Re: Issue-65: How does logged in and logged out state work -- Draft Proposal from Tom Lowenthal on 2012-01-25 (public-tracking@w3.org from January 2012)

From: Tom Lowenthal <tom@mozilla.com>
Date: Wed, 25 Jan 2012 20:16:43 +0100
To: Sean Harvey <sharvey@google.com>
CC: Andy Zeigler <andyzei@microsoft.com>, "Tracking Protection Working Group WG (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <4F20551B.3000201@mozilla.com>

Wrong thread?

On Wed 25 Jan 2012 08:00:44 PM CET, Sean Harvey wrote:
> In general i'm really excited about the progress on the response header!
> but given that we've just reviewed it this afternoon i do need to get more
> feedback both internally and from publishers in order to ensure that this
> is reasonably implementable. and i believe we need to discuss this as a
> group before any issues are formally closed. it's worth stepping back for a
> moment and making sure we all know what we're signing up for, but this is
> great progress.
>
>
>
>
> On Wed, Jan 25, 2012 at 7:51 PM, Tom Lowenthal <tom@mozilla.com> wrote:
>
>> In that case, let's follow the simplicity principle and avoid
>> extraneous text. I'm closing ISSUE-65 and ACTION-70.
>>
>> On Wed 25 Jan 2012 07:24:49 PM CET, Andy Zeigler wrote:
>>> That would be simpler. Either way is fine with me.
>>>
>>> -----Original Message-----
>>> From: Tom Lowenthal [mailto:tom@mozilla.com]
>>> Sent: Wednesday, January 25, 2012 7:22 PM
>>> To: Andy Zeigler
>>> Cc: Tracking Protection Working Group WG (public-tracking@w3.org)
>>> Subject: Re: Issue-65: How does logged in and logged out state work --
>> Draft Proposal
>>>
>>> ACTION-70 ISSUE-65
>>> Fine, I suppose. I'd rather just not have any text on this topic at all,
>> and let the existing rules work it out.
>>>
>>> On Wed 25 Jan 2012 02:10:04 PM CET, Andy Zeigler wrote:
>>>> I apologize - sent before the cut-and-paste.
>>>>
>>>> Draft text:
>>>>
>>>>                  If a user is logged into a first-party website and it
>> receives a DNT:1 signal, the website MUST respect DNT:1 signal as a first
>> party and SHOULD handle the user login as it normally would. If a user is
>> logged into a third-party website, and the third party receives a DNT:1
>> signal, then it MUST respect the DNT:1 signal unless it falls under an
>> exemption described in section 3.4.
>>>>
>>>> Example use cases:
>>>>
>>>>  - A user with DNT:1 logs into a search service called "Searchy".
>> Searchy also operates advertisements on other websites. When the user is on
>> a news website,  Searchy receives DNT:1, and it must respect it, as Searchy
>> is operating in a third-party context.
>>>>
>>>>  - A user with DNT:1 enabled visits a shopping website and logs in. The
>> shopping website continues to provide recommendations, order history, etc.
>> The shopping site includes third-party advertisements. Those third-parties
>> continue to respect DNT:1. When the user purchases the items in their
>> basket, a third-party financial transaction service is used. The user
>> interacts with the third-party service, at which point it becomes
>> first-party and may use previously collected data.
>>>>
>>>> - A user with DNT:1 visits a website (Website A) that uses a
>> third-party authentication service called "LogMeIn". The user logs into the
>> site with his LogMeIn credentials. The user has interacted with LogMeIn,
>> and now it can act as a first-party. Now the user vists Website B, which
>> also uses the LogMeIn service, but is branded differently than Website A.
>> LogMeIn MUST respect the DNT:1 signal until the user chooses to interact
>> with LogMeIn in order to log into Website B.
>>>>
>>>> From: Andy Zeigler
>>>> Sent: Wednesday, January 25, 2012 2:02 PM
>>>> To: Tracking Protection Working Group WG (public-tracking@w3.org)
>>>> Subject: Issue-65: How does logged in and logged out state work --
>>>> Draft Proposal
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>
>

Received on Wednesday, 25 January 2012 19:17:27 UTC