael> Aleecia, we are not talking about secret databases. We are talking about entities that are NOT permitted to use and keep data to build databases.
<rigo> Aleecia, a data processors are bound anyway. There can't be secret databases
scribe: we could classify service providers dealing with data integration and targeting, but users need to know
Peter: summarize some of what he
has heard
... moderate number of fine tuning of text
<susanisrael> I am willing to work with Chris, Vinay and Rigo to refine and clarify the text
<aleecia> Users don't know where their data went. And it goes into a database of course. So yes, these are secret databases
<vinay> Thanks susanisrael
Peter: ask Chris without changing substance to come back with addressing language
Chris: happy to do that
Peter: another piece, a transparancy question, aware of varying views on that
<fielding> A service provider is a contractor. The notion that users need transparency of service providers and not the identity of every employee that might ever touch the data as a first party has no basis, whether or not people want to know that information. In most cases, it won't even be known at the time of interaction.
Peter: have there been specific proposals that are currently open for what the transparacy requirements would look like
<ChrisPedigoOPA> +1 to roy
Peter: anyone with the history
<susanisrael> +1 to fielding
Aleecia: could have affiliates
and service providers send header back
... that is the minority view
... have not discussed any other mechanisms
<npdoty> have we ever had a proposal in the Compliance doc that had such a transparency requirement?
<npdoty> I don't see one in any of the three Service Provider definitions, for example
<susanisrael> I think it's legitimate for users to know a first party's affiliates--different from service providers
Aleecia: privacy policies use the word affiliates, probably best to drop the use of the word affiliate
<dsinger> to npdoty: It's never been proposed that service-provider flags be obligatory, just available to enable SPs to clarify their status if they wish (and it's only about end-points of HTTP transactions, as well -- what the HTTP spec. calls servers)
Aleecia: talked about third
parties sending a header response as identifying themselves as
being different
... we have had that discussion in the past
Peter: minority view with strong
feelings on the transparacy side
... in terms of the language we have, chris will work on fine
tuning
... we have a tricky question about security
<npdoty> thanks dsinger; maybe we need to ask for alternative compliance text from aleecia or others that would specify transparency
<aleecia> Could well be. I'll need three weeks
Peter: Amy, would you be willing to, looking at the security permitted use, add language addressing the practice of sharing IP addresses from attacks
<aleecia> But I would be happy to contribute a new fairly small sectio
Peter: someone else with that
concern who would propose language?
... common practice that security vendors learn security
concerns from multiple places
... we have a possible tension between actual practice and the
current language
<dwainberg> Is that not also the same case for debugging?
David: happy to take on language
Peter: have some language, and try to understanding European standard
<rigo> David, just send me email. There is a specific article
<dwainberg> ok, rigo
David: similar issue with respect to debugging?
<susanisrael> *Yianni, just let me know when you want me to take over, or I will start at 12:45
Peter: I thin you could come up with language but it would be helping to get input from debugging
taking over at 12:45 works
<dsinger> on the SP flagging, I rather suspect that the new first-party (could be data-controller) well-known resource might serve; I was hoping to spend time with Roy in Cambridge understanding what's possible, and making sure that clarity was *possible* but not required (it's not always desired). that conversation is still pending
Peter: assign an action item to david on security and debugging
<npdoty> ACTION: wainberg to propose language on security vendors as service providers sharing/combining data [recorded in http://www.w3.org/2013/02/27-dnt-minutes.html#action01]
<trackbot> Created ACTION-372 - Propose language on security vendors as service providers sharing/combining data [on David Wainberg - due 2013-03-06].
Peter: if you do debugging actual practices would be helpful
<rigo> David, look at Article 4 of 2002/58/EC http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:NOT
Peter: request that if you add
facts to debugging language
... 2 weeks
<jchester2> +q
Peter: moving to related issue of
append, Jeff do you have any comments
... use cases that Chris sent around show a variety of
situations for append
... some concerns are addressed by keeping information
siloed
... might be other concerns of data flowing from service
provider to first party
<aleecia> I'm going to walk into a mtg w the dean at 10 am, will not be able to listen after but will watch irc
Jeff: data append, i think a user
that has sent a DNT:1, would not understand the array of data
that is used for the profiling and tracking function
... I think this is a really problem and guts peoples concept
of do not track
<ChrisPedigoOPA> +q
Jeff: all this third party data is being integrated and used and you have no say
Rigo: in response to Aleecia, we
have already discussed the serviec provider flag
... service provider can only act as contained by first
party
<aleecia> Once more: sustained disagreement
<susanisrael> +1 to Rigo
Rigo: incentive to declare service providers that are used, so we do not have to be so strict on this
Peter: will follow up with Aleecia on acknowledgment flags
Chris: Data append, hear Jeff's
concern, users do not want to be profiled
... DNT is about limiting data profiling
<aleecia> Note follow up with Peter, perhaps at IIAP
Chris: third parties will not be
able to track data about a user
... I think it is completely acceptable for first party to
learn more about their customers
... or modify the contents of site about what they know about
the user
<jchester2> using 3rd party data that would otherwise would be prohibited via DNT: 1 It's not modify--its intensive databroker targeting
Chris: other point: in DNT world, data brokers will not have profilers about DNT 1 users
<susanisrael> data appends may be used by a first party site to learn about users in aggregate, rather t han to build individual profiles
Chris: will be able to attain information offline or with consent
Susan, want to take over?
