(unknown charset) Re: Well-known URI vs response headers? [ISSUE-81, ISSUE-47, ISSUE-80] from (unknown charset) Matthias Schunter on 2011-10-27 (public-tracking@w3.org from October 2011)

From: (unknown charset) Matthias Schunter <mts@zurich.ibm.com>
Date: Thu, 27 Oct 2011 09:32:19 +0200
To: (unknown charset) public-tracking@w3.org
Message-ID: <4EA90903.7030606@zurich.ibm.com>

Hi Rigo,


thanks for the input. I agree violently that we aim for simplicity.

Roy (the editor & http guru) and I perceive a well-known URI to be the
simpler option: Once a user has turned on DNT, a simple round-trip to
check this URL to us seemed simpler than adding a response header to
all (many!)  http responses.

I also do not understand the ' P3P caching issues' you mention (am I
getting old ;-): The machine readable statement "I accept DNT" at the
well-known URI should be static and thus easy to cache. The http
responses do not change and thus their caching behavior should not
change either.

Could you clarify the caching issues and explain why you think sending
a http-response-header with every response is the simpler option?


Thanks a lot!

 matthias


On 10/26/2011 11:00 PM, Rigo Wenning wrote:
> Matthias, 
> 
> this makes it too complex (and complicated). I would really suggest we keep it 
> very very simple by just having a header in the response saying whether the 
> site honors DNT. This means the first interaction with the site, a user may 
> set DNT=1 and still be tracked for one page. This is not really an issue. But 
> it avoids going down the path of expanding beyond the HTTP request and running 
> into the wild caching issues we had in P3P.
> 
> Best, 
> 
> Rigo
> 
> On Wednesday 26 October 2011 12:23:24 Matthias Schunter wrote:
>> Hi Karl,
>>
>>
>> thanks for your question.
>>
>> Two use cases as examples (one for headers and one for well-known uri):
>>
>>  A) A site (1st or 3rd party) accepts DNT and will follow
>>     the standards compliance document for all received DNT headers
>>
>> In this case, a well-known URI that says (machine-readable) "I accept
>> and follow DNT" for this site is sufficient.
>>
>>  B) A site accepts and follows DNT for requests to URIs at
>>        [site]/main/*
>>     but does not accept DNT for requests to URIs at
>>        [site]/beacons/*
>>
>> In this case, a well-known URI would not be easily able to provide the
>> right feedback. This may, e.g., be the case for sites that want to say
>> "if I am first party, I follow DNT" while also saying "for my beacons,
>> I do not".
>>
>>
>> Regards,
>>  matthias
>>
>> On 10/22/2011 12:05 AM, Karl Dubost wrote:
>>> Le 12 oct. 2011 � 18:03, Matthias Schunter a �crit :
>>>> In order to get there, I'd like you to give me
>>>>
>>>>  Use cases / scenarios where response headers are needed that
>>>>  
>>>>    cannot easily be implemented with the well-known URI approach
>>>
>>> Could you clarify with a simple example?
> 
> 
> 
> 
> 

-- 
Dr. Matthias Schunter, MBA
IBM Research - Zurich, Switzerland
Ph. +41 (44) 724-8329,  schunter(at)acm.org
PGP 989A A3ED 21A1 9EF2 B005 8374 BE0E E10D
VCard: http://www.schunter.org/schunter.vcf

Received on Thursday, 27 October 2011 07:33:18 UTC