- From: Kevin Smith <kevsmith@adobe.com>
- Date: Wed, 18 Jan 2012 22:41:19 -0800
- To: Nicholas Doty <npdoty@w3.org>, David Singer <singer@apple.com>
- CC: Sid Stamm <sid@mozilla.com>, "Roy T. Fielding" <fielding@gbiv.com>, Shane Wiley <wileys@yahoo-inc.com>, "VINCENT (VINCENT) TOUBIANA" <Vincent.Toubiana@alcatel-lucent.com>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
I want to add, as I did today on the IRC, that the User Agent, in the long term, may not be the most ideal entity to manage exceptions because of the diversity of UAs and devices through which the user may interact with the site. As I said on the IRC, the world is moving towards cloud computing in which device is becoming less important and configuration is expected to follow the user via the cloud (also important to mention Nick's point here that browsers have browsing modes that intentionally mask your usual configuration - that functionality still needs to be available) I think its ok to start with the UA governing the exception process since it roughly follows the cookie model which is the current norm. But I do fear it may have a limited lifetime as I expect the # of devices we use to continue to increase (tvs, cars, who knows, maybe toasters). Tom did mention browser syncing options, and that may extend the lifetime of this model somewhat. But browsers do not have a great history of working together, and with the world moving to more cross browser, cross device and out-of-browser interactions, I am not sure browsers will remain the best choice for long. -----Original Message----- From: Nicholas Doty [mailto:npdoty@w3.org] Sent: Wednesday, January 18, 2012 7:39 PM To: David Singer Cc: Sid Stamm; Roy T. Fielding; Shane Wiley; VINCENT (VINCENT) TOUBIANA; public-tracking@w3.org (public-tracking@w3.org) Subject: Re: ACTION-43: added user-agent-managed site-specific exception proposal to Editor's Draft On Jan 18, 2012, at 4:37 PM, David Singer wrote: > On Jan 6, 2012, at 17:56 , Nicholas Doty wrote: >> >> What would you suggest specifically to replace this text? One possibility: >> "If a user has pre-configured the user agent to accept or reject these permissions, the user agent SHOULD respond with that preference. If no pre-configured preference exists, the user agent MUST provide a user interface prompting the user to choose whether to provide site-specific permissions for the requested origins." > > I think we're designing a protocol between the UA and the server, and what that protocol means and its requirements. UA to user interactions are out of the scope of a MUST statement, I think. I really want to heartily agree and remove any mention of the user interaction at all, but the reason I'm pushing here is that we want sites to be able to rely on this API to negotiate permissions with the user. If sites aren't confident that user agents will reach out to the user in some fashion, they may instead fall back on a diversity of site-by-site schemes to get out-of-band permission from the user to override a DNT preference. Down that road, I fear, lies a situation of poor usability and transparency, where users have a DNT preference set, don't realize it's being overridden and would struggle to re-apply it site-by-site. That is, I recognize the concern and the principle, and I just want to explain the motivation. I'm extremely open to alternatives here. Thanks, Nick
Received on Thursday, 19 January 2012 06:42:07 UTC