W3C home > Mailing lists > Public > public-p3p-spec@w3.org > March 2004

MINUTES: 24 March 2004 P3P spec call

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Wed, 24 Mar 2004 14:45:47 -0500
Message-Id: <D8D25462-7DCB-11D8-88CE-000A95DA3F5A@cs.cmu.edu>
To: 'public-p3p-spec' <public-p3p-spec@w3.org>

P3P Call

Minutes 3/24/04

11:00 AM Eastern



Lorrie Cranor (CMU)- Chair

Brooks Dobbs - DoubleClick (scribe)

Giles Hogben - JRC

  Jeff  Edelen - American Express

Jack Humphrey - Coremetrics

Dave Stampley -  Reynolds and Reynolds

Rigo Wenning - W3C


Agenda Item 1 - revised agents domain draft


Jack - has anyone had a chance to read it over?

Brooks - has not

Lorrie - let's skip over until people have chance to read over it


Agenda Item 2 (skip)


Agenda Item 3 - Grouping Mechanism


Lorrie: have people read this

Brooks: yes - I liked it

Lorrie: says that wording should be hint but wants to make sure it is 
understood that you can't lie

Lorrie: any comments?  Would you all be inclined to approve it then?

Giles: hasn't read yet

Jack: are there certain tokens that can't be grouped

Brooks and Lorrie: yes it is grouped by same rules as <statement>

Dave: suggests a language changes from "must honor" to "must make CP 
statements in good faith"

  Lorrie: says okay

Lorrie: any objections?

Rigo: please add parenthetically "bona fide" to "good faith"

Rigo: concerns about attributes. P3P 1.1 CP format expresses 1.0

Lorrie: what isn't supported is an optional extension and this is not a 
tragic omission

Jack: which extension are we talking about?

Rigo: the statement already has a grouping extension to allow display 
of opt in and opt out statements from Matthias

Lorrie: if we needed to we could add another layer of grouping to 
handle this

Lorrie: do we need to support this - would there be a case when you 
wanted to accept or reject a cookie based upon if the entire group was 
opt in or opt out.

Rigo: wants to change camps because he doesn't want them to be "too 
smart" and then there would be less pressure to do away with them

Giles: does this mean that you need to have compact policy parser?

Lorrie: is there anyone who wants to argue to add the 1.1 statement 
grouping into CPs (not the "grouping mechanism" for CPs)?

Giles: do we agree that we want CPs dumb?

Giles: okay with CP grouping mechanism

Lorrie: can we accept this today or do we need time to think?

Giles: With regards to displaying policies to user change language to 
SHOULD use full policy for source of information and specifically not 
the CP

Giles: pushes for MUST rather than should

Lorrie: likes Giles argument

Brooks: Wants the UA to display the set of information actually used to 
make a decision

Lorrie: suggest language change that reflects that - user agents that 
provide information to user that make cookie handling decisions must 
provide information based on the CP or full policy actually used to 
make the decision

Rigo: thinks that this is ambiguous

Rigo: thinks that Brooks wants a debugger

SYNOPSIS: Brooks pushing for UA to display the ACTUAL criteria actually 
used to make decision vs. the full policy.  Rigo thinks retranslation 
of CP provides a bad meaning to the end user.  Courts will want to use 
this bad translation.

Lorrie:  will send out a revision that essentially says that if a UA 
does use a CP to make a decision it MUST have a mechanism for 
displaying that CP... UAs that provide general information MUST use the 
full policy

  Lorrie: will circulate anther draft


Last Agenda Item -

  Lorrie: Would April 9th be a reasonable date for our next working draft

Rigo: what would be added?

Lorrie: known-hosts, grouping and some edits

Lorrie: can this be our last call draft


Lorrie: let's get this as close as possible.  Let's make us have a 
mindset that this version internally that all the issues are 95% 

Lorrie: very short issues that remain

Rigo: Lorrie please send the list the issues that you think remain

Lorrie: what is left in bug tracker?

Rigo: could you please just send your list?

Lorrie: I will send it


Lorrie: next meeting - same time next week




Brooks Dobbs

Director of Privacy Technology

DoubleClick, Inc.


email: bdobbs@doubleclick.net

Received on Wednesday, 24 March 2004 16:36:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:02:18 UTC