<jchester2> The First party will be able to collect a wide range of data on a user, even when DNT: 1 is being used. And we shouldn't permit it.
<susanisrael> scribenick: susanisrael
aleecia: even prohibition on 1st party sharing should not permit data append
<npdoty> as I understand it, there are cryptographic techniques that would allow a first party and third party to match data without the first party revealing their customer list to the third party
npdoty, yes, I think so
<jchester2> I will work with Aleecia
<aleecia> Nick, good point
<aleecia> You are correct
<rigo> npdoty: yep, anon credentials come to my mind
<aleecia> We did not mention that prior
<rigo> yep
<npdoty> ACTION: aleecia to propose text prohibiting data append (because it requires sharing, or otherwise; with jchester) [recorded in http://www.w3.org/2013/02/27-dnt-minutes.html#action02]
<trackbot> Created ACTION-373 - Propose text prohibiting data append (because it requires sharing, or otherwise; with jchester) [on Aleecia McDonald - due 2013-03-06].
<tlr> action-373 due 2013-03-20
<trackbot> Set ACTION-373 Propose text prohibiting data append (because it requires sharing, or otherwise; with jchester) due date to 2013-03-20.
<npdoty> susanisrael: when a service provider doesn't have rights to use data but manipulates it on behalf of the first party, we wouldn't consider that sharing
<scribe> scribenick: susanisrael again
<moneill2> 1st party would have to identify the user (to the 3rd party) i.e. they share user id/instance of user visit to web site
<susanisrael> Peterswire: move to justin to introduce merged definition of first party
<aleecia> (when people ask "what is new info that hasn't come before the group?" and want to know wigat that would look like -- Nick just demonstrated :-) not that is is closed, but if it were, that would be a great reason to revisit)
<susanisrael> Justin: maybe better defintiion is the one heather sent at 11:52. a party with which user interacts is first party
<tlr> Heather's text: http://lists.w3.org/Archives/Public/public-tracking/2013Feb/0152.html
<susanisrael> justin: talked about embedded widgets
<susanisrael> ....tried to take 3 defnitions
<vincent> so it includes redirects?
<susanisrael> Justin: tried to make it straightforward.....
<justin_> In a specific network interaction, a party with which the user interacts is the <dfn>First Party</dfn>. In most cases on a traditional web browser, the first party will be the party that owns and operates the domain visible in the address bar. The party that owns and operates or has control over an (branded/labelled?) embedded widget, search box, or similar service with which a user intentionally interacts is also considered a First Party. If a user merely m[CUT]
<justin_> mouses over, closes, or mutes such content, that is not sufficient interaction to render the party a first party. Non-First Party entities on the site are considered Third Parties.
<aleecia> Trouble: redirects
<susanisrael> peterswire: looking at heather's email, "a party with whom users interact is a first party" which is designed to get away from hard to understand intent
<npdoty> yeah, I assume this is just a typo
<fielding> I suggest using "user intentionally interacts" in the first sentence -- it is used later but is fundamental.
<susanisrael> ...concern is that users interact with third parties also, how do you distinguish....
<aleecia> Roy++
<susanisrael> peterswire: thought you could make some judgment about intended....
<justin_> fine with fielding's suggestion, though hwest wanted to stay away from judging "intent"
<susanisrael> hwest: it is intentionally intended to allow third party elements of a website to be treated as first party
<npdoty> but we are including intent, no definition has ever gotten us away from that
<susanisrael> hwest: re: "high probabability website knows intent," it's really hard to engineer to...better to stay with technical definition of first party...
<aleecia> Would expect rather than intend help at all?
