- From: David Singer via cvs-syncmail <cvsmail@w3.org>
- Date: Wed, 01 Aug 2012 22:01:00 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv21395
Modified Files:
tracking-dnt.html
Log Message:
Edits to exception API to make the cross-site scripting restriction correct,
and clarify terminology and behavior.
Index: tracking-dnt.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.128
retrieving revision 1.129
diff -u -d -r1.128 -r1.129
--- tracking-dnt.html 30 Jul 2012 23:42:26 -0000 1.128
+++ tracking-dnt.html 1 Aug 2012 22:00:58 -0000 1.129
@@ -1368,7 +1368,7 @@
<strong>target</strong>. A user might — for instance —
want AnalytiCo to be allowed to track them on Example News, but not on Example
Medical. To simplify language used in this API specification, we
- define two terms:</p>
+ define three terms:</p>
<ul>
<li><strong>Top-Level Domain (TLD)</strong> is the domain name
@@ -1377,6 +1377,9 @@
<li>A <strong>target</strong> site is a domain name which is the target
of an HTTP request, and which may be an origin for embedded resources
on <strong>the indicated top-level domain</strong>.</li>
+ <li>The <strong>document origin</strong> of a script is the domain of
+ origin of the document that caused that script to be loaded (not
+ necessarily the same as the origin of the script itself).</li>
</ul>
<p class="example">
@@ -1402,10 +1405,16 @@
domain names.</p>
<p>The domains that enter into the behavior of the APIs include:</p>
<ul>
- <li>As described above, the <strong>Top-Level Domain (TLD)</strong> active
+ <li>As described above, the <strong>document origin</strong> active
at the time of the call, and;</li>
<li>Domain names passed to the API.</li>
</ul>
+ <p>Domains that enter into the decision over what DNT header
+ to be sent in a given HTTP request include:
+ <ul>
+ <li>The <strong>top-level domain</strong> of the current context;</li>
+ <li>The <strong>target</strong> of the HTTP request.</li>
+ </ul>
<p class="note">Note that these strict, machine-discoverable, concepts
may not match the definitions of first and third party; in particular,
sites themselves need to determine (and signal) when they get 'promoted'
@@ -1417,9 +1426,9 @@
<li>First, the UA somehow confirms with the user that they agree to
the grant of exception;</li>
<li>If they agree, then the UA adds to its local database one or
- more site-pair duplets [top-level-domain, other-domain]; one or other
+ more site-pair duplets [document-origin, target]; one or other
of these may be a wild-card ("*");</li>
- <li>While the user is browsing a given site [top-level domain], and a
+ <li>While the user is browsing a given site (top-level domain), and a
DNT header is to be sent to a target domain, if the duplet [top-level
domain, target domain] matches any duplet in the database, then a
DNT:0 header is sent, otherwise DNT:1 is sent.</li>
@@ -1429,7 +1438,7 @@
<section>
<h3>Exception use by browsers</h3>
<p>
- If a user wishes to allow tracking by a <strong>target</strong> on the
+ If a user agrees to allow tracking by a <strong>target</strong> on the
<strong>top-level domain</strong>, this should result in two user-agent
behaviors:
<ol>
@@ -1448,6 +1457,12 @@
re-direct would get a different DNT header than the target, using these
matching rules?<br><b>Proposal</b>: The re-direct is not relevant; each
site gets the DNT header controlled by the list of grants.</p>
+ <p class="issue">This model does not support mashed-up content
+ which is in turn supported by ads; it's not clear how to distinguish
+ between embedded content which is embedding ads (and hence the top-level
+ domain stays the same) and embedded content that should start
+ a new context.<br><b>Proposal</b>: For this version of the specification,
+ we don't address this corner case.</p>
<div class="note">
<p >
It is left up to individual user-agent implementations how to
@@ -1464,11 +1479,14 @@
<p >Conversely, if a wild-card is used, the user may be told
that the top-level domain is asking for an exception for all third-parties that
are, or will be, embedded in it.</p>
- <p>User-agents MUST handle each request as a 'unit', granting and maintaining it
+ <p>User-agents MUST handle each API request as a 'unit',
+ granting and maintaining it
in its entirety, or not at all. That means that a user-agent MUST NOT indicate
to a site that a request for targets {a, b, c} has been granted, and
later remove only one or two of {a, b, c} from its logical database of
- remembered grants.</p>
+ remembered grants. This assures sites that the set of sites they need for
+ operational integrity is treated as a unit. Each separate call to an API
+ is a separate unit.</p>
</div>
<p class="issue"><a
@@ -1564,7 +1582,9 @@
<p>The execution of this API and the use of the resulting permission
(if granted) use the 'implicit' parameter, when the API is called,
- the domain of the top-level site.</p>
+ the <strong>document origin</strong>. This forms the first part of the
+ duplet in the logical model, and hence in operation will be compared
+ with the <strong>top-level domain</strong>.</p>
<p>The <code>granted</code> parameter passed to the callback is the
user’s response; The response
@@ -1585,11 +1605,11 @@
<p>If permission is granted for an explicit list,
then the set of duplets (one per target):</p>
- <code>[top-level-domain, target]</code>
+ <code>[document-origin, target]</code>
<p>is added to the database of remembered grants.</p>
<p>If permission is granted for a site-wide exception,
then the duplets:</p>
- <code>[top-level-domain, * ]</code>
+ <code>[document-origin, * ]</code>
<p>is added to the database of remembered grants.</p>
<p>
@@ -1613,11 +1633,11 @@
</dt>
<dd>
<p>Ensures that the database of remembered grants no longer contains any
- duplets for which the first part is the current top-level domain,
+ duplets for which the first part is the current document origin,
i.e. no duplets </p>
- <code>[top-level-domain, target]</code>
+ <code>[document-origin, target]</code>
- <p>for any target. This method never fails and there
+ <p>for any target. There
is no callback. After the call has been made, it is assured that there
are no site-specific or site-wide exceptions for the given
top-level-domain.</p>
@@ -1645,7 +1665,7 @@
</dt>
<dd>
<p>If permission is granted, then the single duplet</p>
- <code>[ * , top-level-domain]</code>
+ <code>[ * , document-origin]</code>
<p>is added to the database of remembered grants.</p>
@@ -1671,10 +1691,11 @@
removeWebWideTrackingException( )
</dt>
<dd>
- <p>Ensures that the database of remembered grants no longer contains</p>
- <code>[ * , top-level-domain]</code>
+ <p>Ensures that the database of remembered grants no longer
+ contains the duplet</p>
+ <code>[ * , document-origin]</code>
- <p>This method never fails and there
+ <p>There
is no callback. After the call has been made, the indicated
pair is assured not to be in the database. The same matching
as is used for determining which header to send is used to
Received on Wednesday, 1 August 2012 22:01:01 UTC