- From: Roy Fielding via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 07 Aug 2012 07:11:54 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory hutz:/tmp/cvs-serv6134
Modified Files:
tracking-dnt.html
Log Message:
(editorial) remove TABs and trailing whitespace
Index: tracking-dnt.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.142
retrieving revision 1.143
diff -u -d -r1.142 -r1.143
--- tracking-dnt.html 7 Aug 2012 07:06:51 -0000 1.142
+++ tracking-dnt.html 7 Aug 2012 07:11:52 -0000 1.143
@@ -147,7 +147,7 @@
third-party participants when an indication of tracking preference
is received.
</p>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/136">ISSUE-136</a>: Resolve dependencies of the TPE on the compliance specification.<br />
+ <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/136">ISSUE-136</a>: Resolve dependencies of the TPE on the compliance specification.<br />
The WG has not come to consensus regarding the definition of tracking
and the scope of DNT. As such, a site cannot actually say with any
confidence whether or not it is tracking, let alone describe the finer
@@ -155,7 +155,7 @@
progress on the TCS document, though its resolution is a
necessary prerequisite to understanding and correctly implementing
the protocol defined by this document.
- </p>
+ </p>
</section>
<section id='notational'>
@@ -192,17 +192,17 @@
command-line tools, native applications, and mobile apps [[!HTTP11]].
</p>
<p class="note">
- The term <dfn>permitted use</dfn> is used to indicate a restricted set of
- conditions under which tracking is allowed in spite of the user's DNT
- preference.
- The term <dfn>user-granted exception</dfn> is used when the user has
- permitted tracking,
- usually in the form of a site-specific exception, for a given third-party.
- In general:
- permitted uses are additional permissions granted by the standard;
- user-granted exceptions are additional permissions granted by the user.
- These words are often confused when drafting new text.
- </p>
+ The term <dfn>permitted use</dfn> is used to indicate a restricted set of
+ conditions under which tracking is allowed in spite of the user's DNT
+ preference.
+ The term <dfn>user-granted exception</dfn> is used when the user has
+ permitted tracking,
+ usually in the form of a site-specific exception, for a given third-party.
+ In general:
+ permitted uses are additional permissions granted by the standard;
+ user-granted exceptions are additional permissions granted by the user.
+ These words are often confused when drafting new text.
+ </p>
</section>
</section>
@@ -257,8 +257,8 @@
configuration, install an extension or add-on that is specifically
designed to add a tracking preference expression,
or make a choice for privacy that then implicitly includes a
- tracking preference (e.g., <q>Privacy settings: high</q>). The user-agent
- might ask the user for their preference during startup, perhaps on
+ tracking preference (e.g., <q>Privacy settings: high</q>). The user-agent
+ might ask the user for their preference during startup, perhaps on
first use or after an update adds the tracking protection feature. Likewise,
a user might install or configure a proxy to add the expression
to their own outgoing requests.
@@ -282,7 +282,7 @@
<section id='expressing'>
<h2>Expressing a Tracking Preference</h2>
- <section id='expression-format'>
+ <section id='expression-format'>
<h3>Expression Format</h3>
<p>
When a user has <a>enabled</a> a tracking preference, that
@@ -328,8 +328,8 @@
adjust their behavior when no explicit preference is expressed via
this protocol.
</p>
- </section>
-
+ </section>
+
<section id='dnt-header-field'>
<h3>DNT Header Field for HTTP Requests</h3>
@@ -405,22 +405,22 @@
when enabled, designers of future extensions ought to use as few
extension characters as possible.
</p>
- <p class="note">This document does not have any implied or specified
+ <p class="note">This document does not have any implied or specified
behavior for the user-agent treatment of cookies when DNT is enabled.
</p>
</section>
<section id='js-dom'>
<h3>JavaScript API to Detect Preference</h3>
- <section id='js-interface'>
+ <section id='js-interface'>
<h4>Interface</h4>
<p>
The <a>NavigatorDoNotTrack</a> interface provides a means for
the user's tracking preference to be expressed to
web applications running within a page rendered by the user agent.
</p>
- </section>
-
+ </section>
+
<dl class="idl" title='[NoInterfaceObject] interface NavigatorDoNotTrack'>
<dt>readonly attribute DOMString doNotTrack</dt>
<dd>
@@ -487,10 +487,10 @@
protocol in order to avoid receipt of the header is not compliant.
