W3C home > Mailing lists > Public > public-tracking-commit@w3.org > August 2012

WWW/2011/tracking-protection/drafts tracking-dnt.html,1.136,1.137

From: Roy Fielding via cvs-syncmail <cvsmail@w3.org>
Date: Mon, 06 Aug 2012 21:33:32 +0000
To: public-tracking-commit@w3.org
Message-Id: <E1SyUvc-00053W-8U@lionel-hutz.w3.org>
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv19175

Modified Files:
	tracking-dnt.html 
Log Message:
ISSUE-124: (incomplete) revise tracking status value to N/0/1/C/X


Index: tracking-dnt.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.136
retrieving revision 1.137
diff -u -d -r1.136 -r1.137
--- tracking-dnt.html	3 Aug 2012 16:51:06 -0000	1.136
+++ tracking-dnt.html	6 Aug 2012 21:33:30 -0000	1.137
@@ -526,7 +526,7 @@
           the tracking status might vary based on data within the request.
           It also defines a <a>Tk</a> response header field that MAY be sent
           in any HTTP response, MUST be sent in responses to requests that
-          modify the tracking status for a user agent, and MAY direct the
+          modify the tracking status, and MAY direct the
           user to a request-specific tracking status resource applicable to
           the current request.
         </p>
@@ -539,16 +539,15 @@
           A <dfn>tracking status value</dfn> is a short notation for
           communicating how a designated resource conforms to this protocol.
           For a site-wide tracking status resource, the designated resource
-          is any resource on the same origin server.  For a Tk response
-          header field, the resource that sent the Tk header field in response
-          is the designated resource, and remains the designated resource
-          for any subsequent request-specific tracking status resource
-          referred to by the Tk field's status-id.
+          is any resource on the same origin server.  For a <a>Tk</a> response
+          header field, the corresponding request target is the designated
+          resource and remains so for any subsequent request-specific
+          tracking status resource referred to by the <a>Tk</a> field's status-id.
         </p>
         <p>
           Each of the response mechanisms use a common format to indicate
           the tracking status for a designated resource.  This
-          <dfn>tracking status value</dfn> is a string of characters from a
+          <dfn>tracking status value</dfn> is a single character from a
           limited set, where the meaning of each allowed character is
           defined in the following table.
         </p>
@@ -556,49 +555,59 @@
           <tr><th>status</th>
               <th>meaning</th>
           </tr>
-          <tr><td align="middle">N</td>
-              <td>None: The designated resource does not perform tracking or
-                make use of any data collected from tracking, not even for
-                permitted uses.<td>
+          <tr><td align="middle"><dfn>N</dfn></td>
+              <td><strong>None</strong>: The designated resource does not
+                perform tracking or make use of any data collected from
+                tracking, not even for permitted uses.<td>
           </tr>
-          <tr><td align="middle">1</td>
-              <td>First party: The designated resource is designed for use
-                within a first-party context and conforms to the requirements
-                on a first party.</td>
+          <tr><td align="middle"><dfn>1</dfn></td>
+              <td><strong>First party</strong>: The designated resource is
+                designed for use within a first-party context and conforms to
+                the requirements on a first party.</td>
           </tr>
-          <tr><td align="middle">3</td>
-              <td>Third party: The designated resource is designed for use
-                within a first-party context and conforms to the requirements
-                on a third party.<td>
+          <tr><td align="middle"><dfn>3</dfn></td>
+              <td><strong>Third party</strong>: The designated resource is
+                designed for use within a first-party context and conforms to
+                the requirements on a third party.<td>
           </tr>
-          <tr><td align="middle">X</td>
-              <td>Dynamic: The designated resource is designed for use in
-                both first and third party contexts and dynamically adjusts
-                tracking status accordingly.
-                If this value is present in the site-wide tracking status,
-                more information will be provided via the Tk response header
-                field.
-                If this value is present in the Tk response header field,
+          <tr><td align="middle"><dfn>X</dfn></td>
+              <td><strong>Dynamic</strong>: The designated resource is
+                designed for use in both first and third party contexts and
+                dynamically adjusts tracking status accordingly.
+                If <code>X</code> is present in the site-wide tracking status,
+                more information will be provided via the <a>Tk</a> response
+                header field when accessing the designated resource.
+                If <code>X</code> is present in the <a>Tk</a> header field,
                 more information will be provided in the request-specific
-                tracking status resource referred to by the status-id.
-                "X" MUST NOT be present in the tracking status value of
-                a request-specific tracking status resource.<td>
+                tracking status resource referred to by the <a>status-id</a>.
+                An origin server MUST NOT send <code>X</code> as the
+                tracking status value in the representation of a
+                request-specific tracking status resource.<td>
           </tr>
-          <tr><td align="middle">S</td>
-              <td>Service provider: The designated resource is operated by
-                a service provider acting on behalf of the first party
-                and conforms to the requirements for both a first party
-                and a service provider acting as a first party.<td>
+          <tr><td align="middle"><dfn>S</dfn></td>
+              <td><strong>Service provider</strong>: The designated resource
+                is operated by a service provider acting on behalf of the
+                first party and conforms to the requirements for both a first
+                party and a service provider acting as a first party.<td>
