action-409: gathering history on "graduated response" from Nicholas Doty on 2013-06-05 (public-tracking@w3.org from June 2013)

From: Nicholas Doty <npdoty@w3.org>
Date: Wed, 5 Jun 2013 00:56:34 -0700
To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <6544C664-C7C4-47D2-8C6F-AD4A7EB0E190@w3.org>

(This action had been completed, but was idling for review without going out to public-tracking.) I volunteered to gather the history on our use of "graduated response" and the past actions to provide definitions and examples.

I believe we first discussed "graduated response" and related concepts in depth at the Seattle f2f, with regard to security and debugging. I suggested the use of "graduated response" in my "Middle Way" text, for the security and debugging permitted uses. Based on feedback on that and during discussions in our October Amsterdam meeting, we opened a few different actions to develop that concept in normative/non-normative text or create alternatives.

ACTION-260, Nick, expanding on graduated response in debugging text: http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0300.html

ACTION-278, Tom, describing collecting additional data to debug intended functionality (without using "graduated response" term):
http://www.w3.org/2011/tracking-protection/track/actions/278

ACTION-279, Ian, a definition of graduated response, and non-normative examples for the security and debugging sections:
http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0506.html

ACTION-293, Jonathan, examples of fraud prevention that are graduated or triggered (without using "graduated response" term):
http://jonathanmayer.github.io/dnt-compromise/compromise-proposal.html#examples-1

In all these cases, graduated response is speaking to the minimization concept (already in the Compliance spec); and in Ian's text it also speaks explicitly to proportionality, which our friends in Europe have highlighted as important.

I believe Ian's definition is comprehensively and neutrally presented and we could add it to the spec text if we want to take advantage of this concept (either in the Minimization section, or in Security and Debugging in particular). We have been tending towards not using longer non-normative and example language in the permitted uses; I think most of the examples in the above 4 actions are largely compatible, but may not be necessary for a concise, readable document.

Thanks,
Nick

Received on Wednesday, 5 June 2013 07:56:36 UTC