WWW/2011/tracking-protection/drafts tracking-dnt.html,1.125,1.126

Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv6145

Modified Files:
	tracking-dnt.html 
Log Message:
Changed exception APIs to not have explicit site lists, but optionally use partners resource



Index: tracking-dnt.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -d -r1.125 -r1.126
--- tracking-dnt.html	18 Jul 2012 06:55:05 -0000	1.125
+++ tracking-dnt.html	18 Jul 2012 08:51:40 -0000	1.126
@@ -1327,6 +1327,9 @@
         
         <section>
           <h3>Introduction</h3>
+          <p>This section describes the effect of the APIs in terms of a logical
+          processing model; this model describes the behavior, but should not 
+          be read as mandating any specific implementation.</p>
           <p>This API considers exceptions which are double-keyed to two
           domains: the <strong>site</strong>, and the
           <strong>target</strong>. A user might &#8212; for instance &#8212;
@@ -1423,20 +1426,14 @@
             determine and how and whether to store users' tracking
             preferences.
           </p>
-          <p >When such an explicit list of domains is provided 
-          through the API, their names might mean little to the user. The user 
+          <p >When an explicit list of domains is provided, their names might mean 
+          little to the user. The user 
           might, for example, be told that such-and-such top-level domain is 
           asking for an exception for a specific set of sites, rather than listing 
           them by name.</p>
-		  <p >Conversely, if a wild-card is used, the user may be told 
+		  <p >Conversely, if a wild-card is or will be used, the user may be told 
 		  that the top-level domain is asking for an exception for all third-parties that 
-		  are, or will be, embedded in it. The API might fetch the list of sites 
-		  currently declared in the well-known URI as 'partners' as an example 
-		  of the third-parties involved, but it should be noted that the partners 
-		  list, and the set of embedded domains, might change after the API 
-		  process is complete, and that the wild-card in the database applies 
-		  dynamically to all sites that might be embedded, not just to the 
-		  current 'partners' list.</p>
+		  are, or will be, embedded in it.</p>
 		  </div>
 
           <p class="issue"><a
@@ -1464,8 +1461,7 @@
 			NavigatorDoNotTrack'>
 			  <dt>
 				void
-				requestSiteSpecificTrackingException(sequence&lt;DOMString&gt;
-				arrayOfDomainStrings, in TrackingResponseCallback callback,
+				requestSiteSpecificTrackingException(in TrackingResponseCallback callback,
 				optional siteName, optional explanationString, optional detailURI)
 			  </dt>
 			  <dd>
@@ -1486,15 +1482,11 @@
 			
 			<p>
 			  The <code>requestSiteSpecificTrackingException</code> method takes
-			  two mandatory arguments:
+			  the mandatory argument:
 			</p>
 	
 			<ul>
 			  <li>
-				<code>arrayOfDomainStrings</code>, a JavaScript array of strings,
-				and
-			  </li>
-			  <li>
 				<code>callback</code>, a method that will be called when the
 				request is complete.
 			  </li>
@@ -1517,32 +1509,38 @@
 			  </li>
 			</ul>
 	
-			<p>
-			  Each string in <code>arrayOfDomainStrings</code> specifies a
-			  <strong>target</strong>. The special string &#8220;*&#8221;
-			  signifies all <strong>targets</strong>. When called,
+			<p>When called,
 			  <code>requestSiteSpecificTrackingException</code> MUST return
 			  immediately, then asynchronously determine whether the user grants
-			  the requested exceptions.
+			  the requested exception(s).
 			</p>
 	
-			<p>
-			  The <code>granted</code> parameter passed to the callback is the
+			<p>The execution of this API and the use of the resulting permission 
+			(if granted) use two 'implicit' parameters, when the API is called:
+			  <ul>
+			    <li>the domain of the origin of the script (script-origin);</li>
+			    <li>the 'partners' list at the well-known URL location.</li>
+			  </ul>
+			The user-agent SHOULD use the partners as the list of
+			 <strong>target</strong>s, 
+			if it exists, or a list containing the single special string &#8220;*&#8221;, 
+			indicating all targets,
+			as the <strong>target</strong> if it does not; it MAY use a list of the 
+			special 
+			string &#8220;*&#8221; even if the partners list exists.</p>
+			
+			<p>The <code>granted</code> parameter passed to the callback is the
 			  user&#8217;s response; <code>true</code> indicates the user grants an
 			  exception on <strong>top-level domain</strong> for all of the
-			  <strong>target</strong>s specified in
-			  <code>arrayOfDomainStrings</code>. The response <code>false</code>
+			  <strong>target</strong>s. The response <code>false</code>
 			  indicates that the user does not want an exception on 
 			  <strong>top-level domain</strong> for at least one of 
-			  the <strong>target</strong>s
-			  specified in <code>arrayOfDomainStrings</code>.
+			  the <strong>target</strong>s.
 			</p>
 			
-			<p>The execution of this API and the use of the resulting permission 
-			(if granted) use the 'implicit' parameter, when the API is called, 
-			of the domain of the origin of the script (script-origin). If 
-			permission is granted, then the set of duplets (one per DOMstring):</p>
-				<code>[top-level-domain, DOMstring]</code>
+			
+			<p>If permission is granted, then the set of duplets (one per target):</p>
+				<code>[top-level-domain, target]</code>
 			<p>is added to the database of remembered grants.</p>  
 
 			<p>
@@ -1562,24 +1560,16 @@
 			NavigatorDoNotTrack'>
 			  <dt>
 				void
-				removeSiteSpecificTrackingException(sequence&lt;DOMString&gt;
-				arrayOfDomainStrings )
+				removeSiteSpecificTrackingException( )
 			  </dt>
 			  <dd>
-				<p>Ensures that the database of remembered grants no longer contains</p>
-				<code>[top-level-domain, DOMstring]</code>
+				<p>Ensures that the database of remembered grants no longer contains any
+				duplets </p>
+				<code>[top-level-domain, target]</code>
 				
-				<p>for all DOMstrings.  This method never fails and there 
-				is no callback. After the call has been made, the indicated 
-				pairs are assured not to be in the database. The same matching 
-				as is used for determining which header to send is used to 
-				detect which entries (if any) to remove from the database.</p>
-
-				<p class="note">Note that establishing [site, *] and then 
-				requesting removal of [site, otherSite] simply leaves [site, *]
-				in the database; the removal request has no effect and does 
-				<strong>not</strong> establish "grant an exception to 
-				everyone except otherSite".</p>
+				<p>for any target.  This method never fails and there 
+				is no callback. After the call has been made, it is assured that there
+				are no site-specific exceptions for the given top-level-domain.</p>
 
 			  </dd>
 			</dl>

Received on Wednesday, 18 July 2012 08:51:44 UTC