Re: Identity providers as first parties from Alan Chapell on 2012-06-18 (public-tracking@w3.org from June 2012)

From: Alan Chapell <achapell@chapellassociates.com>
Date: Mon, 18 Jun 2012 12:17:05 -0400
To: Jonathan Mayer <jmayer@stanford.edu>, Jeffrey Chester <jeff@democraticmedia.org>
CC: Mike Zaneis <mike@iab.net>, Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel <tisrael@cippic.ca>, Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>, Kimon Zorbas <vp@iabeurope.eu>, "ifette@google.com" <ifette@google.com>, "JC Cannon (Microsoft)" <jccannon@microsoft.com>
Message-ID: <CC04CBFF.1C756%achapell@chapellassociates.com>
I have no issue with your personality. My issue is with your tactics.
Assuming you can cease utilizing tactics that seem unproductive at best,
then I think you will see fewer emails directed at you; criticizing those
tactics. 

This will be my last note on this matter  I'm hopeful and optimistic that
we can move forward productively from hereŠ.


Alan


From:  Jonathan Mayer <jmayer@stanford.edu>
Date:  Monday, June 18, 2012 12:08 PM
To:  Jeffrey Chester <jeff@democraticmedia.org>
Cc:  Alan Chapell <achapell@chapellassociates.com>, Mike Zaneis
<mike@iab.net>, Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel
<tisrael@cippic.ca>, Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org"
<public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>, Kimon Zorbas
<vp@iabeurope.eu>, "ifette@google.com" <ifette@google.com>, "JC Cannon
(Microsoft)" <jccannon@microsoft.com>
Subject:  Re: Identity providers as first parties

 
 This thread has devolved into a Fox News-esque referendum on my
personality. It's both a distraction and ineffectual‹those who have
collaborated with me over the past year know I'm a tireless, tough-but-fair
negotiator.

Enough. Back to substance.

Jonathan 
 
  

On Monday, June 18, 2012 at 5:33 AM, Jeffrey Chester wrote:
 
>  
> Jonathan has played an extraordinary productive role, with insights, urging
> compromise (when people like  me looked with dismay about the lack of progress
> in achieving real privacy safeguards so far), and leadership.  As I have
> explained to officials, we have not yet seen serious compromise from industry
> to ensure DNT is a spec that protects privacy.  Jonathan wants us to all do
> better, as do I.   We all know--or should--that what we are doing is being
> closely watched on both sides of the Atlantic by the press and policymakers.
> It would be a serious loss if we don't make progress in Seattle.
> 
> Jeff Chester
> Center for Digital Democracy
> Washington DC
> www.democraticmedia.org <http://www.democraticmedia.org>
> Jeff@democraticmedia.org
> 
> On Jun 18, 2012, at 5:19 AM, Alan Chapell <achapell@chapellassociates.com>
> wrote:
> 
>> Jonathan,
>> 
>> Taking you at your word that your goal is to attain consensus, I would humbly
>> suggest that the tactics you are using  particularly over the past several
>> weeks  seem at odds with that goal. I'm hopeful that your latest email is an
>> indication that we'll see more compromise and fewer juvenile barbs when we
>> arrive in Bellevue.
>> 
>> And for the record, as someone from industry  I strongly favor the proposal
>> proffered by Shane et al.
>> 
>> Cheers,
>> 
>> Alan Chapell
>> Chapell & Associates
>> 917 318 8440
>> 
>> 
>> From:  Jonathan Mayer <jmayer@stanford.edu>
>> Date:  Monday, June 18, 2012 2:06 AM
>> To:  Mike Zaneis <mike@iab.net>
>> Cc:  Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel <tisrael@cippic.ca>,
>> Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org"
>> <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>, Kimon Zorbas
>> <vp@iabeurope.eu>, "ifette@google.com" <ifette@google.com>, "JC Cannon
>> (Microsoft)" <jccannon@microsoft.com>
>> Subject:  Re: Identity providers as first parties
>> Resent-From:  <public-tracking@w3.org>
>> Resent-Date:  Mon, 18 Jun 2012 06:07:15 +0000
>> 
>>  
>> Shane and Mike,
>> 
>> As the Bellevue meeting approaches, this group's sole focus must be attaining
>> consensus on a moderate compromise.  I'm doing everything I can to facilitate
>> that goal.  I have neither the time nor patience to swap puerile barbs for
>> cheap political points.  There's far too much at stake.