</p>
<div class='note'>
- <p>The last paragraph
- may be more appropriate in the compliance document, as it discusses
- compliance.
- </p>
+ <p>The last paragraph
+ may be more appropriate in the compliance document, as it discusses
+ compliance.
+ </p>
</div>
</section>
</section>
@@ -508,7 +508,7 @@
improve the transparency of tracking behavior by providing a
machine-readable means for discovering claims of compliance and
determining the current tracking status.
- </p>
+ </p>
<p>
Unfortunately, providing a dynamic indication of tracking compliance
on every HTTP response is not feasible, since it would have the
@@ -516,7 +516,7 @@
protocol defines a combination of response mechanisms that allow
the information to be communicated without making every response
dynamic.
- </p>
+ </p>
<p>
This section explains how a user agent MAY discover an origin
server's tracking status for a given resource.
@@ -659,14 +659,14 @@
/ %x58 ; "X" - dynamic
</pre>
- <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/137">ISSUE-137</a>: Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)<br />
- <b>[OPEN]</b> There is significant disagreement over whether a
- service provider acting on behalf of a first party needs to
- indicate such in the tracking status. It is particularly nonsensical
- given that there may be dozens of service providers acting on any
- request and the service provider definition is already limited to
- cases where any data collected is siloed and under control of
- the first party.
+ <p class="issue"><a href="http://www.w3.org/2011/tracking-protection/track/issues/137">ISSUE-137</a>: Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)<br />
+ <b>[OPEN]</b> There is significant disagreement over whether a
+ service provider acting on behalf of a first party needs to
+ indicate such in the tracking status. It is particularly nonsensical
+ given that there may be dozens of service providers acting on any
+ request and the service provider definition is already limited to
+ cases where any data collected is siloed and under control of
+ the first party.
</p>
</section>
@@ -675,7 +675,7 @@
<section id='Tk-header-defn'>
<h4>Definition</h4>
-
+
<p>
The <dfn>Tk</dfn> response header field is hereby defined as an
OPTIONAL means for indicating the tracking status that applied
@@ -711,7 +711,7 @@
<b>[PENDING REVIEW]</b> See the proposal in this section.
</p>
</section>
-
+
<section id='referring-status-id'>
<h4>Referring to a Request-specific Tracking Status Resource</h4>
<p>
@@ -771,13 +771,13 @@
</p>
<pre class="example">Tk: U</pre>
</section>
-
+
</section>
-
+
<section id='status-resource'>
<h3>Tracking Status Resource</h3>
- <section id='site-wide-status-resource'>
+ <section id='site-wide-status-resource'>
<h4>Site-wide Tracking Status</h4>
<p>
An origin server MUST provide a <dfn>site-wide tracking status
@@ -804,7 +804,7 @@
</p>
</section>
- <section id='request-specific-status-resource'>
+ <section id='request-specific-status-resource'>
<h4>Request-specific Tracking Status</h4>
<p>
If an origin server has multiple, request-specific tracking
@@ -1016,7 +1016,7 @@
</p>
</section>
- <section id='status-checks-not-tracked'>
+ <section id='status-checks-not-tracked'>
<h4>Status Checks are Not Tracked</h4>
<p>
When sending a request for the tracking status, a user agent
@@ -1234,29 +1234,29 @@
<li>The solution should not require cross-domain communication
between a first party publisher and its third parties.</li>
</ul>
- <p>When asking for a site-specific exception, the top-level domain making the
- request may be making some implicit or explicit claims as to the actions
- and behavior of its third parties; for this reason, it might want to
- establish exceptions for only those for which it is sure that those
- claims are true. (Consider a site that has some trusted advertisers
+ <p>When asking for a site-specific exception, the top-level domain making the
+ request may be making some implicit or explicit claims as to the actions
+ and behavior of its third parties; for this reason, it might want to
+ establish exceptions for only those for which it is sure that those
+ claims are true. (Consider a site that has some trusted advertisers
and analytics providers, and some mashed-up content from less-trusted sites).
