PING – informal chairs summary – 28 April 2016

PING – informal chairs summary –  28 April 2016

Thank you to Doug Schepers, Ivan Herman, Rob Sanderson and Tim Cole (Web
Annotation WG), as well as Ian Jacobs (Web Payments WG), for joining our
call.

Thanks to Keiji Takeda for acting as scribe.

Our next call will be on 26 May 2016 at the usual time.

* Web annotation model and protocol privacy considerations
The Web Annotation WG has three specifications that they hope to move to CR
within the very near future. These are the Web Annotation Data Model [1],
the Web Annotation Vocabulary [2], and the Web Annotation Protocol [3]. By
way of background, an annotation is basically a set of connected resources,
typically a body (e.g., comment or tag) and a target (what the body is
“about”). There may be associated metadata, such as who created the
annotation. The WG has been coming up with ways to describe particular
parts of an item (e.g., a specific element to comment on, not whole
website), taking into account such considerations as dynamic web content.

Primarily, the privacy considerations raised were those around identity,
for example: reputation systems (to reduce spam), or how to get value from
an anonymous annotation system. Key issues include support for private
annotations, and the risks of online harassment and user tracking across
sites. PING discussion began with asking about expected applications for
annotations, in order to anticipate what types of data might be in the
system; many of the motivations (such as reviewing) were identified in the
specification. Note that there is a lot of scope, and one of the difficult
questions the WG is working on is: what is the scope of annotation, and
what do we expect it to be used for? There is also the issue of private
annotations: a person might wish to have private bookmarks, etc., or maybe
a specific group, such as a class. People might also wish to publish
annotations outside the context of the web content (e.g., posting snippet
and comment on Twitter). But if annotations are displayed in the original
website, it could be like having a comment section that the website owner
cannot control.

The WG welcomes comments; there are meetings in May (f2f and I Annotate
conference), and the WG would like to get into CR at that stage so they can
complete that process before the charter ends at TPAC.

* Web Payments specs privacy considerations
The Web Payments WG presented a slide deck [4], with a brief overview of
the first Public Working Drafts and the privacy considerations they had
identified for initial discussion. In brief, the Web Payments WG is looking
at how to improve web-based payments with the user agent acting as a
mediator in the transaction. For example, users could choose from a variety
of payment methods supported by merchants; ideally, there would be low cost
to support a range of payment methods, with a better user experience. From
a privacy perspective, there could be some gains: for example, if you could
keep payment credentials client-side. However, consider the case where a
merchant would want to know if the user has installed a certain app -- such
as the merchant’s own payment app (which could perhaps offer a discount);
how might this information be communicated, if we don’t want the merchant
to be able to query the user about which apps they have installed? There is
also a desire to avoid leaking credentials; the WG believes that the API
will help make it evident when users are sending credentials. Another issue
that was raised was fraud -- the WG would like to find a way to enable
fraud analytics but in a privacy-friendly fashion. They welcome continued
interaction with PING in working through these issues.

The WG is scheduling a f2f in July and would appreciate comments in advance
of this meeting.

Christine and Tara

[1] https://www.w3.org/TR/annotation-model/
[2] https://www.w3.org/TR/annotation-vocab/
[3] https://www.w3.org/TR/annotation-protocol/
[4] https://www.w3.org/2016/Talks/ij_ping/