>> 
>> Jonathan
>>    
>> 
>> On Sunday, June 17, 2012 at 6:58 PM, Mike Zaneis wrote:
>>> 
>>>  
>>> Jonathan,
>>> 
>>> Can you please elaborate on these very serious claims you have made in back
>>> to back posts?  First, you attack two of the most engaged, productive
>>> members of the working group (Shane and Roy who are both editors) and claim
>>> they do not speak for the online advertising industry, yet you did not point
>>> to any companies or public statements of support for your position. As
>>> someone who DOES speak for the industry, I know that Shane and Roy raise
>>> issues that THE industry shares. Please provide substantiation for your
>>> claims. 
>>> 
>>> As for the unfair competition claims, that is laughable. The only legal
>>> claim we should be discussing is one of liable for such ridiculous
>>> statements. 
>>> 
>>> Mike Zaneis 
>>> SVP & General Counsel, IAB
>>> (202) 253-1466
>>> 
>>> On Jun 17, 2012, at 5:52 PM, "Jonathan Mayer" <jmayer@stanford.edu> wrote:
>>> 
>>>> Shane, 
>>>> 
>>>> As I explained in my initial note:
>>>>> We have received valuable feedback from a number of participant
>>>>> viewpoints, including browser vendors, advertising companies, analytics
>>>>> services, social networks, policymakers, consumer groups, and researchers.
>>>>> Out of respect for the candid nature of those ongoing conversations, we
>>>>> leave it to stakeholders to volunteer their contributions to and views on
>>>>> this proposal.
>>>> I would add that more than one advertising company expressed concern about
>>>> possible retaliation if they broke away from the industry trade groups.
>>>> I'll leave it to regulators to decide if the industry's practices
>>>> constitute unfair competition.
>>>> 
>>>> Jonathan
>>>> 
>>>> 
>>>> On Sunday, June 17, 2012 at 1:51 PM, Shane Wiley wrote:
>>>>> 
>>>>> Jonathan,
>>>>> 
>>>>>  
>>>>> 
>>>>> Continue to disagree (on many levels).  Could you please name those in the
>>>>> online advertising industry that are supportive of the proposal you shared
>>>>> with the WG?
>>>>> 
>>>>>  
>>>>> 
>>>>> Thank you,
>>>>> 
>>>>> - Shane
>>>>> 
>>>>>  
>>>>> 
>>>>> From: Jonathan Mayer [ <mailto:jmayer@stanford.edu>
>>>>> mailto:jmayer@stanford.edu]
>>>>> Sent: Sunday, June 17, 2012 1:42 PM
>>>>> To: Shane Wiley
>>>>> Cc: Tamir Israel; Rigo Wenning;  <mailto:public-tracking@w3.org>
>>>>> public-tracking@w3.org;  <mailto:rob@blaeu.com> rob@blaeu.com; Kimon
>>>>> Zorbas;  <mailto:ifette@google.com> ifette@google.com; JC Cannon
>>>>> (Microsoft)
>>>>> Subject: Re: Identity providers as first parties
>>>>> 
>>>>>  
>>>>> 
>>>>> Shane, 
>>>>> 
>>>>>  
>>>>> 
>>>>> You and Roy have been vocal in your objections to the EFF/Mozilla/Stanford
>>>>> compromise proposal. I'm disappointed, though given your inflexibility
>>>>> throughout this process, entirely unsurprised.
>>>>> 
>>>>>  
>>>>> 
>>>>> That said, you do not speak for the online advertising industry. Many
>>>>> companies have been more willing to countenance constructive compromise.
