- Present: Nick, Jeffrey, Don, Pete
- Regrets:
Nick: Happy to make or have the editors make the editorial changes. On the comment about browsers not showing explanation while asking for permission, I am arguing that browsers should change their minds. We have enough evidence now that not showing relevant explanation with permissions requests is not working. Not sure principles document needs to say it directly. But the principle is that we should consider ways for browsers to show relevant information.
Jeffrey: doesn't prescribe what you need to put in the perf dialog, so maybe this isn't so diff from current policy. Happy to let it through if others don't disagree
Pete: I'll take a look ASAP and report back on slack or on the next call i can attend (i wont be on the next call)
Nick: other concerns?
Jeffrey: Info means two diff things, can we change one phrase to "helpful explanation"?
Nick: good pt that it seems confusing, not sure, but explaination seems promising
Jeffrey: I'll be gone next 2wks, someone else should suggest new text
Jeffrey: is this good to review?
Nick: Not sure if this will address MT's concern. We can cite the RFC and note it as useful but not necessarily sufficient.
Don: I like this change, relevant to jury use case (general location + "other relevant information" can identify a likely juror in a large government facility)
Jeffrey: should we merge or ask MT to review. Im happy to merge and see if MT is happy
Pete, Nick: +1
Jeffrey: Nick, you asked if this should go in the privacy threat model. That seems good if imperfect.
Pete: No preference at all. Seems fine. Are people good with removing it?
Nick: I'm fine with removing it. I thought it fit here, but since we're concerned about length, and we don't make lots of references, I'm fine moving it.
Pete: I think we could get rid of the section afterwards too. Separate PR. "Summary of the principles"
Jeffrey: That's probably worth keeping as an index.
Nick: High level threats section. RFC6973. Not sure if we added anything.
Jeffrey: Think we did add something, but I agree that it might not be useful.
Nick: Could move to a threat model, as these are useful listing of threats but not extensively used in our principles text. Colleagues gave feedback to remove that.
Pete: I'll create an issue to do that and then do it. folllow up issue: #341
Jeffrey: For #340, we should let the rest of the group weigh in, but I'm generally positive.
Pete: Dan seemed most unsure, +1 to wait for him
Pete: We could move A.5 to a threat model too.
Nick: I think people are going to be looking here for recognition.
Pete: Server-side actors?
Jeffrey: We have a hierarchy of documents, and it'd be good for this document to mostly use definitions from itself and higher documents. Threat model is lower, so I'd hesitate to move important definitions there.
Pete: How about Acting on Data? Several terms are only used within this section. I will brain on it more and either give up or come back with a PR
Jeffrey: Especially the GDPR terms like "service provider".
Nick: we might be at the end of what we can do today. Once we address current PRs, remaining issues seem like editoral and similar. Seems good!
Jeffrey: still two issues for me, 279 and 280, will address when i get back in 2 wk
Pete: I also wont be here next wk
Jeffrey: the end