<dsinger> the whole question of machine-testability is thorny
<rigo> +1 to fielding
<susanisrael> fielding: no use for heavy/high probability wording...not something a server intendes, but def should reflect intentional interaction
<susanisrael> fielding: what i did not like was idea of server determining this re: probablistic means, have no way to determine this
<dsinger> there is a gap between what the TPE says ('expected to be used in a first-party context') and the 'high probability' text
<susanisrael> peterswire: let's turn to rest of the sentences. any objections or concerns with rest of definition
<aleecia> Has it changed?
<fielding> I think judging intent should be removed … but having intent is important to distinguish from other interactions.
<susanisrael> dwainberg: similar to problem with first sentence, for a party embedded in page, how can that party know that user has interacted in a way to expect it to be first party
<justin_> What's your alternative dwainberg?
<susanisrael> dwainberg: qu is how party knows user is intentionally interacting with it
<susanisrael> peterswire: does mousing over = not enough help?
<susanisrael> dwainberg: no
<susanisrael> peterswire: any alternative language that avoids problem
<susanisrael> hwest: we might think about some guidance, but idea was that it's a bit of a judgment call
<npdoty> "conscious interaction" sounds great; similar to "intentionally"
<tlr> I'd also like to hear david's proposed change.
<hwest> I like "conscious interaction" better than intent
<susanisrael> npdoty: I think there are some real advantages to ahving party running widgets figure out when it has been interacted with........
<eberkower> Does this require the Turing test?
<Zakim> npdoty, you wanted to ask about redirects
<susanisrael> npdoty: if someone clicks like button i (fb) am in good position to know if interaction
<susanisrael> npdoty: would [......] be considered first party? [url shorteners?]
<justin_> Yes, there is existing language on url shorterners, but we were going to move to appendix.
<justin_> But it's also not consensus --- Google disagreed with my (our?) suggestion.
<susanisrael> peterswire: nick might have additional language, support from roy for keeping third sentence/from justin for first
<susanisrael> ...propose taking that text and nick have action item around language he just proposed.....
<susanisrael> ....david and heather have concerns re: intentional, could propose other language. any objections?
<susanisrael> justin: so should i put idea of intention in first sentence as well?
<npdoty> ACTION: doty to suggest how redirection proposals can factor in to the first party definition [recorded in http://www.w3.org/2013/02/27-dnt-minutes.html#action03]
<trackbot> Created ACTION-374 - Suggest how redirection proposals can factor in to the first party definition [on Nick Doty - due 2013-03-06].
<susanisrael> peterswire: yes, that's one approach, other is for heather or david or others to propose other language
<Zakim> dsinger, you wanted to comment
<rigo> +1 to dsinger
<susanisrael> dsinger: want to point out what fielding wrote in tpe..."designed to be used as a first party resource" then maybe that affects these definitions, eliminates need to think about intent
<susanisrael> peterswire: thank you sidstamm for being here, I thank sid for being a brave and good person and briefing us on Mozilla patch on third party cookies. Goal in call is to get factual understanding...,.
<susanisrael> I hope everyone will speak respectfully and in professional way
<susanisrael> sid: i may be assuming knowledge, so don't be shy to ask questions about how this works...
<susanisrael> we have been trying to think of ways to close gap between what happens on web and what people think happens.
<susanisrael> ...it's how we approach privacy. Users are concerned about cookies and tracking. ...
<fielding> http://allthingsd.com/20130224/mozilla-to-block-third-party-cookies-in-firefox/
<fielding> https://wiki.mozilla.org/SecurityEngineering/ThirdPartyCookies
<susanisrael> not new, safari has been doing it. allow first party cookies and used to allow third parties, but now will permit them only if cookie already set on device....,
<susanisrael> idea is that if people have established relationship in first party context they can continue to interact with the entity in third party context.....
<susanisrael> it's in our nightly build, fairly long release cycle, then graduate to alpha, beta, then release channel...
<susanisrael> in each channel there is different set of users....
<susanisrael> we have time to experiment with really early adopters in nightly, mostly developers.
<susanisrael> ....until we feel confident we won't move forward. You can get involved by joining discussions on privacy, or testing firefox on nightly and see how it works for you....
<susanisrael> jonathan did i miss anything since you wrote the code......
<susanisrael> chrispedigo: thanks sid for brief description. I am not a technologist. 2 questions from members: different from safari? what happens to analytics?
<susanisrael> sid: if analytics provider uses 1st party cookies, no problem
<moneill2> safari just allows 3p cookies on POST vferb
<susanisrael> jmayer: when safari checks to see if first party content has cookie permission: [jmayer, can you clarify this or can someone help report it?]