>>>>> Your conclusion that advertising industry participants have "mostly
>>>>> rejected" the proposal is inaccurate.
>>>>> 
>>>>>  
>>>>> 
>>>>> Jonathan 
>>>>> 
>>>>> On Sunday, June 17, 2012 at 12:26 PM, Shane Wiley wrote:
>>>>>> 
>>>>>> Tamir,
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Jonathan's proposal does attempt to address this point but many in the
>>>>>> room feel this should be left to local law. Justin Brookman and I took a
>>>>>> pass at this language but it shifted to becoming overly prescriptive
>>>>>> (legislating via tech standard) so many in the WG asked for local law to
>>>>>> determine.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> I would suggest this conversation be extracted from Jonathan's proposal
>>>>>> to be handled separately as the rest of proposal has been mostly rejected
>>>>>> by those in the WG that are intended to implement DNT in the real-world
>>>>>> (on the 1st party/3rd party side).
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> More to come in Seattle...
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> - Shane
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> -----Original Message-----
>>>>>> 
>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca> mailto:tisrael@cippic.ca]
>>>>>> 
>>>>>> Sent: Sunday, June 17, 2012 12:19 PM
>>>>>> 
>>>>>> To: Shane Wiley
>>>>>> 
>>>>>> Cc: Rigo Wenning;  <mailto:public-tracking@w3.org>
>>>>>> public-tracking@w3.org;  <mailto:rob@blaeu.com> rob@blaeu.com; Kimon
>>>>>> Zorbas;  <mailto:ifette@google.com> ifette@google.com; JC Cannon
>>>>>> (Microsoft)
>>>>>> 
>>>>>> Subject: Re: Identity providers as first parties
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Shane -- I am not remotely attempting doing so.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> As far back as I can see, the spec was going to put conditions on the
>>>>>> 
>>>>>> means by which out of band consent can be sought.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> Jonathan et al's proposal is:
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> 1. Actual presentation: The choice mechanism MUST be actually presented
>>>>>> 
>>>>>> to the user. It MUST NOT be on a linked page, such as a terms of service
>>>>>> 
>>>>>> or privacy policy.
>>>>>> 
>>>>>> 2. Clear terms: The choice mechanism MUST use clear, non-confusing
>>>>>> 
>>>>>> terminology.
>>>>>> 
>>>>>> 3. Independent choice: The choice mechanism MUST be presented
>>>>>> 
>>>>>> independent of other choices. It MUST NOT be bundled with other user
>>>>>> 
>>>>>> preferences.
>>>>>> 
>>>>>> 4. No default permission: The choice mechanism MUST NOT have the user
>>>>>> 
>>>>>> permission preference selected by default.
>>>>>> 
>>>>>>  
>>>>>> 
>>>>>> On 6/17/2012 3:16 PM, Shane Wiley wrote:
>>>>>>> 
>>>>>>> Tamir,
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> That's up to local laws to determine. Please do not attempt to legislate
>>>>>>> via W3C tech standard.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> - Shane
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> 
>>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca>
>>>>>>> mailto:tisrael@cippic.ca]
>>>>>>> 
>>>>>>> Sent: Sunday, June 17, 2012 12:14 PM
>>>>>>> 
>>>>>>> To: Shane Wiley
>>>>>>> 
>>>>>>> Cc: Rigo Wenning;  <mailto:public-tracking@w3.org>
>>>>>>> public-tracking@w3.org;  <mailto:rob@blaeu.com> rob@blaeu.com; Kimon
>>>>>>> Zorbas;  <mailto:ifette@google.com> ifette@google.com; JC Cannon
>>>>>>> (Microsoft)
>>>>>>> 
