MINUTES: 6 August 2003 P3P spec call from Patrick.Hung@csiro.au on 2003-08-06 (public-p3p-spec@w3.org from August 2003)

From: <Patrick.Hung@csiro.au>
Date: Thu, 7 Aug 2003 02:38:11 +1000
To: public-p3p-spec@w3.org
Message-ID: <754324CDE8E4EE4498D8E0357D91368501601532@saab-bt.act.cmis.CSIRO.AU>
Minutes of the 6 August 2003 P3P spec wg call

Present
Lorrie Cranor, AT&T, Chair
Ari Schwartz, CDT
Patrick Hung, CSIRO
Giles Hogben, JRC
Jeremy Epling, Microsoft


SUMMARY

1. Task force reports
    - P3P beyond HTTP - Patrick Hung
      -> The working draft has been revised a bit and tried to get comments
from the Liberty people.
    
    - User agent behavior - Lorrie Cranor
      -> Hope to get comments about user agent translations by next
Wednesday
      -> To get Rigo involved in this process
      -> Expect to have a proposal by next week 
    
    - Article 10 vocabulary issues - Giles Hogben
      -> Nothing new
    
     - Converting P3P data schema to XML schema - Giles Hogben
      -> Expect to get the first draft of specification in the coming weeks
      -> 2 human readable elements: long and short descritpion
      -> Giles mentioned that the attribute of long description (CDATA) is
not using at all and wonder 
         whether we should cut it
      -> The major difference between the attributes of long and short
(STRING) description is the limitation 
         in length
      -> Intend to keep the functionalities as many as possible and just
easy to ignore
      -> Retain the attribute of short description to be STRING, and open to
the attribute of long description 
         that can include markup
    - Signed P3P policies  - Giles Hogben
      -> Not to enforce security in the recent version of P3P because of no
standard
      -> The European people are still keeping their focus on this issue

2. Bugzilla 283 Change definition of recipient in 3.3.5 for
    consistancy
http://www.w3.org/Bugs/Public/show_bug.cgi?id=283

-> Minor change of the definition of receipient
-> The revised definition of recipient is "the legal entity, or domain, 
   where data may be be distributed"

3. Discuss Jeremy's grouping draft and related proposals - Bugzilla 169
http://www.w3.org/Bugs/Public/show_bug.cgi?id=169

Quote from Lorrie's e-mail:

"We discussed  this on today's call, minutes should be forthcoming. My 
quick summary is:

- combining these two group concepts probably makes sense
- we probably want an extension that looks something like the following 
that can be inserted into all statement's that belong to a group:

<STATEMENT>
<EXTENSION>
   <STATEMENT-GROUP id = "fflyer" />
</EXTENSION>
. . .
</STATEMENT>

Then somewhere else in the policy
<EXTENSION
   <STATEMENT-GROUP-DEF id="fflyer"
   short-description="Frequent Flyer Club"
   consent = "opt-in" />
</EXTENSION>

Some groups of statements might not be consent groups, in which case 
they might use an attribute like consent = "no-group" (which might be 
the default).

There are also some concerns about consent group that need to be worked 
out. In Mathias' proposal it says that all PURPOSE and RECIPIENT 
elements in a group have to have the same required attribute. But ours 
and current are special cases that don't have this attribute. This 
needs to be accounted for (the example in Mathias' draft is actually 
incorrect because of this). Also we need to be clear on how to handle 
errors. What if someone uses consent group but then uses different 
required attributes (which is incorrect)? Does that invalidate the 
policy? Perhaps if that happens the user agent should treat it as if it 
is consent = "no-group" ?

In any case, Jeremy is going to put together a more specific proposal 
on this grouping. Mathias, it would be great if you could work with him 
on the consent aspect."

Other issues:

-> Tie the consent to a group of attributes in version 2.0? 
-> Need a human readable field in consent?
-> Giles likes only using ID as a simple reference and Lorrie suggests to
use ID + small description
-> Pay attention to the semantic as it may cause some impossiblities of
applying opt-in and opt-out
-> Concern about using CDATA for ID because it may contain HTML codes. It is
permitted but no 
   guaranatee how the uer agent will behave.
-> If you have any particular markup tag that suits some applicatons, you
can always submit a proposal
   and will be considered for implementing in the user agent.
-> Jeremy will put all these ideas/issues into Section 3.3.

4. Discussion of Ari's revised identified/identifiable/link
    clarification draft.
http://www.w3.org/Bugs/Public/show_bug.cgi?id=167

-> Ari will work with Rigo on it when Rigo is back.

5. Discuss performance issues (raised by Jeremy)

-> Expect to do it soon. 

6. Set date for next call (Aug 13?)

-> Plan to get all working drafts by the third week of Sept. 
-> While Lorrie will be not available for a couple weeks in Sep, Rigo will
run the meeting call. 
-> Get all working drafts to become W3C recommendations in 2004 one by one.
-> Next meeting: Aug 13.
Received on Wednesday, 6 August 2003 12:38:18 UTC