- From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
- Date: Tue, 08 Jan 2013 17:02:01 +0100
- To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <50EC42F9.20107@schunter.org>
Hi Team, Happy New Year and welcome to our first call in 2013! I hope you enjoyed your vacation and are now full of energy to finalize our DNT efforts. Below is my V01 proposal for tomorrow's call with a focus on TPE. I am aware that we are unlikely to address all 10 items on this agenda. Let's start from the top and see how far we get. Regards, matthias --------------------------- Administrative -------------------------- 1. Peter plans to suggest a scribe 2. Offline-caller-identification (NEW): If you intend to join the phone call, you must either associate your phone number with your IRC username once you've joined the call (command: "Zakim, [ID] is [name]" e.g., "Zakim, ??P19 is schunter" in my case), or let Nick know your phone number ahead of time. If you are not comfortable with the Zakim IRC syntax for associating your phone number, please email your name and phone number to npdoty@w3.org by 8am PT tomorrow. We want to reduce (in fact, eliminate) the time spent on the call identifying phone numbers. Note that if your number is not identified and you do not respond to off-the-phone reminders via IRC, you will be dropped from the call. --------------------------- 3. Next steps for Compliance (20min; Peter) --------------------------- Peter would like to spend 15 minutes for discussion of next steps on the compliance spec. - We will discuss the technical meeting on de-identification in DC on January 17, as well as the possibility of a follow-up tech meeting in Brussels, perhaps on January 25. - We will discuss how to handle the pending actions for the compliance spec --------------------------- Old business --------------------------- 4. Review of overdue action items: http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owne <http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner> --------------------------- 5. Revised approach to Exceptions --------------------------- David has introduced proposed text into our spec that reflects our draft new approach to exceptions: Discussions: - Feedback on the draft - David Singer: I think there is a clearly missing API (or rather, pair thereof). Though a site can ask "what DNT header would I get in the current context?" it cannot currently ask "does this exception that I previously requested still exist?". That's clearly needed to guide its behavior (e.g. it might go to a page expressing its sadness and disappointment). --------------------------- 6. ISSUE-190: Multiple First Parties on a Site ---------------------------- Issue: https://www.w3.org/2011/tracking-protection/track/issues/190 Action: http://www.w3.org/2011/tracking-protection/track/actions/328 Proposed text: http://www.w3.org/mid/B6B5B05D-F772-43E4-B332-3A727A16A458%2540gbiv.com If we agree on the approach proposed by Roy, I would ask him to implement the corresponding changes in the text. ------------------------------ 7 Updates to our JS Script API ------------------------------ Related message: http://lists.w3.org/Archives/Public/public-tracking/2012Nov/0044.html In this message, Nick proposed changes to our Javascript API 1. - Move JS doNotTrack property to window (from navigator) 2. - remove the requestDNTStatus( ) since it seems redundand I suggest (a) to implement these changes and (b) to discuss what additional APIs are needed. For (b), David proposed argued that two new APIs are needed: - "does <this> site-exception still stand?" - "does <this> web-wide exception still stand?" If we agree on those two APIs, I would suggest that Nick/David propose text to spec these changes ------------------------------------------- 8. Service Providers ------------------------------------------- David Singer has summarised suggested behavior for service providers below. I would like to introduce this text into the spec and/or gather feedback. "I think the basic discussion is in http://lists.w3.org/Archives/Public/public-tracking/2012Nov/0334.html and the redux in http://lists.w3.org/Archives/Public/public-tracking/2012Dec/0119.html The summary: -- use the same-party resource for sites that are truly in the same party, or appear uniquely associated with only one party; (we don't need analytics.com being the same as both boeing.com and airbus.com, which would suggest boeing and airbus are the same party); -- if you operate under a service contract, then you're under the privacy policy of the organization you're providing service to; your policy link in the well-known resource should be a URL that identifies both that organization's site and its policy (the URL may then, of course, re-direct if needed); (note that sharing a privacy policy might occur under other circumstances, e.g. if an organization like creative commons publishes some easy-to-use ones) [the adobe case] -- if you are concerned that users/user-agents might see you claiming 1st party or consent status when you don't appear to have it, because the organization you are servicing does, set the service-provider qualifier (in the response and/or well-known-resource, as appropriate); the 'policy' link then should show who you provide service to (as above) " --------------------------- 9. ISSUES marked PENDING REVIEW --------------------------- Goal: - Agree on adding the proposed text (or create action for writing alternative text) ISSUE-113: How to handle sub-domains (ISSUE-112)? http://www.w3.org/2011/tracking-protection/track/issues/112 On these issues IMHO the status is as follows: - If a site-wide exception is requested, all subdomains are automatically included - This issue is only relevant for explicit/explicit lists of domains (if the site uses them) - An original proposal (from Ian) used cookie-like handling - There is a need for wildcards (see note from David Wainberg) and if we agree that wildcards are useful, we should discuss the "how". --------------------------- 10. ISSUES marked OPEN --------------------------- Goal: review open issues at https://www.w3.org/2011/tracking-protection/track/products/2 and assign actions to them ISSUE-164: Should the 'same-party' attribute be mandatory? http://www.w3.org/2011/tracking-protection/track/issues/164 My understanding of the minutes is that we agreed in Amsterdam: - keep a MAY (optional) - Say that if a site that loads additional content "to be used in 1st party context" (flag: 1) from other domains, this content may not work properly unless this domain is desclared as "same-party" - If this approach is still OK, I suggest to create an action to textify it. 11. Announce next meeting & adjourn ================ Infrastructure ================= Zakim teleconference bridge: VoIP: sip:zakim@voip.w3.org Phone +1.617.761.6200 passcode TRACK (87225) IRC Chat: irc.w3.org <http://irc.w3.org/>, port 6665, #dnt *****
Received on Tuesday, 8 January 2013 16:02:27 UTC