W3C home > Mailing lists > Public > public-tracking-commit@w3.org > August 2012

WWW/2011/tracking-protection/drafts tracking-dnt.html,1.128,1.129

From: David Singer via cvs-syncmail <cvsmail@w3.org>
Date: Wed, 01 Aug 2012 22:01:00 +0000
To: public-tracking-commit@w3.org
Message-Id: <E1SwgyS-0005dp-Kg@lionel-hutz.w3.org>
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv21395

Modified Files:
Log Message:
Edits to exception API to make the cross-site scripting restriction correct, 
and clarify terminology and behavior.

Index: tracking-dnt.html
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.128
retrieving revision 1.129
diff -u -d -r1.128 -r1.129
--- tracking-dnt.html	30 Jul 2012 23:42:26 -0000	1.128
+++ tracking-dnt.html	1 Aug 2012 22:00:58 -0000	1.129
@@ -1368,7 +1368,7 @@
           <strong>target</strong>. A user might &#8212; for instance &#8212;
           want AnalytiCo to be allowed to track them on Example News, but not on Example
           Medical. To simplify language used in this API specification, we
-          define two terms:</p>
+          define three terms:</p>
             <li><strong>Top-Level Domain (TLD)</strong> is the domain name 
@@ -1377,6 +1377,9 @@
             <li>A <strong>target</strong> site is a domain name which is the target
             of an HTTP request, and which may be an origin for embedded resources
             on <strong>the indicated top-level domain</strong>.</li>
+            <li>The <strong>document origin</strong> of a script is the domain of
+            origin of the document that caused that script to be loaded (not
+            necessarily the same as the origin of the script itself).</li>
            <p class="example">
@@ -1402,10 +1405,16 @@
            domain names.</p>
            <p>The domains that enter into the behavior of the APIs include:</p>
-			<li>As described above, the <strong>Top-Level Domain (TLD)</strong> active
+			<li>As described above, the <strong>document origin</strong> active
 			at the time of the call, and;</li> 
 			<li>Domain names passed to the API.</li>
+		   <p>Domains that enter into the decision over what DNT header 
+		   to be sent in a given HTTP request include:
+		   <ul>
+		     <li>The <strong>top-level domain</strong> of the current context;</li>
+		     <li>The <strong>target</strong> of the HTTP request.</li>
+		   </ul>
            <p class="note">Note that these strict, machine-discoverable, concepts 
            may not match the definitions of first and third party; in particular, 
            sites themselves need to determine (and signal) when they get 'promoted' 
@@ -1417,9 +1426,9 @@
 			<li>First, the UA somehow confirms with the user that they agree to 
 			the grant of exception;</li>
 			<li>If they agree, then the UA adds to its local database one or 
-			more site-pair duplets [top-level-domain, other-domain]; one or other 
+			more site-pair duplets [document-origin, target]; one or other 
 			of these may be a wild-card ("*");</li>
-			<li>While the user is browsing a given site [top-level domain], and a 
+			<li>While the user is browsing a given site (top-level domain), and a 
 			DNT header is to be sent to a target domain, if the duplet [top-level 
 			domain, target domain] matches any duplet in the database, then a 
 			DNT:0 header is sent, otherwise DNT:1 is sent.</li>
@@ -1429,7 +1438,7 @@
           <h3>Exception use by browsers</h3>
-            If a user wishes to allow tracking by a <strong>target</strong> on the
+            If a user agrees to allow tracking by a <strong>target</strong> on the
             <strong>top-level domain</strong>, this should result in two user-agent
@@ -1448,6 +1457,12 @@
            re-direct would get a different DNT header than the target, using these
            matching rules?<br><b>Proposal</b>: The re-direct is not relevant; each 
            site gets the DNT header controlled by the list of grants.</p>
+           <p class="issue">This model does not support mashed-up content 
+           which is in turn supported by ads; it's not clear how to distinguish 
+           between embedded content which is embedding ads (and hence the top-level 
+           domain stays the same) and embedded content that should start 
+           a new context.<br><b>Proposal</b>: For this version of the specification,
+           we don't address this corner case.</p>
           <div class="note">
           <p >
             It is left up to individual user-agent implementations how to
@@ -1464,11 +1479,14 @@
 		  <p >Conversely, if a wild-card is used, the user may be told 
 		  that the top-level domain is asking for an exception for all third-parties that 
 		  are, or will be, embedded in it.</p>
-		  <p>User-agents MUST handle each request as a 'unit', granting and maintaining it
+		  <p>User-agents MUST handle each API request as a 'unit', 
+		  granting and maintaining it
 		  in its entirety, or not at all. That means that a user-agent MUST NOT indicate
 		  to a site that a request for targets {a, b, c} has been granted, and
 		  later remove only one or two of {a, b, c} from its logical database of
-		  remembered grants.</p>
+		  remembered grants. This assures sites that the set of sites they need for
+		  operational integrity is treated as a unit. Each separate call to an API
+		  is a separate unit.</p>
           <p class="issue"><a
@@ -1564,7 +1582,9 @@
 			<p>The execution of this API and the use of the resulting permission 
 			(if granted) use the 'implicit' parameter, when the API is called, 
-			the domain of the top-level site.</p>
+			the <strong>document origin</strong>. This forms the first part of the
+			duplet in the logical model, and hence in operation will be compared
+			with the <strong>top-level domain</strong>.</p>
 			<p>The <code>granted</code> parameter passed to the callback is the
 			  user&#8217;s response; The response
@@ -1585,11 +1605,11 @@
 			<p>If permission is granted for an explicit list,
 			 then the set of duplets (one per target):</p>
-				<code>[top-level-domain, target]</code>
+				<code>[document-origin, target]</code>
 			<p>is added to the database of remembered grants.</p>  
 			<p>If permission is granted for a site-wide exception,
 			 then the duplets:</p>
-				<code>[top-level-domain, * ]</code>
+				<code>[document-origin, * ]</code>
 			<p>is added to the database of remembered grants.</p>  
@@ -1613,11 +1633,11 @@
 				<p>Ensures that the database of remembered grants no longer contains any
-				duplets for which the first part is the current top-level domain,
+				duplets for which the first part is the current document origin,
 				i.e. no duplets </p>
-				<code>[top-level-domain, target]</code>
+				<code>[document-origin, target]</code>
-				<p>for any target.  This method never fails and there 
+				<p>for any target.  There 
 				is no callback. After the call has been made, it is assured that there
 				are no site-specific or site-wide exceptions for the given
@@ -1645,7 +1665,7 @@
 				<p>If permission is granted, then the single duplet</p>
-				<code>[ * , top-level-domain]</code>
+				<code>[ * , document-origin]</code>
 				<p>is added to the database of remembered grants.</p>
@@ -1671,10 +1691,11 @@
 				removeWebWideTrackingException( )
-				<p>Ensures that the database of remembered grants no longer contains</p>
-				<code>[ * , top-level-domain]</code>
+				<p>Ensures that the database of remembered grants no longer 
+				contains the duplet</p>
+				<code>[ * , document-origin]</code>
-				<p>This method never fails and there 
+				<p>There 
 				is no callback. After the call has been made, the indicated 
 				pair is assured not to be in the database. The same matching 
 				as is used for determining which header to send is used to 
Received on Wednesday, 1 August 2012 22:01:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:48:55 UTC