           </tr>
-          <tr><td align="middle">C</td>
-              <td>Consent: The designated resource believes it has received
-                prior explicit and informed consent for tracking this user,
-                user agent, or device, perhaps via some mechanism
-                not defined by this specification, and that prior consent
-                overrides the tracking preference expressed by this protocol.
-                When prior consent is indicated, the tracking status object
-                SHOULD include a <code><a>control</a></code> member that
-                references a resource for modifying the consent.<td>
+          <tr><td align="middle"><dfn>C</dfn></td>
+              <td><strong>Consent</strong>: The designated resource believes
+                it has received prior explicit and informed consent for
+                tracking this user, user agent, or device, perhaps via some
+                mechanism not defined by this specification, and that prior
+                consent overrides the tracking preference expressed by this
+                protocol.
+          </tr>
+          <tr><td align="middle"><dfn>U</dfn></td>
+              <td><strong>Updated</strong>: The request resulted in a
+                potential change to the tracking status applicable to this
+                user, user agent, or device.  If the user agent relies on a
+                cached tracking status, it SHOULD update the cache entry with
+                the current status by making a new request on the applicable
+                tracking status resource. An origin server MUST NOT send
+                <code>U</code> as a tracking status value anywhere other than
+                a <a>Tk</a> header field that is in response to a
+                state-changing request.
           </tr>
         </table>
   	    <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/137">ISSUE-137</a>: Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)<br />
@@ -647,7 +656,7 @@
             some aspect of the request (e.g., method, target URI, header
             fields, data, etc.), the origin server MAY provide an additional
             subtree of well-known resources corresponding to each of those
-            distinct tracking statuses.  The Tk response header field
+            distinct tracking statuses.  The <a>Tk</a> response header field
             (<a href="#response-header-field" class="sectionRef"></a>) can
             include a <a>status-id</a> to indicate which specific tracking
             status resource applies to the current request.
@@ -661,8 +670,8 @@
           <pre>/.well-known/dnt{/status-id}</pre>
           <p>
             where the value of <code>status-id</code> is a string of URI-safe
-            characters provided by a Tk field-value in response to a prior
-            request.  For example, a prior response containing
+            characters provided by a <a>Tk</a> field-value in response to a
+            prior request.  For example, a prior response containing
           </p>
           <pre>Tk: 1;fRx42</pre>
           <p>
@@ -710,8 +719,7 @@
           </p>
 <pre class="example">
 {
-  "tracking": true,
-  "response": "t1",
+  "tracking": "1",
   "same-party": [
     "example.com",
     "example_vids.net",
@@ -734,13 +742,9 @@
           </p>
           <p>
             A <a>status-object</a> MUST have a member named
-            <code><a>tracking</a></code> with a boolean value.
-            A value of <code><a>false</a></code> indicates that the
-            corresponding resources do not perform tracking as it is
-            defined by [[!TRACKING-COMPLIANCE]].
-            A value of <code><a>true</a></code> indicates that the
-            corresponding resource performs tracking and claims to conform to
-            all tracking compliance requirements applicable to this site.
+            <code><a>tracking</a></code> that contains a single character
+            tracking status value
+            (<a href="#tracking-status-value" class="sectionRef"></a>).
           </p>
           <p>
             For example, the following demonstrates a minimal tracking status
@@ -748,27 +752,9 @@
             perform tracking.
           </p>
 <pre class="example">
-{"tracking": false}
+{"tracking": "N"}
 </pre>
           <p>
-            If <code><a>tracking</a></code> is <code><a>true</a></code>,
-            the <a>status-object</a> MUST include an additional member named
-            <code><a>response</a></code> and MAY include other members as
-            described below.
-          </p>
-          <p>
-            The <code></a>response</a></code> member MUST have a string value
-            that indicates the status of tracking applicable specifically to
-            this user in light of the received <a>DNT-field-value</a>.
-            The string value begins with <code>t</code>  (tracking),
-            <code>n</code> (not tracking), or <code>s</code> (see the more
-            specific tracking status resource),
-            and MAY be followed by alphanumeric characters that indicate
-            qualifiers for that status.
-            The defined qualifier characters and their meanings are described
-            in <a href="#status-response-value" class="sectionRef"></a>.
-          </p>
-          <p>
             An OPTIONAL member named <code><a>same-party</a></code> MAY be
             provided with an array value containing a list of domain names
             that the origin server claims are the same party, to the extent
@@ -802,7 +788,9 @@
             An OPTIONAL member named <code><a>control</a></code> MAY be
             provided with a string value containing a URI-reference to a
             resource for giving the user control over personal data collected
-            by this site.  Such control might include the ability to review
+            by this site; it SHOULD be provided if the tracking status value
+            indicates prior consent (<code><a>C</a></code>).
+            Such a control resource might include the ability to review
             past data collected, delete some or all of the data, provide
             additional data (if desired), or <q>opt-in</q>, <q>opt-out</q>,
             or otherwise modify an out-of-band consent status regarding
@@ -823,8 +811,7 @@
             third-party tracking status is
 <pre class="example">
 {
-  "tracking": true,
-  "response": "n",
+  "tracking": "3",
   "policy": "/privacy.html",
   "control": "/your/data",