<npdoty> safari does its check based on whether cookies were sent in the outgoing HTTP request
<susanisrael> ex: if you go to a. foo.com, get a cookie for b.foo.com, there is embedded content for c. foo.com
<susanisrael> *npdoty, thanks
<npdoty> while Firefox instead checks whether there is a cookie permission for something on the top-level domain
<susanisrael> jmayer: under firefox approach both a and c .foo.com would have cookie permission. It's a corner case, in practice unlikely that difference matters
<aleecia> Is there a practical diff or just imp diff?
<sidstamm> aleecia, it was just an implementation convenience and a minor diff
<susanisrael> ...jmayer in practice safari practice is more stringent, but effect similar,
<aleecia> Thanks, sorry I cannot be on the call
<ChrisPedigoOPA_> Sid and Jonathan, thanks for the explanation
<susanisrael> [*sorry interrupted for a min-missed end of jmayer]
<npdoty> jmayer, can you mute?
<susanisrael> rigo: any plan to have mechanism open up again?
<peterswire> someone is typing without mute
<susanisrael> ....some third parties need to set cookie, and won't have a nother chance. I have complaints from developers. Any plans for exception handling?
<susanisrael> sid: no concrete plans right now but i agree there should be a way for trusted sites to have third party cookie users...
<jmayer> Better example: you get an a.foo.com first-party cookie, then visit bar.com which embeds third-party b.foo.com content. Safari would not allow cookie permissions for b.foo.com, Firefox would.
<susanisrael> as we still believe in dnt, maybe there is a way for sites that respect dnt to get third party cookie access
<dsinger> perhaps worth saying that we (at least) are interested in DNT as it's a consensus solution, rather than one-sided (like cookie or ad blocking)
<susanisrael> peterswire: end of call, but if you will be at iapp, pls email me so i can get sense of count and what kind of room we would need
<npdoty> I think third-party servers with a satisfactory ./well-known/dnt would be a great time to relax the cookie restriction
<susanisrael> peterswire: thanks everyone, and we will be in touch fgor next wednesday
<npdoty> rssagent, make logs public
This is scribe.perl Revision: 1.137 of Date: 2012/09/20 20:19:01 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/stan/Sid Stamm/ Found ScribeNick: Yianni Found ScribeNick: susanisrael Found ScribeNick: susanisrael again WARNING: No scribe lines found matching ScribeNick pattern: <susanisrael\ again> ... Inferring Scribes: Yianni, susanisrael, susanisrael again Scribes: Yianni, susanisrael, susanisrael again ScribeNicks: Yianni, susanisrael, susanisrael again Default Present: +1.646.654.aaaa, eberkower, Thomas, moneill2, npdoty, peterswire, +1.609.258.aabb, efelten, Yianni, +1.202.331.aacc, [Microsoft], PhilPearce, Rigo, +1.949.573.aadd, Aleecia, Amy_Colando, +1.917.934.aaee, fielding, Joanne, Chris_Pedigo, achappell?, +1.631.803.aaff, sidstamm, +49.172.147.aagg, +1.650.787.aahh, jchester2, schunter, Keith_Scarborough, +1.215.480.aaii, adrianba, +385345aajj, hefferjr, vinay, kulick, RichLaBarca, Dan_Auerbach, [CDT], +1.650.465.aakk, vincent, Jonathan_Mayer, +1.646.827.aall, hwest, dsinger, chapell, johnsimpson, [Comcast]?, dwainberg?, dwainberg, +1.678.492.aamm, +1.650.308.aann, robsherman, +31.65.141.aaoo, rvaneijk, Brooks? Present: +1.646.654.aaaa eberkower Thomas moneill2 npdoty peterswire +1.609.258.aabb efelten Yianni +1.202.331.aacc [Microsoft] PhilPearce Rigo +1.949.573.aadd Aleecia Amy_Colando +1.917.934.aaee fielding Joanne Chris_Pedigo achappell? +1.631.803.aaff sidstamm +49.172.147.aagg +1.650.787.aahh jchester2 schunter Keith_Scarborough +1.215.480.aaii adrianba +385345aajj hefferjr vinay kulick RichLaBarca Dan_Auerbach [CDT] +1.650.465.aakk vincent Jonathan_Mayer +1.646.827.aall hwest dsinger chapell johnsimpson [Comcast]? dwainberg? dwainberg +1.678.492.aamm +1.650.308.aann robsherman +31.65.141.aaoo rvaneijk Brooks? Found Date: 27 Feb 2013 Guessing minutes URL: http://www.w3.org/2013/02/27-dnt-minutes.html People with action items: aleecia doty wainberg[End of scribe.perl diagnostic output]