For this reason, there is support both for explicitly named sites, as well
as support for granting an exception to all third-parties on a given
site (site-wide exception, using the conceptual wild-card "*").</p>
-
- <p>There are some cases in which a user may desire a site to be allowed to
- track them on any top-level domain. An API is provided so that the site and
+
+ <p>There are some cases in which a user may desire a site to be allowed to
+ track them on any top-level domain. An API is provided so that the site and
the user may establish such a web-wide exception.</p>
</section>
<section>
<h2>Exception model</h2>
-
+
<section>
<h3>Introduction</h3>
<p>This section describes the effect of the APIs in terms of a logical
- processing model; this model describes the behavior, but should not
+ processing model; this model describes the behavior, but should not
be read as mandating any specific implementation.</p>
<p>This API considers exceptions which are double-keyed to two
domains: the <strong>site</strong>, and the
@@ -1264,11 +1264,11 @@
want AnalytiCo to be allowed to track them on Example News, but not on Example
Medical. To simplify language used in this API specification, we
define three terms:</p>
-
- <ul>
- <li><strong>Top-Level Domain (TLD)</strong> is the domain name
+
+ <ul>
+ <li><strong>Top-Level Domain (TLD)</strong> is the domain name
of the top-level document origin of this DOM: essentially the fully qualified
- domain name in the address bar.</li>
+ domain name in the address bar.</li>
<li>A <strong>target</strong> site is a domain name which is the target
of an HTTP request, and which may be an origin for embedded resources
on <strong>the indicated top-level domain</strong>.</li>
@@ -1276,19 +1276,19 @@
origin of the document that caused that script to be loaded (not
necessarily the same as the origin of the script itself).</li>
</ul>
-
+
<p class="example">
For instance, if the document at
<code>http://web.exnews.com/news/story/2098373.html</code>
references the resources
<code>http://exnews.analytico.net/1x1.gif</code> and
<code>http://widgets.exsocial.org/good-job-button.js</code>,
- <strong>the top-level domain</strong> is <code>web.exnews.com</code>;
+ <strong>the top-level domain</strong> is <code>web.exnews.com</code>;
<code>exnews.analytico.net</code> and
<code>widgets.exsocial.org</code> are both
<strong>targets</strong>.
</p>
-
+
<p class="issue"><a
href="http://www.w3.org/2011/tracking-protection/track/issues/112">ISSUE-112</a>:
How are sub-domains handled for site-specific exceptions?<br />
@@ -1299,35 +1299,35 @@
<br><b>Proposal</b>: Exceptions are requested for fully-qualified
domain names.</p>
<p>The domains that enter into the behavior of the APIs include:</p>
- <ul>
- <li>As described above, the <strong>document origin</strong> active
- at the time of the call, and;</li>
- <li>Domain names passed to the API.</li>
- </ul>
- <p>Domains that enter into the decision over what DNT header
- to be sent in a given HTTP request include:
- <ul>
- <li>The <strong>top-level domain</strong> of the current context;</li>
- <li>The <strong>target</strong> of the HTTP request.</li>
- </ul>
- <p class="note">Note that these strict, machine-discoverable, concepts
- may not match the definitions of first and third party; in particular,
- sites themselves need to determine (and signal) when they get 'promoted'
- to first party by virtue of user interaction; the UA will not change
+ <ul>
+ <li>As described above, the <strong>document origin</strong> active
+ at the time of the call, and;</li>
+ <li>Domain names passed to the API.</li>
+ </ul>
+ <p>Domains that enter into the decision over what DNT header
+ to be sent in a given HTTP request include:
+ <ul>
+ <li>The <strong>top-level domain</strong> of the current context;</li>
+ <li>The <strong>target</strong> of the HTTP request.</li>
+ </ul>
+ <p class="note">Note that these strict, machine-discoverable, concepts
+ may not match the definitions of first and third party; in particular,
+ sites themselves need to determine (and signal) when they get 'promoted'
+ to first party by virtue of user interaction; the UA will not change
the DNT header it sends them.</p>
-
+
<p>The calls cause the following steps to occur:
<ul>
- <li>First, the UA somehow confirms with the user that they agree to
- the grant of exception;</li>
- <li>If they agree, then the UA adds to its local database one or
- more site-pair duplets [document-origin, target]; one or other
- of these may be a wild-card ("*");</li>
- <li>While the user is browsing a given site (top-level domain), and a
- DNT header is to be sent to a target domain, if the duplet [top-level
- domain, target domain] matches any duplet in the database, then a