>>>>>>> Subject: Re: Identity providers as first parties
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Shane -- Out of band consent *does* trump DNT-1. We are now trying to
>>>>>>> 
>>>>>>> define the parameters by which out of band consent can be sought.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Best,
>>>>>>> 
>>>>>>> Tamir
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> On 6/17/2012 3:11 PM, Shane Wiley wrote:
>>>>>>> 
>>>>>>> Tamir,
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Out-of-band consent trumps DNT. We've been repeating this mantra for
>>>>>>> over a year now - becoming repetitive.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> - Shane
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> 
>>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca>
>>>>>>> mailto:tisrael@cippic.ca]
>>>>>>> 
>>>>>>> Sent: Saturday, June 16, 2012 5:23 PM
>>>>>>> 
>>>>>>> To: Shane Wiley
>>>>>>> 
>>>>>>> Cc: Rigo Wenning;  <mailto:public-tracking@w3.org>
>>>>>>> public-tracking@w3.org;  <mailto:rob@blaeu.com> rob@blaeu.com; Kimon
>>>>>>> Zorbas;  <mailto:ifette@google.com> ifette@google.com; JC Cannon
>>>>>>> (Microsoft)
>>>>>>> 
>>>>>>> Subject: Re: Identity providers as first parties
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Shane --
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Just so we're really clear: if a user authenticates with Yahoo! on site
>>>>>>> 
>>>>>>> A and controls preferences on that site, does the out of band consent
>>>>>>> 
>>>>>>> dialogue Jonathan showed invalidate DNT-1: on site A? in general?
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Best,
>>>>>>> 
>>>>>>> Tamir
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> On 6/15/2012 11:29 PM, Tamir Israel wrote:
>>>>>>> 
>>>>>>> Ok.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> On 6/15/2012 2:07 PM, Shane Wiley wrote:
>>>>>>> 
>>>>>>> DAA Opt-out and single-sign on are not related. There are some
>>>>>>> 
>>>>>>> implementations where the ID is needed beyond the authentication
>>>>>>> 
>>>>>>> event and therefore data collection occurs outside of the initial
>>>>>>> 
>>>>>>> authentication event. Users do NOT need to choose Yahoo! as their ID
>>>>>>> 
>>>>>>> provider if they feel uncomfortable with that outcome.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> - Shane
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> 
>>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca>
>>>>>>> mailto:tisrael@cippic.ca]
>>>>>>> 
>>>>>>> Sent: Friday, June 15, 2012 10:56 AM
>>>>>>> 
>>>>>>> To: Shane Wiley
>>>>>>> 
>>>>>>> Cc: Rigo Wenning;  <mailto:public-tracking@w3.org>
>>>>>>> public-tracking@w3.org;  <mailto:rob@blaeu.com> rob@blaeu.com; Kimon
>>>>>>> 
>>>>>>> Zorbas;  <mailto:ifette@google.com> ifette@google.com; JC Cannon
>>>>>>> (Microsoft)
>>>>>>> 
>>>>>>> Subject: Re: Identity providers as first parties
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Shane,
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Maybe we are getting sidetracked.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Can you please explain the scope of tracking that results from using
>>>>>>> 
>>>>>>> Yahoo!'s IdM mechanism? Does it mean you can track all my activities on
>>>>>>> 
>>>>>>> the specific authenticated site? If so does this carry across multiple
>>>>>>> 
>>>>>>> explicitly authenticated sites? Does it operate in a manner analogous to
>>>>>>> 
>>>>>>> single sign-on? How does it interact with the existing DAA opt-out?
