W3C home > Mailing lists > Public > public-p3p-spec@w3.org > May 2003

[Agent/Domain] minutes from initial conference call 4/25/03

From: Humphrey, Jack <JHumphrey@coremetrics.com>
Date: Wed, 7 May 2003 17:01:17 -0500
Message-ID: <85063BBE668FD411944400D0B744267A0251842B@ausmail.core.coremetrics.com>
To: "'public-p3p-spec@w3.org'" <public-p3p-spec@w3.org>

Sorry for the delay in getting these out. Thanks to Brooks for taking
minutes.
---

April 25, 2003 Minutes
Agent/Domain Relationship Task force

Start 9:05 EST
Attendees:
Jack Humphrey, Coremetrics (Chair)
Brooks Dobbs, DoubleClick
Marcel Meth, Fleet Boston Financial
Dan Schutzer, Citi Group
Brandy Moore, AOL
Matthias Schunter, IBM


Agenda is set:
- Stated Purpose coming out of Nov. workshop
- Other ideas
- What are milestones / tasks (want to be complete by June)

2 Core issues from Brian Zwit's write up following the November meetings 
1) allow a mechanism for a site to declare another site as 1st party
2) review compact policies, their efficiencies and the need for them in
general (as there is another task force here, we may need to punt this one)

Other potential ideas proposed by Jack
1) being able to declare that a single policy applies to multiple sites and
services
2) to allow in a privacy policy the ability to denote that a site A is an
agent of site B and that they do not have a "true" 3rd party relationship
3) ability to defer purpose to another entity
4) recommendations and requirements 

Brooks: brings up that point 3) above almost invalidates P3P.
- general consensus that more work needs to be done in understanding and
describing entity and OURS

Jack: raises the liability issues that if a client does something with data
not declared.

Jack: brings up that the "OURS" recipient is ambiguous

Jack: brings up that it may be valuable to tell a UA that asset is really a
1st party

Jack: suggests the possibility of changing the PRF mechanism to potentially
cover multiple hosts within a domain

Brooks: raises the issue that CPs already create a problem by potentially
applying a policy across entities

Jack: state that pre-fetching (e.g. evaluating policy at cookie-send time)
and user agent behavior plays large into resolving a number of these issues.


(There seems to be general consensus that a good deal of work that may come
out of this group is directly tied to work coming out of the UA group)

Matthias: suggests that some of these issues would be easier to follow
through written material and suggest more be distributed.

Matthias: wants to know how a second site could be considered within the
SAME ours as another site.

Brooks: suggests the possibility of a second form of the ENTITY element or
an attribute within ENTITY that points to an "entity registry" 

Marcel: brings up that he would like to see W3C declare expected behavior
for UAs.  Feels that his is key to adoption.  There needs to be clarity on
how a policy will be represented to an end user.

Brooks: suggests broader participation within UA task force.

Action Items:  Jack is going to write up something on enhanced entity
declarations and the ability to refer to other entities, go over it with
Brooks, then send it out.

Brandy - wants this be sure to also handle CP.

Mathias - brings up how Policies can be translated to Layered notice -
mentioned that it should be brought up in user agent.  Again referred to UA
task force.
Received on Wednesday, 7 May 2003 18:37:27 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:24 EST