- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 1 Jun 2012 14:35:39 -0700
- To: Rigo Wenning <rigo@w3.org>
- Cc: public-tracking@w3.org
On Jun 1, 2012, at 1:44 PM, Rigo Wenning wrote: > On Tuesday 29 May 2012 18:23:19 Roy T. Fielding wrote: >> No, in all respects. I know how the W3C site works. There are only >> two policies---public and ACL---and they can be wrapped into one >> tracking policy if we define authentication as overriding DNT. > > Ok, we have 2 options, but how do you tell to which of the 55000 URIs the > tracking status applies to? I don't have to -- the one tracking status applies to all of them. > How do you deal with dynamic content? It applies to all of them -- there is no dynamic/static distinction in HTTP. > Don't tell > me that you just declare: ACL is this and non ACL is that and let the user > in the dark on what state he is "currently" in? (This site is a mine field, > there are places where you are secure and others where you aren't. But we > won't tell you which is which) The browser knows what parts it is sending a credential to and what parts it is not, and it is hardly relevant what the user's opinion is on tracking for an authenticated resource that is always tracking by its very nature. > In this case, we just need a simple > declaration for the entire web: Either you are tracked our you aren't. Done. If W3C owned the entire web, yes. > For the entire web. Nice! Could be hardwired in the browser. No need for a > well-known location anymore because you could always know in advance that > you're either tracked; or not. What does that buy us compared to the status > quo? Rigo, you are not in a debating class, nor in a courtroom, nor talking to someone who isn't familiar with the technology. So, I would appreciate it a little less drama. ....Roy
Received on Friday, 1 June 2012 21:35:53 UTC