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Thanks and best regards,
>>>>>>> 
>>>>>>> Tamir
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> On 6/15/2012 11:28 AM, Shane Wiley wrote:
>>>>>>> 
>>>>>>> Tamir,
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Any service gets to determine its own primary purpose - so if OBA is
>>>>>>> 
>>>>>>> the payment for the service and this is disclosed as a primary
>>>>>>> 
>>>>>>> purpose, then that's the bargain the users can choose to consent to
>>>>>>> 
>>>>>>> or not.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> - Shane
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> 
>>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca>
>>>>>>> mailto:tisrael@cippic.ca]
>>>>>>> 
>>>>>>> Sent: Friday, June 15, 2012 8:21 AM
>>>>>>> 
>>>>>>> To: Shane Wiley
>>>>>>> 
>>>>>>> Cc: Rigo Wenning;  <mailto:public-tracking@w3.org>
>>>>>>> public-tracking@w3.org;  <mailto:rob@blaeu.com> rob@blaeu.com; Kimon
>>>>>>> 
>>>>>>> Zorbas;  <mailto:ifette@google.com> ifette@google.com; JC Cannon
>>>>>>> (Microsoft)
>>>>>>> 
>>>>>>> Subject: Re: Identity providers as first parties
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Shane --
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> There are 2 questions here. One is whether you can bundle in the
>>>>>>> 
>>>>>>> obligation to consent to secondary purposes as a condition of
>>>>>>> 
>>>>>>> authentication in an IdM context. The primary service in an IdM context
>>>>>>> 
>>>>>>> is authentication, not OBA.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> The second is to what extent the DNT spec should address this. I took
>>>>>>> 
>>>>>>> the 'independent choice' out of band consent criteria as an attempt to
>>>>>>> 
>>>>>>> prevent bundling of choices.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Best,
>>>>>>> 
>>>>>>> Tamir
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> On 6/15/2012 11:06 AM, Shane Wiley wrote:
>>>>>>> 
>>>>>>> Tamir,
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> But in the use case we're discussing the service being provided is
>>>>>>> 
>>>>>>> the primary purpose - a user's online identity. A service
>>>>>>> 
>>>>>>> determines its primary purpose, discloses this to the user, user
>>>>>>> 
>>>>>>> consents. Case closed.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> - Shane
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> 
>>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca>
>>>>>>> mailto:tisrael@cippic.ca]
>>>>>>> 
>>>>>>> Sent: Friday, June 15, 2012 8:02 AM
>>>>>>> 
>>>>>>> To: Shane Wiley
>>>>>>> 
>>>>>>> Cc: Rigo Wenning;  <mailto:public-tracking@w3.org>
>>>>>>> public-tracking@w3.org;  <mailto:rob@blaeu.com> rob@blaeu.com; Kimon
>>>>>>> 
>>>>>>> Zorbas;  <mailto:ifette@google.com> ifette@google.com; JC Cannon
>>>>>>> (Microsoft)
>>>>>>> 
>>>>>>> Subject: Re: Identity providers as first parties
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Shane, I disagree. Under PIPEDA you should offer users the possibility
>>>>>>> 
>>>>>>> of opting out of collection, use or disclosure for purposes
>>>>>>> 
>>>>>>> secondary to
>>>>>>> 
>>>>>>> the primary service being offered.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> This is the basis of the opt-out consent scheme being applied to
>>>>>>> 
>>>>>>> online
>>>>>>> 
>>>>>>> tracking.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Best,
>>>>>>> 
>>>>>>> Tamir
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> On 6/15/2012 10:58 AM, Shane Wiley wrote:
>>>>>>> 
>>>>>>> Tamir,
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> I disagree and PIPEDA does as well. As long as you're clear to a
>>>>>>> 
>>>>>>> user what a service provides and a user expressly consents to
>>>>>>> 
>>>>>>> those practices, the discussion is over.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Please don't try to raise CA regulatory schemes into conversations
>>>>>>> 
>>>>>>> on one hand then completely reverse your stance at whim - this
>>>>>>> 
