> It's now been clarified that Ashok was referencing in the
> context of Robin's work on Privacy by Design in APIs , and I think we've
> all agreed that the next time we should discuss that is when Robin has a
> new draft, or requests a session.
> I'm certainly glad to give this agenda time either way, but I'm curious as
> to whether you see the above as being within the scope of , and if not,
> what you know about how you'd like to organize TAG work on privacy beyond
> what's called for in .
Ashok was referencing .
 has one normative reference, .
 and  should be in scope for discussing  since  purports to
address privacy threats, and  enumerates considerations for privacy
threats using the terminology defined in . If there are different
sources of definitions and threat framework you would prefer, that's
ok with me, but this is the best I've seen so far.
My concern about the TAG taking on  in the first place was the possible
lack of agreement about terminology and threats.
I'm OK with delaying any discussion of  or  to a discussion of 
or any other discussion of privacy.
From: Noah Mendelsohn [mailto:nrm@...]
Sent: Wednesday, May 16, 2012 8:17 AM
To: Larry Masinter
Cc: ashok.malhotra@...; www-tag@... Subject: Re: Privacy Document from IETF
Let's try to sort this out and move ahead:
* It's now been clarified that Ashok was referencing
context of Robin's work on Privacy by Design in APIs , and I think we've
all agreed that the next time we should discuss that is when Robin has a
new draft, or requests a session.
> If we are going to talk about "privacy by design", if we're going to discuss whether "SPDY's use of SSL offers a promise of improved privacy on the web", if we're going to do anything at all about privacy,
> we need to come to an agreement on what we mean by "privacy", since it was clear to me during previous discussions that TAG members had very different ideas about what the word meant.
> And yes, I think it needs separate agenda time to agree that this is the vocabulary we want to use, and if not, which one.
I'm certainly glad to give this agenda time either way, but I'm curious as
to whether you see the above as being within the scope of , and if not,
what you know about how you'd like to organize TAG work on privacy beyond
what's called for in .
In any case, I will at least tentatively plan to put a telcon session on
privacy and, if appropriate  in particular, on our telcon agenda for 24
May. If there are proposals for privacy work beyond APIs, that's fine too,
but I would like to take a look at why our other recent work on privacy had
to be abandoned after significant effort, and why things are likely to go
better if we re-engage.