PING - informal chairs’ summary – 31 July 2014

PING - informal chairs’ summary – 31 July 2014

Thanks to Wendy Seltzer for acting as scribe.

Regrets: Frank Dawson, Frederick Hirsch, Hannes Tschofenig

Next meeting – 28 August 2014 at the usual time

* PING meetings at IETF90
There was a PING face-to-face meeting at IETF 90 in Toronto, Canada on 23 July 2014, which was mainly to make solid progress on the Privacy Considerations for Web Specifications document. A summary of this meeting can be found online [1]. Some possible next steps were identified for finishing this document by the end of the year, and a number of action items were created. Nick Doty offered to compile a list of W3C specifications that have “Privacy Considerations” sections; Joe Hall plans to provide a basic privacy definition by briefly describing privacy from the perspective of contextual integrity; Hannes will develop some concrete examples for spec authors, on such topics as canvas fingerprinting and geolocation requests, following the approach taken by the  Device API Privacy Best Practices document [2]; Christine Runnegar will coordinate with Nick to work out how we can work on this item further at TPAC; and Christine and Joe will finish reading the document closely and send comments to the Hannes and the list. Thanks very much to the attendees who contributed to this effort.

Also at IETF 90 was the IAB Privacy and Security Program meeting, which Christine, Joe, and Wendy attended. This is a new privacy and security program, led by Ted Hardie [3]. It has three themes--trust, confidentiality, and internet resilience—and they plan to develop threat models, mitigations, and other documents in each of these themes. Richard Barnes's perpass-threat document [4], merged with Brian Trammel’s earlier document [5], will be used to develop the confidentiality area threat model document. Joe and Wendy will be working on threat models in this program: Joe in confidentiality, and Wendy in trust.

Finally, Joe had a discussion about privacy considerations with some of the WebRTC participants during IETF 90, such as the permissions model and fingerprinting; he will provide a written summary to the PING mailing list shortly.

* PING @ TPAC 
Our main goal for having a PING meeting at the upcoming TPAC meeting is to work out how to socialize privacy considerations within the W3C community. We are still working out the logistics for the meetings, but are considering perhaps a breakfast meeting on Wednesday or a chairs’ meeting. We’d also like to remind you to register for TPAC [6].

* Updates on current work/action items
Many thanks to Nick for adding comments to the Last Call Working Draft of the Beacon API document, which can be found on the public-web-perf mailing list [7]. Joe has begun to review the IndieUI User Context Editor’s Draft [8], and will coordinate with Katie Haritos-Shea, who is also a participant in the IndieUI WG.

* Web privacy news/issues
Christine reports that the Geolocation WG is looking at doing some work on geofencing, and that the Web Application Security WG have released documents on Mixed Content—a public working draft [9] and an editors’ draft [10]. It is a good time to add a contribution towards privacy considerations in this draft, along with their security discussion. Also, the Evaluation and Repair Tools WG has released the First Public Working Draft of a Developers' Guide to Features of Web Accessibility Evaluation Tools [11], which should be reviewed. In addition, you may recall that PING reviewed the getUserMedia API—this has evolved into the Media Capture and Streams API. The Media Capture Task Force has released several new documents that are in need of privacy review (e.g., the MediaStream Recording draft [12]).We are actively soliciting volunteers for this effort; Nick suggested that we should track the documents under review, and their status, in the wiki. 

[1] http://lists.w3.org/Archives/Public/public-privacy/2014JulSep/0013.html
[2] http://www.w3.org/TR/2012/NOTE-app-privacy-bp-20120703/
[3] http://www.iab.org/activities/programs/privacy-and-security-program/
[4] http://tools.ietf.org/html/draft-barnes-pervasive-problem-01
[5] http://tools.ietf.org/html/draft-trammell-perpass-ppa-01
[6] https://www.w3.org/2002/09/wbs/35125/TPAC2014/ 
[7] http://lists.w3.org/Archives/Public/public-web-perf/2014Jul/0109.html
[8] https://dvcs.w3.org/hg/IndieUI/raw-file/default/src/indie-ui-context.html
[9] http://www.w3.org/TR/mixed-content/
[10] https://w3c.github.io/webappsec/specs/mixedcontent/
[11] http://www.w3.org/TR/WAET/
[12] http://dev.w3.org/2011/webrtc/editor/MediaRecorder.html

Received on Wednesday, 13 August 2014 03:12:28 UTC