[Minutes] of the 25 June teleconference

Minutes for the P3P 1.1 Specification WG call

Present:
Matthias Schunter
David Stampley
Brooks Dobbs
Joseph Reagle
Jeff Edelen
Rigo Wenning
Lorrie Cranor
Giles Hogben

1/ Reports from the different Task-Forces
a/ P3P beyond HTTP - Joseph Reagle
good feedback from hugo haas. Document in decent form, pushed it out for comments
doesn't make sense to use a polref-file. Would be better to use a WSDL-description
PRF has expiration-date not in WSDL
this week will send pointer to web services ig to get more feedback
Rigo asked back about XForms and the generic XML binding that was initially thought
of by Steven Pemberton.  Lorrie said, at that time there was discussion whether we want
an enhanced PRF or just an XML-Element like <XML lang=""> for privacy.

ACTION Rigo: Send feedback to the mailing-list to p3p-beyond to include a general XML-binding

b/ User agent behavior - Lorrie Cranor
Lorrie reported from the last UA TF teleconference on Monday, where the TF got down
the issues list and made progress in the table of UA expressions
People should look at it, read the meetings of mondays call and provide feedback
Some further issues being discussed on the next call.

c/ Compact policies
nothing new

d/ Article 10 vocabulary issues - Giles Hogben
Giles mentioned three issue that were discussed so far:

aa. Verification for disputes for security seal
link to a URI that has a seal for security - practices. This is already possible, added some text
bb. Cookie
cookies-policies have to be honored at set-time and at replay
dd. jurisdiction indication
to express which jurisdiction is governing data exchange

Suggestions about those changes are now under way to be discussed with
the European Commission and possibly with the Art. 29 WP

e/ Nothing new about using XML-Schema TF

2/ Kiel workshop report (Rigo Wenning)
Rigo gave a report on the Kiel Workshop.

16 people attended. Included good representation from industry and
universities, mostly from Europe.

Discussion of preference language. Interest in having a preference
language working group develop a language completely distinct from
APPEL -- basically a profile for XPATH or XQUERY. Some questions
about how to capture "behavior" concept and how to integrate with
backend.

Discussion of consent mechanism. Need to have better support for
nailing down consent

Discussion of cookies and CP. Jeremy said MS is doing performance
testing right now using browser with XML parser and hopes to have some
data to report soon if he gets permission to make this info public.

Limitation that P3P makes statements about URIs and not other
resources. P3P is not designed as access control mechanism. It makes
sense from a business-perspective to have better privacy mechanisms in
back-end systems. High level discussion about whether standardization
of the backend makes sense. More discussion needed. Some of this
discussion may occur at workshop in Australia in September.

HP Brussels showed a new application of a trusted platform that allows
users to recall data in case of policy violation. They said this has
more functionality than DRM.

Giles contacted the minute-taker after the conf and reminded that
we forgot to mention that access should be tied to the statement
instead of the whole policy. This is also a consideration for the
consent/choices TF.


3/ UA guidelines should be included as section 6
no objections

4/ Consent Choices Draft

We still need feedback from implementers needed whether they will implement it.
Giles said, he already used similar techniques and would implement. Then the question
turned to the IBM Policy Editor. Matthias said that the situation is somewhat  unclear
at the moment, kind of pending. Martin does not put too much effort in it anymore.
Lorrie confirmed that there is definitely interest in mainting the editor (IBM or not)

Matthias asked whether Microsoft will extend support beyond cookies in IE7? Lorrie only
got some vague response. Brooks reported of talks with different entities inside Microsoft
it was agreed that this is something useful.

ACTION; Matthias call Jeremy Epling to ask if they would implement consent-choices

Matthias mentioned that he is absent in July

5. Discuss bugzilla 170
Lorrie included a new wording of the consequence-field definition,
but hadn't received feedback so far.
Joseph said, that he is unhappy about the change of meaning as we keep the same
element-name.  We should note that in the Draft. We compared the definition and
found that the old definition was more narrow, but that it is not a complete change.
Lorrie confirmed, that she will add some words about status and history to the Draft.

ACTION: Lorrie draft a sentence or two to explain the evolution

6. Initial discussion of Ari's identified/identifiable/link
Ari not on the call
everybody should sent feedback to Ari. Rigo mentioned that the initial understanding and
discussion was based on the definition of the EU-Directive which was seen as too wide.
Lorrie asked for simplicity and explained that the  purpose of this document is to explain
in an easy way for people to figure out which element to use in what context as this seems
to be complicated.

7. Set date for next call (July 9?)
Next call will be on July 9 2003

Best,

Rigo

Received on Thursday, 26 June 2003 10:30:53 UTC