 }
@@ -896,7 +883,7 @@
             that each such use conforms to the associated requirements.
             All limitation qualifiers imply some form of tracking might
             be used and thus MUST NOT be provided with a tracking status
-            that begins with <code>N</code> (not tracking).
+            value of <code>N</code> (not tracking).
           </p>
           <p>
             Future extensions to this protocol might define additional
@@ -929,9 +916,10 @@
             behavior over time.
           </p>
           <p>
-            A user agent MAY check the tracking status for a given resource
-            URI by making a retrieval request for the well-known address
-            </q><code>/.well-known/dnt</code></q> relative to that URI.
+            A user agent MAY check the tracking status for a designated
+            resource by making a retrieval request for the well-known address
+            </q><code>/.well-known/dnt</code></q> relative to the URI of the
+            designated resource.
           </p>
           <p>
             If the response is an error, then the service does not implement
@@ -951,41 +939,23 @@
           </p>
           <p>
             The <a>status-object</a> is supposed to have a member named
-            <code><a>tracking</a></code> with a boolean value.  If the value
-            is <q>false</q>, then no tracking is performed for the URI being
-            checked.
-          </p>
-          <p>
-            Otherwise, examine
-            the member named <code><a>response</a></code> to see what the
-            origin server has claimed regarding the tracking status for this
-            user agent in light of the received <a>DNT-field-value</a>.
-          </p>
-          <p>
-            If the first character of the <code><a>response</a></code> value
-            is "n", then the origin server claims that it will not track the
-            user agent for requests on the URI being checked for at least the
-            next 24 hours or until the Cache-Control information indicates
-            that this response expires, as described below.
+            <code><a>tracking</a></code> containing the tracking status value.
           </p>
           <p>
-            If the first character of the <code><a>response</a></code> value
-            is "t", then the origin server claims that it might track the
-            user agent for requests on the URI being checked for at least the
-            next 24 hours or until the Cache-Control information indicates
-            that this response expires.
+            If the tracking status value is <a>N</a>, then the origin server
+            claims that no tracking is performed for the designated resource
+            for at least the next 24 hours or until the Cache-Control
+            information indicates that this response expires.
           </p>
           <p>
-            If the first character of the <code><a>response</a></code> value
-            is "s", then the origin server has multiple tracking status
-            representations and the specific one applicable to each request
-            is indicated by a status-id within the Tk field-value of the
-            corresponding response.
+            If the tracking status value is not <a>N</a>, then the origin
+            server claims that it might track the user agent for requests on
+            the URI being checked for at least the next 24 hours or until the
+            Cache-Control information indicates that this response expires.
           </p>
           <p>
-            The remaining characters of the <code><a>response</a></code> value
-            might indicate qualifiers for the above choices or limitations
-            that the origin server will place on its tracking.
+            The meaning of each tracking status value is defined in
+            <a href="#tracking-status-value" class="sectionRef"></a>.
           </p>
           <p>
             The others members of the <a>status-object</a> MAY be used to
@@ -1017,17 +987,18 @@
           </p>
           <p>
             If the tracking status is only applicable to all users that have
-            the same <q>DNT-field-value</q>, then either the response MUST
-            include a Cache-Control header field with one of the directives
-            "no-cache", "no-store", "must-revalidate", or "max-age=0", or
-            the response MUST include a Vary header field that includes "DNT"
-            in its field-value.
+            the same <q>DNT-field-value</q>, then the response MUST either be
+            marked with a Vary header field that includes "DNT" in its
+            field-value or marked as not reusable by a shared cache without
+            revalidation with a Cache-Control header field containing one of
+            the following directives: "private", "no-cache", "no-store", or
+            "max-age=0".
           </p>
           <p>
             If the tracking status is only applicable to the specific user
-            that requested it, then the response MUST include a
-            Cache-Control header field with one of the directives "no-cache",
-            "no-store", "must-revalidate", or "max-age=0".
+            that requested it, then the response MUST include a Cache-Control
+            header field containing one of the following directives:
+            "private", "no-cache", or "no-store".
           </p>
           <p>
             Regardless of the cache-control settings, it is expected that
@@ -1043,7 +1014,7 @@
             of tracking status, relying on cached tracking status responses
             to do so, SHOULD check responses to its state-changing requests
             (e.g., POST, PUT, DELETE, etc.) for a <a>Tk</a> header field
-            with the <a>update-needed</a> field-value, as described in
+            with the <a>U</a> tracking status value, as described in
             <a href="#interactive-status-change" class="sectionRef"></a>.
           </p>
         </section>
@@ -1060,7 +1031,7 @@
           <pre class="abnf">
 <dfn>status-object</dfn> = begin-object member-list end-object
 <dfn>member-list</dfn>   = tracking        ns tracking-v
-                [ vs response   ns response-v   ]
+                [ vs uses       ns uses-v       ]
                 [ vs same-party ns same-party-v ]
                 [ vs partners   ns partners-v   ]
                 [ vs audit      ns audit-v      ]
@@ -1069,26 +1040,26 @@
                 *( vs extension )
 
