- From: Sullivan, Bryan <BS3131@att.com>
- Date: Thu, 14 Feb 2008 15:09:21 -0800
- To: "BPWG-Public" <public-bpwg@w3.org>
Sean, The mobile specific angle is that the cost of making the user enter information is much higher in the mobile context. I can verify that "X-" headers are used. Their use though is generally proprietary, specific to service provider deployments, and not usually something that the service providers would share except through their internal developer/partner documentation (usually open to any who sign up though). We do add value by clarifying that this is an option that is useful, and that details are provided by the service providers. So if I develop an application that becomes user-awareness-persistent through use of a forwarded "X-" header, I have met the criteria of the recommendation. W3C does not have to say in detail what those are; developers learn it from being part of a community, and the details vary between service providers anyway. Other than these proprietary methods, other standardized methods are in development e.g. in OMA and 3GPP, but not yet available in devices and thus out of scope for BP2. Re cookies, yes there is an assumption here (it will be more explicit in the "how to do it") that cookies are a useful way to manage personalization persistence. But the recommendation is written in generic terms so that various methods of doing it will meet the recommendation. Re staying logged in, it's the same basic objective, to manage statefulness. There again, various methods will work including cookies. Best regards, Bryan Sullivan | AT&T -----Original Message----- From: Sean Owen [mailto:srowen@google.com] Sent: Thursday, February 14, 2008 2:27 PM To: Sullivan, Bryan Cc: BPWG-Public Subject: Re: ACTION-660: Input to BP2, on Personalization On Thu, Feb 14, 2008 at 5:02 PM, Sullivan, Bryan <BS3131@att.com> wrote: > [bryan] These three recommendations address the basic ability to > minimize user effort in personalizing services. They should be easily > testable, at least manually. The methods of implementing the > recommendations will be described. Those based upon standards will be > specifically described. Those based upon standard extensions or even > proprietary methods (e.g. for the first, based upon "x-" headers as > typically used by network proxies) will be mentioned generally (as > types of methods, but not with specifics). Either will suffice for > compliance if they result in the general recommendation being met. We > welcome suggestions for other recommendations in this area. [srowen] My $0.02 on the possible mobile-specific angles here if any are: - Yes, are there "X" headers that people really rely on in practice to identify sessions and users? I think this is actually so. I know we do some awful magic with MSISDN info we get as a surrogate cookie sometimes. I *do* think we should be specific, or else we're not adding much value here. - The problem of not having cookies all the time to personally identify a user (or are we kinda assuming cookie supports? oops, there's the ADC ghost... but don't we need to have assumptions like this to get anywhere?) - The need to stay logged in and avoid re-entering credentials all the time. Hmm, what can we say here?
Received on Thursday, 14 February 2008 23:09:58 UTC