- DNT:0 header is sent, otherwise DNT:1 is sent.</li>
- </ul>
+ <li>First, the UA somehow confirms with the user that they agree to
+ the grant of exception;</li>
+ <li>If they agree, then the UA adds to its local database one or
+ more site-pair duplets [document-origin, target]; one or other
+ of these may be a wild-card ("*");</li>
+ <li>While the user is browsing a given site (top-level domain), and a
+ DNT header is to be sent to a target domain, if the duplet [top-level
+ domain, target domain] matches any duplet in the database, then a
+ DNT:0 header is sent, otherwise DNT:1 is sent.</li>
+ </ul>
</section>
<section>
@@ -1350,12 +1350,12 @@
</p>
<p class="issue">What is the effect of re-directs, when the source of the
re-direct would get a different DNT header than the target, using these
- matching rules?<br><b>Proposal</b>: The re-direct is not relevant; each
+ matching rules?<br><b>Proposal</b>: The re-direct is not relevant; each
site gets the DNT header controlled by the list of grants.</p>
- <p class="issue">This model does not support mashed-up content
- which is in turn supported by ads; it's not clear how to distinguish
- between embedded content which is embedding ads (and hence the top-level
- domain stays the same) and embedded content that should start
+ <p class="issue">This model does not support mashed-up content
+ which is in turn supported by ads; it's not clear how to distinguish
+ between embedded content which is embedding ads (and hence the top-level
+ domain stays the same) and embedded content that should start
a new context.<br><b>Proposal</b>: For this version of the specification,
we don't address this corner case.</p>
<div class="note">
@@ -1364,25 +1364,25 @@
determine and how and whether to store users' tracking
preferences.
</p>
- <p >When an explicit list of domains is provided
- through the API, their names might mean little to the user. The user
- might, for example, be told that such-and-such top-level domain is
- asking for an exception for a specific set of sites, rather than listing
+ <p >When an explicit list of domains is provided
+ through the API, their names might mean little to the user. The user
+ might, for example, be told that such-and-such top-level domain is
+ asking for an exception for a specific set of sites, rather than listing
them by name; or the user-agent may decide to ask the user for
a site-wide exception, effectively ignoring the list of domain names,
if supplied.</p>
- <p >Conversely, if a wild-card is used, the user may be told
- that the top-level domain is asking for an exception for all third-parties that
- are, or will be, embedded in it.</p>
- <p>User-agents MUST handle each API request as a 'unit',
- granting and maintaining it
- in its entirety, or not at all. That means that a user-agent MUST NOT indicate
- to a site that a request for targets {a, b, c} has been granted, and
- later remove only one or two of {a, b, c} from its logical database of
- remembered grants. This assures sites that the set of sites they need for
- operational integrity is treated as a unit. Each separate call to an API
- is a separate unit.</p>
- </div>
+ <p >Conversely, if a wild-card is used, the user may be told
+ that the top-level domain is asking for an exception for all third-parties that
+ are, or will be, embedded in it.</p>
+ <p>User-agents MUST handle each API request as a 'unit',
+ granting and maintaining it
+ in its entirety, or not at all. That means that a user-agent MUST NOT indicate
+ to a site that a request for targets {a, b, c} has been granted, and
+ later remove only one or two of {a, b, c} from its logical database of
+ remembered grants. This assures sites that the set of sites they need for
+ operational integrity is treated as a unit. Each separate call to an API
+ is a separate unit.</p>
+ </div>
<p class="issue"><a
href="http://www.w3.org/2011/tracking-protection/track/issues/111">ISSUE-111</a>:
@@ -1396,212 +1396,212 @@
to recall a user's past response. Finally, a site may add [self, self]
to the database as part of its request, and it will then get DNT:0.
</p>
-
+
</section>
</section>
<section id="exceptions-javascript-api">
<h2 id="javascript_api_to_prompt_for_exceptions">JavaScript API for
site-specific exceptions</h2>
- <section id="exceptions-javascript-api-rqst">
- <h3>API to request site-specific exceptions</h3>
-
- <dl class="idl" title='[NoInterfaceObject] interface
- NavigatorDoNotTrack'>
- <dt>
- void
- requestSiteSpecificTrackingException(
- in TrackingResponseCallback callback,
- optional sequence<DOMString> arrayOfDomainStrings,
- optional siteName, optional explanationString, optional detailURI)
- </dt>
- <dd>
- Called by a page to request or confirm a user-granted tracking
- exception.