 <dfn>tracking</dfn>      = %x22 "tracking" %x22
-<dfn>tracking-v</dfn>    = true / false
-
-<dfn>response</dfn>      = %x22 "response" %x22
-<dfn>response-v</dfn>    = %x22 <a>r-codes</a> %x22
+<dfn>tracking-v</dfn>    = "1"   ; "1" — first-party
+              / "3"   ; "3" — third-party
+              / %x43  ; "C" - consent
+              / %x4E  ; "N" - none
+              / %x53  ; "S" - service provider
+              / %x55  ; "U" - updated
+              / %x58  ; "X" - dynamic
 
-<dfn>r-codes</dfn>       = (%x74 / %x6E / %x73) *qualifier
+<dfn>uses</dfn>          = %x22 "uses" %x22
+<dfn>uses-v</dfn>        = %x22 *<a>qualifier</a> %x22
 
-<dfn>qualifier</dfn>     = "1"   ; "1" — first-party
-              / "3"   ; "3" — third-party
-              / %x61  ; "a" — audit
+<dfn>qualifier</dfn>     = %x61  ; "a" — audit
               / %x63  ; "c" — ad frequency capping
               / %x66  ; "f" — fraud prevention
               / %x6C  ; "l" — local law, rule, or regulation
-              / %x70  ; "p" — prior consent
               / %x72  ; "r" — referrals
               / ext-qualifier
 
-<dfn>ext-qualifier</dfn> = %x2D-2E / "0" / "2" / %x34-39 / %x5F
-              / %x62 / %x64-65 / %x67-6B / %x6D / %x6F
-              / %x71 / %x75-7A
+<dfn>ext-qualifier</dfn> = %x2D-2E / %x30-39 / %x5F / %x62 
+              / %x64-65 / %x67-6B / %x6D-71 / %x73-7A
 
 <dfn>same-party</dfn>    = %x22 "same-party" %x22
 <dfn>same-party-v</dfn>  = array-of-strings
@@ -1161,7 +1132,7 @@
           <h4>Indicating Tracking Design</h4>
           
           <p>
-            The Tk field-value begins with a single character
+            The <a>Tk</a> field-value begins with a single character
             <a>tracking-design</a> that indicates how the target resource
             conforms to [[!TRACKING-COMPLIANCE]]. We refer to this as the
             tracking design because it reflects only how the resource is
@@ -1246,7 +1217,7 @@
             fields, data, etc.), the origin server MAY provide an additional
             subtree of well-known resources corresponding to each of those
             distinct tracking statuses.  The OPTIONAL <a>status-id</a> portion
-            of the Tk field-value indicates which specific tracking
+            of the <a>Tk</a> field-value indicates which specific tracking
             status resource applies to the current request.
           </p>
           <p>
Received on Monday, 6 August 2012 21:33:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 August 2012 21:33:34 GMT