>>>>>>> seriously undermines your credibility.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> - Shane
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> 
>>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca>
>>>>>>> mailto:tisrael@cippic.ca]
>>>>>>> 
>>>>>>> Sent: Friday, June 15, 2012 7:54 AM
>>>>>>> 
>>>>>>> To: Shane Wiley
>>>>>>> 
>>>>>>> Cc: Rigo Wenning;  <mailto:public-tracking@w3.org>
>>>>>>> public-tracking@w3.org;  <mailto:rob@blaeu.com> rob@blaeu.com; Kimon
>>>>>>> 
>>>>>>> Zorbas;  <mailto:ifette@google.com> ifette@google.com; JC Cannon
>>>>>>> (Microsoft)
>>>>>>> 
>>>>>>> Subject: Re: Identity providers as first parties
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Shane --
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> The need for independent choice is critical, I think, to the out
>>>>>>> 
>>>>>>> of band
>>>>>>> 
>>>>>>> consent scheme. You shouldn't be able to force users out of their DNT
>>>>>>> 
>>>>>>> choices as a condition of authentication.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Best,
>>>>>>> 
>>>>>>> Tamir
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> On 6/15/2012 10:48 AM, Shane Wiley wrote:
>>>>>>> 
>>>>>>> Rigo,
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> DNT will NEVER trump an out-of-band consent. The user would
>>>>>>> 
>>>>>>> simply withdraw from using the service they had provided prior
>>>>>>> 
>>>>>>> consent to. If the product would like to offer two levels of
>>>>>>> 
>>>>>>> service, it can of course do that, but that would be completely
>>>>>>> 
>>>>>>> outside the scope of DNT.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> DNT is not the privacy silver bullet and answer to all privacy
>>>>>>> 
>>>>>>> issues on the Internet - let's stop trying to push it in that
>>>>>>> 
>>>>>>> direction.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Thank you,
>>>>>>> 
>>>>>>> - Shane
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> 
>>>>>>> From: Rigo Wenning [ <mailto:rigo@w3.org> mailto:rigo@w3.org]
>>>>>>> 
>>>>>>> Sent: Friday, June 15, 2012 1:28 AM
>>>>>>> 
>>>>>>> To:  <mailto:public-tracking@w3.org> public-tracking@w3.org
>>>>>>> 
>>>>>>> Cc: Shane Wiley;  <mailto:rob@blaeu.com> rob@blaeu.com; Kimon Zorbas;
>>>>>>> <mailto:ifette@google.com> ifette@google.com;
>>>>>>> 
>>>>>>> Tamir Israel; JC Cannon (Microsoft)
>>>>>>> 
>>>>>>> Subject: Re: Identity providers as first parties
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Shane, Kimon,
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> On Thursday 14 June 2012 16:47:03 Shane Wiley wrote:
>>>>>>> 
>>>>>>> I¹ve used a few others and they appears to do the same so I¹m
>>>>>>> 
>>>>>>> confused as to what real-world identity provider scenario someone
>>>>>>> 
>>>>>>> is considering where consent wasn¹t already obtained?
>>>>>>> 
>>>>>>> I confirm that we agreed that the out-of-band agreement will trump
>>>>>>> 
>>>>>>> the DNT:1 signal. We also agreed that the service has to signal this
>>>>>>> 
>>>>>>> to the client.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> I guess, what Rob is trying to achieve is to say, even in this
>>>>>>> 
>>>>>>> context, a service could offer the choice of stopping to track and
>>>>>>> 
>>>>>>> only use information for the login/authentication purpose. This
>>>>>>> 
>>>>>>> could be the meaning of DNT:1 if the Service sends ACK in a
>>>>>>> 
>>>>>>> login/authentication context. If you're looking for medical
>>>>>>> 
>>>>>>> information in a login context, you don't want your login provider
>>>>>>> 
>>>>>>> to spawn that to your insurance. I think this is a very legitimate
>>>>>>> 
>>>>>>> use case. The service could say: "yes, I see your point" and send
>>>>>>> 
>>>>>>> ACK instead of "out-of-band".
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> We are just defining switches. People will decide whether they
>>>>>>> 
>>>>>>> switch stuff on or off or provide a switch at all.
>>>>>>> 
>>>>>>>  
>>>>>>> 
>>>>>>> Rigo
>>>>> 
>>>>>  
>>>> 
>>>> 
>>>      
>>  
>>  
>
Received on Monday, 18 June 2012 16:17:59 UTC