- </dd>
- </dl>
- <dl class="idl" title='[Callback, NoInterfaceObject] interface
- TrackingResponseCallback'>
- <dt>
- void handleEvent(in integer granted)
- </dt>
- <dd>
- The callback is called by the user agent to indicate the user's
- response.
- </dd>
- </dl>
-
- <p>
- The <code>requestSiteSpecificTrackingException</code> method takes
- one mandatory argument:
- </p>
-
- <ul>
- <li>
- <code>callback</code>, a method that will be called when the
- request is complete.
- </li>
- </ul>
- <p>
- It also takes four optional arguments:
- </p>
- <ul>
- <li>
- <code>arrayOfDomainStrings</code>, a JavaScript array of strings,
- </li>
- <li>
- <code>siteName</code>, a user-readable string for the
- name of the top-level domain,
- </li>
- <li>
- <code>explanationString</code>, a short explanation of the
- request, and
- </li>
- <li>
- <code>detailURI</code>, a location at which further information
- about this request can be found.
- </li>
- </ul>
-
- <p>If the request does not include the <code>arrayOfDomainStrings</code>,
- then this request is for a site-wide exception. Otherwise
- each string in <code>arrayOfDomainStrings</code> specifies a
- <strong>target</strong>. When called,
- <code>requestSiteSpecificTrackingException</code> MUST return
- immediately, then asynchronously determine whether the user grants
- the requested exception(s).
- </p>
- <p>If the list <code>arrayOfDomainStrings</code> is supplied, the
- user-agent MAY choose to ask the user to grant a site-wide exception.
- If it does so, and the user agrees, it MUST indicate this in the
- response callback.</p>
-
- <p>The execution of this API and the use of the resulting permission
- (if granted) use the 'implicit' parameter, when the API is called,
- the <strong>document origin</strong>. This forms the first part of the
- duplet in the logical model, and hence in operation will be compared
- with the <strong>top-level domain</strong>.</p>
-
- <p>The <code>granted</code> parameter passed to the callback is the
- user’s response; The response
- <ul>
- <li><code>0</code>
- indicates that user does not grant the exception on
- <strong>top-level domain</strong> for
- the indicated <strong>target</strong>s.</li>
- <li><code>1</code> indicates the user grants an
- exception on <strong>top-level domain</strong> for the specific
- <strong>target</strong>s.</li>
- <li><code>2</code> indicates the user grants a site-wide
- exception on <strong>top-level domain</strong> for all
- <strong>target</strong>s.</li>
- </ul>
- </p>
-
-
- <p>If permission is granted for an explicit list,
- then the set of duplets (one per target):</p>
- <code>[document-origin, target]</code>
- <p>is added to the database of remembered grants.</p>
- <p>If permission is granted for a site-wide exception,
- then the duplets:</p>
- <code>[document-origin, * ]</code>
- <p>is added to the database of remembered grants.</p>
+ <section id="exceptions-javascript-api-rqst">
+ <h3>API to request site-specific exceptions</h3>
- <p>
- A particular response to the API — like a DNT response
- header — is only valid immediately, and users' preferences
- may change.
- </p>
- <p>
- A user agent MAY use an interactive method to ask the user about
- their preferences, so sites SHOULD NOT assume that the callback
- function will be called immediately.
- </p>
+ <dl class="idl" title='[NoInterfaceObject] interface
+ NavigatorDoNotTrack'>
+ <dt>
+ void
+ requestSiteSpecificTrackingException(
+ in TrackingResponseCallback callback,
+ optional sequence<DOMString> arrayOfDomainStrings,
+ optional siteName, optional explanationString, optional detailURI)
+ </dt>
+ <dd>
+ Called by a page to request or confirm a user-granted tracking
+ exception.
+ </dd>
+ </dl>
+ <dl class="idl" title='[Callback, NoInterfaceObject] interface
+ TrackingResponseCallback'>
+ <dt>
+ void handleEvent(in integer granted)
+ </dt>
+ <dd>
+ The callback is called by the user agent to indicate the user's
+ response.
+ </dd>
+ </dl>
+
+ <p>
+ The <code>requestSiteSpecificTrackingException</code> method takes
+ one mandatory argument:
+ </p>
+
+ <ul>
+ <li>
+ <code>callback</code>, a method that will be called when the
+ request is complete.
