On Jan 20, 2012, at 4:52 PM, Jonathan Robert Mayer wrote:
> I think it would be wise to start explicitly noting points of consensus in the minutes so our progress isn't hampered by differing recollections.
+1, and I'll try to help with that in Brussels and as we go forward.
> At any rate, here's what I remember: there was a call for any disagreement, I responded, we worked through my concern, and then we set an ACTION for drafting text. There may have even been a smattering of applause at the accomplishment. Sure seemed like consensus at the time.
That matches my recollection; not that there was unanimity, but that we found a rare agreement and compromise between Shane and Jonathan (and echoing points from JC, Aleecia and others) that outsourcing must use both legal (e.g. through contractual terms) and technical (e.g. through same-origin policy separation) means to qualify for this exception.
That discussion didn't nail down specific language on the legal/contract side; I believe the email Jonathan is referring to in those minutes is this one: http://lists.w3.org/Archives/Public/public-tracking/2011Oct/0000.html where the relevant conditions are "legally enforceable by first-party customer, individual users, and regulators". (And in any case perhaps David means something different by "baking legal precautions into the standard".)
Thanks,
Nick