Re: cross-site tracking and what it means

On 1/20/12 8:56 PM, Nicholas Doty wrote:
> On Jan 20, 2012, at 4:52 PM, Jonathan Robert Mayer wrote:
>> I think it would be wise to start explicitly noting points of 
>> consensus in the minutes so our progress isn't hampered by differing 
>> recollections.
> +1, and I'll try to help with that in Brussels and as we go forward.
+1, as well. But also I think we need to make a clear distinction 
between final consensus on an issue and consensus for drafting or 
including working language. I think it's often been the case that we 
reach an agreement to either include draft language in the doc for 
further discussion later, or to kick an issue over to someone to draft 
proposed language for the doc.
>> At any rate, here's what I remember: there was a call for any 
>> disagreement, I responded, we worked through my concern, and then we 
>> set an ACTION for drafting text. There may have even been a 
>> smattering of applause at the accomplishment. Sure seemed like 
>> consensus at the time.
> That matches my recollection; not that there was unanimity, but that 
> we found a rare agreement and compromise between Shane and Jonathan 
> (and echoing points from JC, Aleecia and others) that outsourcing must 
> use both legal (e.g. through contractual terms) and technical (e.g. 
> through same-origin policy separation) means to qualify for this 
> exception.
> That discussion didn't nail down specific language on the 
> legal/contract side; I believe the email Jonathan is referring to in 
> those minutes is this one: 
> where 
> the relevant conditions are "legally enforceable by first-party 
> customer, individual users, and regulators". (And in any case perhaps 
> David means something different by "baking legal precautions into the 
> standard".)
This does not match my recollection. At least I'm sure I've been 
consistent about not supporting the concept of this kind of legal 
language in the standard.

Received on Monday, 23 January 2012 16:15:50 UTC