+ </li>
+ </ul>
+ <p>
+ It also takes four optional arguments:
+ </p>
+ <ul>
+ <li>
+ <code>arrayOfDomainStrings</code>, a JavaScript array of strings,
+ </li>
+ <li>
+ <code>siteName</code>, a user-readable string for the
+ name of the top-level domain,
+ </li>
+ <li>
+ <code>explanationString</code>, a short explanation of the
+ request, and
+ </li>
+ <li>
+ <code>detailURI</code>, a location at which further information
+ about this request can be found.
+ </li>
+ </ul>
+
+ <p>If the request does not include the <code>arrayOfDomainStrings</code>,
+ then this request is for a site-wide exception. Otherwise
+ each string in <code>arrayOfDomainStrings</code> specifies a
+ <strong>target</strong>. When called,
+ <code>requestSiteSpecificTrackingException</code> MUST return
+ immediately, then asynchronously determine whether the user grants
+ the requested exception(s).
+ </p>
+ <p>If the list <code>arrayOfDomainStrings</code> is supplied, the
+ user-agent MAY choose to ask the user to grant a site-wide exception.
+ If it does so, and the user agrees, it MUST indicate this in the
+ response callback.</p>
+
+ <p>The execution of this API and the use of the resulting permission
+ (if granted) use the 'implicit' parameter, when the API is called,
+ the <strong>document origin</strong>. This forms the first part of the
+ duplet in the logical model, and hence in operation will be compared
+ with the <strong>top-level domain</strong>.</p>
+
+ <p>The <code>granted</code> parameter passed to the callback is the
+ user’s response; The response
+ <ul>
+ <li><code>0</code>
+ indicates that user does not grant the exception on
+ <strong>top-level domain</strong> for
+ the indicated <strong>target</strong>s.</li>
+ <li><code>1</code> indicates the user grants an
+ exception on <strong>top-level domain</strong> for the specific
+ <strong>target</strong>s.</li>
+ <li><code>2</code> indicates the user grants a site-wide
+ exception on <strong>top-level domain</strong> for all
+ <strong>target</strong>s.</li>
+ </ul>
+ </p>
+
+
+ <p>If permission is granted for an explicit list,
+ then the set of duplets (one per target):</p>
+ <code>[document-origin, target]</code>
+ <p>is added to the database of remembered grants.</p>
+ <p>If permission is granted for a site-wide exception,
+ then the duplets:</p>
+ <code>[document-origin, * ]</code>
+ <p>is added to the database of remembered grants.</p>
+
+ <p>
+ A particular response to the API — like a DNT response
+ header — is only valid immediately, and users' preferences
+ may change.
+ </p>
+ <p>
+ A user agent MAY use an interactive method to ask the user about
+ their preferences, so sites SHOULD NOT assume that the callback
+ function will be called immediately.
+ </p>
</section>
- <section id="exceptions-javascript-api-cancel">
- <h3>API to cancel a site-specific exception</h3>
- <dl class="idl" title='[NoInterfaceObject] interface
- NavigatorDoNotTrack'>
- <dt>
- void
- removeSiteSpecificTrackingException( )
- </dt>
- <dd>
- <p>Ensures that the database of remembered grants no longer contains any
- duplets for which the first part is the current document origin,
- i.e. no duplets </p>
- <code>[document-origin, target]</code>
-
- <p>for any target. There
- is no callback. After the call has been made, it is assured that there
- are no site-specific or site-wide exceptions for the given
- top-level-domain.</p>
- </dd>
- </dl>
-
+ <section id="exceptions-javascript-api-cancel">
+ <h3>API to cancel a site-specific exception</h3>
+ <dl class="idl" title='[NoInterfaceObject] interface
+ NavigatorDoNotTrack'>
+ <dt>
+ void
+ removeSiteSpecificTrackingException( )
+ </dt>
+ <dd>
+ <p>Ensures that the database of remembered grants no longer contains any
+ duplets for which the first part is the current document origin,
+ i.e. no duplets </p>
+ <code>[document-origin, target]</code>
+
+ <p>for any target. There
+ is no callback. After the call has been made, it is assured that there
+ are no site-specific or site-wide exceptions for the given
+ top-level-domain.</p>
+ </dd>
+ </dl>
+
</section>
</section>
<section id="exceptions-ww-javascript-api">
<h2 id="javascript_api_to_prompt_for_ww_exceptions">JavaScript API for
web-wide exceptions</h2>
- <section id="exceptions-javascript-api-ww-rqst">
