- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 4 Feb 2004 20:04:17 +0100
- To: public-p3p-spec@w3.org
Present: Lorrie Cranor Giles Hogben Brooks Dobbs Jack Humphrey Patrick Hung Dave Stampley Rigo Wenning Jeff Edelen 1. Discussion and approval of Article 10 taskforce proposal (Giles please resend to mailing list or send the URL) b/ Text on purpose specification should go into user agent guidelines. We discussed changes of the ua-guidelines. in the draft: http://www.w3.org/P3P/2004/01-art10.html ACTION Giles: Circulate the changes of the jurisdiction ua-guidelines b/ Discussions on the Jurisdiction - Element Discussed the fact of having machine readable identifiers of jurisdictions and decided that this is overkill. We decided to abandon machine readable attributes and instead decided to have a service attribute with URI and long+short descriptions Giles: ACTION circulate a new proposal containing the new Schema c/ Cookies change wording from EU specific to "Best Practice" also change wording from actual only on set-cookie to say at minimum require analysis at set-cookie, but best practice would be also analysis on replay. 2.3.2.7 User agents MUST interpret COOKIE-INCLUDE and COOKIE-EXCLUDE elements discussed this paragraph. We need to bits of text: one for 2.3.2.7 and one for ua-guidelines. Lorrie is not convinced that we need something for 2.3.2.7. because, we don't give some guidance what ua should do as a result. Giles ACTION: new wording for 2.3.2.7 and a paragraph talking about best practice for the ua section and send to the mailing-list c/ Security In order to assure users of good security practices in handling data captured through their site, policy writers may also use this attribute to specify seals (such as CPA WebTrust and Shop Smart) validating their security practices. this sentence was abandoned. should be added under independent organization in 3.2.6 Disputes the following suggestion: Current suggestion: policy writers may also use this attribute to specify any seals related to the entities information practices (including privacy and security seals) 2. Primary purpose specification - has anyone been working on this? We need to figure out how to move forward on getting a complete draft by Feb 13 or drop this. Discussion whether we want to do this at all. Lorrie talked to Calvin Powers and they tried to find some already existing lists. Jeff reported that he checked their human readable policies and the current section seems to be sufficient Lorrie remarked that current purpose could be also explained by the consequence field. Rigo explained that this relates to the prob with financial we had two years ago. ACTION: Dave and Giles: Come up with a list of primary purposes. 3. Agent and domain relationships - report from Jack Jack reported and summarized issues: a/ issue about cookies and replaying cookies does the cookie playback note conflict with 2.3.2.7 b/ issue whether we want to have changes in the header ACTION: Jack: send you issues to the list 4. Open bugzilla items Bug 171: People have already done this with the IBM Editor Discussion whether we can use IBMs namespace. Lorrie wants to use the mechanism in place. Action: Rigo: Proceed the suggested changes from Matthias and add a footnote about the old mechanism of IBM Editor. ======================================================== clarify what we mean by data linked to a cookie http://www.w3.org/Bugs/Public/show_bug.cgi?id=172 Lorrie presented issue: Initially we imagined only direct linking Giles also included indirect linking. That's where the issue is. We started to discuss, what reasonably could happen with a cookie linking lots of data. Hypothesis was about law enforcement. Do we want to cover their abilities. we need primary key to apply but also mention second key in database =========Not dealt anymore, lack of time =================== strengthen 2.3.2.7 user agent requirements http://www.w3.org/Bugs/Public/show_bug.cgi?id=174 Giles has submitted several - are these issues the whole working group needs to address? 5. How to proceed on compact policies? 6. Set time/date of next call - February 11? Best Rigo (scribe)
Received on Wednesday, 4 February 2004 14:07:46 UTC