PING - informal chairs' summary for 10 October 2013

PING informal chairs' summary for 10 October 2013

Special thanks to Nick Doty, our tireless scribe.

A smaller group than usual on this call, owing to other commitments. 

1. Discussion of the privacy review of the draft Web Cryptography API [1] and the draft WebCrypto Key Discovery [2]

In the previous teleconference, guests from the Web Crypto WG discussed their privacy considerations and we sought comments on their draft. Robin Wilton kindly provided a review. [3] Further comments were solicited from PING via the mailing list, to be provided by 4 October. Robin's review highlighted some minor points to address but on the whole, was quite positive regarding the privacy considerations of the two documents. It was noted that their was a pre-provisional split of the two APIs because implementers said they were not interested in what WebCrypto Key Discovery seeks to achieve. Discussion on the call focused on implementation issues (e.g. whether most User Agents would want to implement it given privacy concerns), and how to address this in the W3C review process. It as noted that, traditionally in the W3C process, implementation issues are not necessarily a "blocker" for specification progress, but also that further review could be provided if implementation problems could not be resolved as the specification matured, and such concerns could be flagged for implementers. Christine will share this draft review with Virginie Galindo of the Web Crypto WG.

2. Update re privacy guidance documents (Privacy Considerations; Fingerprinting; Process)

The primary author of the draft Privacy Considerations documents was not available for the call, so there was no formal update. There was a question, however, about what to do with these documents at this stage (in terms of publication). Per the charter, PING can create Group Notes, and so this is likely to be the path taken for such documents when they mature. For now, Editors' Drafts will be published, while the group internally decides what level of review is appropriate before publishing finalized Group Notes.

3. Update re getUserMedia privacy review

The lead for the getUserMedia privacy review was not present on call; no update provided.

4. Update re EME privacy review

Wendy Seltzer and Joe Hall planning to provide a privacy review of this document.

5. Additional item (AOB): standards and surveillance concerns

A new item was raised by Nick Doty about concerns that have been raised about the actual or potential compromise of security standards (e.g. as with NIST Special Publication 800-90A), which would be of likely relevance to the W3C and PING. A lengthy discussion was conducted as to how PING might get involved in efforts to increase transparency and robustness of Web standards development processes, particularly as it relates to privacy. Wendy Seltzer provided a link to the OpenStand principle [4]. It was also proposed that a discussion might take place at TPAC, as part of the unconference, and also at the IETF, where there could be some coordination between the IETF and the W3C.

6. Charter

As mentioned on the call, Nick sends his apologies about not addressing the charter expiration date (now passed!) earlier. Based on our conversation, Nick will suggest a one-year extension of the current charter to W3C management, to give the group time to continue with privacy reviews and continue progress on the draft documents. Next year we may want to see how we're doing with those goals and consider whether any changes would be productive for the group.

Next call:  5 December 2013 at the usual time.

[1] https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
[2] http://www.w3.org/TR/webcrypto-key-discovery/
[3] http://lists.w3.org/Archives/Public/public-privacy/2013JulSep/0079.html
[4] http://open-stand.org/statement-from-openstand-on-the-strengths-of-the-openstand-principles/

Link to the minutes: http://http://www.w3.org/2013/10/10-privacy-minutes

Christine and Tara

Received on Thursday, 28 November 2013 16:18:00 UTC