- <h3>API to request a web-wide exception</h3>
-
- <dl class="idl" title='[NoInterfaceObject] interface
- NavigatorDoNotTrack'>
- <dt>
- void
- requestWebWideTrackingException(in TrackingResponseCallback callback,
- optional siteName, optional explanationString, optional detailURI)
- </dt>
- <dd>
- <p>If permission is granted, then the single duplet</p>
- <code>[ * , document-origin]</code>
-
- <p>is added to the database of remembered grants.</p>
+ <section id="exceptions-javascript-api-ww-rqst">
+ <h3>API to request a web-wide exception</h3>
- <p>The parameters are as described
- <a href="#javascript_api_to_prompt_for_exceptions">above</a> in the
- request for site-specific exceptions.</p>
+ <dl class="idl" title='[NoInterfaceObject] interface
+ NavigatorDoNotTrack'>
+ <dt>
+ void
+ requestWebWideTrackingException(in TrackingResponseCallback callback,
+ optional siteName, optional explanationString, optional detailURI)
+ </dt>
+ <dd>
+ <p>If permission is granted, then the single duplet</p>
+ <code>[ * , document-origin]</code>
- </dd>
- </dl>
+ <p>is added to the database of remembered grants.</p>
+
+ <p>The parameters are as described
+ <a href="#javascript_api_to_prompt_for_exceptions">above</a> in the
+ request for site-specific exceptions.</p>
+
+ </dd>
+ </dl>
+
+ <p>Users may wish to configure exceptions for a certain trusted
+ tracker across all sites. This API requests the addition of a web-wide
+ grant for a specific site, to the database.</p>
- <p>Users may wish to configure exceptions for a certain trusted
- tracker across all sites. This API requests the addition of a web-wide
- grant for a specific site, to the database.</p>
-
</section>
- <section id="exceptions-javascript-api-ww-cancel">
- <h3>API to cancel a web-wide exception</h3>
-
- <dl class="idl" title='[NoInterfaceObject] interface
- NavigatorDoNotTrack'>
- <dt>
- void
- removeWebWideTrackingException( )
- </dt>
- <dd>
- <p>Ensures that the database of remembered grants no longer
- contains the duplet</p>
- <code>[ * , document-origin]</code>
-
- <p>There
- is no callback. After the call has been made, the indicated
- pair is assured not to be in the database. The same matching
- as is used for determining which header to send is used to
- detect which entry (if any) to remove from the database.</p>
+ <section id="exceptions-javascript-api-ww-cancel">
+ <h3>API to cancel a web-wide exception</h3>
- </dd>
- </dl>
+ <dl class="idl" title='[NoInterfaceObject] interface
+ NavigatorDoNotTrack'>
+ <dt>
+ void
+ removeWebWideTrackingException( )
+ </dt>
+ <dd>
+ <p>Ensures that the database of remembered grants no longer
+ contains the duplet</p>
+ <code>[ * , document-origin]</code>
+
+ <p>There
+ is no callback. After the call has been made, the indicated
+ pair is assured not to be in the database. The same matching
+ as is used for determining which header to send is used to
+ detect which entry (if any) to remove from the database.</p>
+
+ </dd>
+ </dl>
</section>
</section>
-
+
<section class="informative">
<h2>User interface guidelines</h2>
-
+
<p>
User agents are free to implement exception management user
interfaces as they see fit. Some agents might provide a prompt to
@@ -1618,14 +1618,14 @@
<pre class="example">
Example News (<code>web.exnews.com</code>) would like to know
- whether you permit tracking by a specific set of sites (click
+ whether you permit tracking by a specific set of sites (click
here for their names).
-
+
Example News says:
“These sites allow Example News to see how we’re
doing, and provide useful features of the Example News
experience.” [More info]
-
+
[Allow Tracking] [Deny Tracking Request]
</pre>
@@ -1639,7 +1639,7 @@
<p>
The user agent might then store that decision, and answer future
- requests based on this stored preference. A user agent might provide the user
+ requests based on this stored preference. A user agent might provide the user
with an interface to
explicitly remove (or add) user-granted exceptions.
</p>
@@ -1651,7 +1651,7 @@
employs to determine DNT values (or the lack thereof) is out of the
scope of this specification.
</p>
-
+
<p>
In some user-agent implementations, decisions to grant exceptions
may have been made in the past (and since forgotten) or may have
Received on Tuesday, 7 August 2012 07:11:57 UTC