W3C home > Mailing lists > Public > public-p3p-spec@w3.org > February 2004

[Minutes] Feb 4 P3P spec call 10am-noon

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 4 Feb 2004 20:04:17 +0100
To: public-p3p-spec@w3.org
Message-ID: <20040204190417.GA2601@accueil.w3.org>


Present:

Lorrie Cranor
Giles Hogben
Brooks Dobbs
Jack Humphrey
Patrick Hung
Dave Stampley
Rigo Wenning
Jeff Edelen

1. Discussion and approval of Article 10 taskforce proposal
(Giles please resend to mailing list or send the URL)

b/ Text on purpose specification should go into user agent guidelines.

We discussed changes of the ua-guidelines. in the draft:
http://www.w3.org/P3P/2004/01-art10.html

ACTION Giles: Circulate the changes of the jurisdiction ua-guidelines

b/ Discussions on the Jurisdiction - Element

Discussed the fact of having machine readable identifiers of jurisdictions
and decided that this is overkill. We decided to abandon machine readable attributes
and instead decided to have a service attribute with URI and long+short descriptions

Giles: ACTION circulate a new proposal containing the new Schema

c/ Cookies

change wording from EU specific to "Best Practice"
also change wording from actual only on set-cookie to say
at minimum require analysis at set-cookie, but best practice would be
also analysis on replay.

2.3.2.7
User agents MUST interpret COOKIE-INCLUDE and COOKIE-EXCLUDE elements
discussed this paragraph.

We need to bits of text: one for 2.3.2.7 and one for ua-guidelines. Lorrie
is not convinced that we need something for 2.3.2.7. because, we don't
give some guidance what ua should do as a result.

Giles ACTION: new wording for 2.3.2.7 and a paragraph talking about
best practice for the ua section and send to the mailing-list

c/ Security

In order to assure users of good security practices in handling
data captured through their site, policy writers may also use this attribute
to specify seals (such as CPA WebTrust and Shop Smart) validating their
security practices.

this sentence was abandoned.

should be added under independent organization in 3.2.6 Disputes
the following suggestion:

Current suggestion:
policy writers may also use this attribute to specify any seals related to
the entities information practices (including privacy and security seals)


2. Primary purpose specification - has anyone been working on this?
   We need to figure out how to move forward on getting a complete
   draft by Feb 13 or drop this.

Discussion whether we want to do this at all. Lorrie talked to Calvin Powers and
they tried to find some already existing lists. Jeff reported that he checked
their human readable policies and the current section seems to be sufficient

Lorrie remarked that current purpose could be also explained by the
consequence field.

Rigo explained that this relates to the prob with financial we had two years ago.

ACTION: Dave and Giles: Come up with a list of primary purposes.


3. Agent and domain relationships - report from Jack

Jack reported and summarized issues:

a/ issue about cookies and replaying cookies
does the cookie playback note conflict with 2.3.2.7

b/ issue whether we want to have changes in the header

ACTION: Jack: send you issues to the list


4. Open bugzilla items

Bug 171: People have already done this with the IBM Editor
Discussion whether we can use IBMs namespace. Lorrie wants to use
the mechanism in place.

Action: Rigo: Proceed the suggested changes from Matthias and add a footnote about
the old mechanism of IBM Editor.

========================================================

clarify what we mean by data linked to a cookie
http://www.w3.org/Bugs/Public/show_bug.cgi?id=172

Lorrie presented issue: Initially we imagined only direct linking
Giles also included indirect linking. That's where the issue is.

We started to discuss, what reasonably could happen with a cookie linking
lots of data. Hypothesis was about law enforcement. Do we want to cover their
abilities.

we need primary key to apply but also mention second key in database



=========Not dealt anymore, lack of time ===================
strengthen 2.3.2.7 user agent requirements
http://www.w3.org/Bugs/Public/show_bug.cgi?id=174

Giles has submitted several - are these issues the whole working
group needs to address?

5. How to proceed on compact policies?

6. Set time/date of next call - February 11?

Best 

Rigo (scribe)
Received on Wednesday, 4 February 2004 14:07:46 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:29 EST