W3C home > Mailing lists > Public > public-tracking@w3.org > January 2013

Re: Action for ISSUE-112: Sub-domain and cookie-like rules

From: David Singer <singer@apple.com>
Date: Mon, 21 Jan 2013 15:09:59 +0100
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <D82F7C6B-3993-4EC6-9B2D-F903055B03D8@apple.com>
To: Matthias Schunter <mts-std@schunter.org> (Intel Corporation)
yes, I could do the edits to correspond to

http://lists.w3.org/Archives/Public/public-tracking/2013Jan/0001.html

To keep as simple as possible, I would add the following to site-specific exception requests:

interface NavigatorDoNotTrack
 {

    integer storeSiteSpecificTrackingException (optional sequence<DOMString> arrayOfDomainStrings, optional optional siteName, optional optional explanationString, optional optional detailURI);

};

to

interface NavigatorDoNotTrack
 {

    integer storeSiteSpecificTrackingException (optional sequence<DOMString> arrayOfSameParty, optional sequence<DOMString> arrayOfTargets, optional optional siteName, optional optional explanationString, optional optional detailURI);

};

This establishes a site-specific exception for not only the document origin, but also all the sites named in arrayOfSameParty. Those site-names MUST be members of the same-party element of the well-known-resource at the site that is the document origin.

(Consistency checks of the claims of same-party-ness belong with the text on the same-party resource).


and change

While the user is browsing a given site (top-level origin), and a DNT header is to be sent to a target domain, if the duplet [top-level origin, target domain] matches any duplet in the database, then a DNT:0 header is sent, otherwise DNT:1 is sent.

to

While the user is browsing a given site (top-level origin), and a DNT header is to be sent to a target domain, if the duplet [top-level origin, target domain] matches any duplet in the database, then a DNT:0 header is sent, otherwise DNT:1 is sent.  The first part of the duplet (top-level-origin) matches when there is a record in the data of the form <suffix> and top-level-origin has the form <prefix>.<suffix>, or when the duplet in the database has "*" as its first part. The second part of the duplet matches when target-domain exactly matches the second part of a duplet in the database, or when a duplet in the database has "*" as its second part. Duplets match if both parts match.

On Jan 21, 2013, at 14:18 , Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:

> Hi David,
> 
> during our last call, we agreed to pursue cookie-like subdomain handling.
> 
> AFAIR, you volunteered to push ISSUE-112 towards text (with Shane and Aleecia).
> I created a corresponding action for you ;-):
> https://www.w3.org/2011/tracking-protection/track/actions/355
> 
> Is this OK?
> 
> Regards,
> matthias
> 

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Monday, 21 January 2013 14:10:35 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:40 UTC