- From: CVS User rfieldin <cvsmail@w3.org>
- Date: Sat, 13 Apr 2013 08:18:58 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv8580
Modified Files:
tracking-dnt.html
Log Message:
Change the "first-party" member to "controller" so that it can be used
for both first party and third party responses. Oddly, this was never
assigned an action or issue number, though it is related to ISSUE-137.
Change the "control" member name back to "edit" to avoid confusion.
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/04/13 05:51:29 1.190
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/04/13 08:18:57 1.191
@@ -633,11 +633,11 @@
<p>
An origin server that sends <code><a>!</a></code> as a tracking
status value MUST provide, in the corresponding tracking status
- representation, a valid <code><a>first-party</a></code> member; the
+ representation, a valid <code><a>controller</a></code> member; the
origin server MUST also provide <code><a>policy</a></code> and
- <code><a>control</a></code> members if such information is not
- directly obtainable by performing a retrieval action on the
- <code><a>first-party</a></code> resource(s).
+ <code><a>edit</a></code> members if such information is not
+ directly obtainable by performing a retrieval action on each of the
+ <code><a>controller</a></code> links.
</p></div>
<p>
For the site-wide tracking status and Tk header field, the tracking
@@ -675,7 +675,7 @@
service providers on any given request. If the designated resource
is operated by a service provider acting as a first party, then the
responsible first party is identified by the
- <code><a>first-party</a></code> member or the owner of the origin
+ <code><a>controller</a></code> member or the owner of the origin
server domain. This satisfies the use case of
distinguishing between a service provider acting for some other site
and the same service provider acting on one of its own sites.
@@ -850,7 +850,7 @@
the scope of this specification, that have the effect of asking
for and obtaining prior consent for tracking, or for modifying
prior indications of consent. For example, the tracking status
- resource's status-object defines a <code><a>control</a></code>
+ resource's status-object defines an <code><a>edit</a></code>
member that can refer to such a mechanism. Although such
out-of-band mechanisms are not defined by this specification,
their presence might influence the tracking status object's
@@ -952,7 +952,7 @@
<pre class="example">
{
"tracking": "1",
- "first-party": ["https://www.example.com/privacy"],
+ "controller": ["https://www.example.com/privacy"],
"same-party": [
"example.com",
"example_vids.net",
@@ -965,7 +965,7 @@
"http://auditor.example.org/727073"
],
"policy": "/privacy.html#tracking",
- "control": "http://example.com/your/data"
+ "edit": "http://example.com/your/data"
}
</pre>
<p>
@@ -977,16 +977,16 @@
<dfn>status-object</dfn> = begin-object member-list end-object
<dfn>member-list</dfn> = tracking ns tracking-v [tracking-q]
- [ vs first-party ns first-party-v ]
+ [ vs controller ns controller-v ]
[ vs same-party ns same-party-v ]
[ vs third-party ns third-party-v ]
[ vs audit ns audit-v ]
[ vs policy ns policy-v ]
- [ vs control ns control-v ]
+ [ vs edit ns edit-v ]
*( vs extension )
</pre>
<p>
- A <code><a>status-object</a></code> MUST have a member named
+ A <code><a>status-object</a></code> always has a member named
<code><a>tracking</a></code> that contains a single character
tracking status value
(<a href="#tracking-status-value" class="sectionRef"></a>),
@@ -1006,39 +1006,39 @@
</pre>
<p>
An origin server MAY send a member named
- <code><a>first-party</a></code> that has an array value containing
- a list of URI references that indirectly identify the first party
- (or set of parties) that claims to be the responsible data
- controller for personal data collected via the designated resource.
- An origin server that does not send <code><a>first-party</a></code>
- is implying that its domain owner is the sole first party and that
- information about its policies ought to be found on this site's
- root page, or by way of a clearly indicated link from that page
- (i.e., no first-party member is equivalent to:
- <code>"first-party":["/"]</code>).
- <p>
- </p>
- If the designated resource has joint data controllers (i.e.,
- multiple parties have independent control over the collected data
- and claim first party status), as might occur on a co-branded
- site, the origin server MUST send a
- <code><a>first-party</a></code> member that contains references
- specific to each of those first parties.
- Likewise, if the designated resource has a sole first party and
- the origin server's domain is not owned by that first party, the
- origin server MUST send a <code><a>first-party</a></code> member
- that contains a reference specific to that first party.
- <p>
+ <code><a>controller</a></code> with an array value containing
+ a list of URI references indirectly identifying the party or
+ set of parties that claims to be the responsible data controller
+ for personal data collected via the designated resource. An origin
+ server MUST send a <code><a>controller</a></code> member if the
+ responsible data controller does not own the designated resource's
+ domain name.
+ </p>
+ <p>
+ An origin server that does not send <code><a>controller</a></code>
+ is implying that its domain owner is the sole data controller;
+ information about the data controller ought to be found on the
+ designated resource's site root page, or by way of a clearly
+ indicated link from that page (i.e., no controller member is
+ considered equivalent to: <code>"controller":["/"]</code>).
+ </p>
+ <p>
+ If the designated resource has joint data controllers
+ (i.e., multiple parties have independent control over the
+ collected data), the origin server MUST send a
+ <code><a>controller</a></code> member that contains a reference
+ for each data controller.
</p>
- Each URI reference provided in <code><a>first-party</a></code>
+ <p>
+ Each URI reference provided in <code><a>controller</a></code>
MUST refer to a resource that, if a retrieval action is performed
on that URI, would provide the user with information regarding
- (at a minimum) the identity of the corresponding first party and
+ (at a minimum) the identity of the corresponding party and
its data collection practices.
</p>
<pre class="abnf">
-<dfn>first-party</dfn> = %x22 "first-party" %x22
-<dfn>first-party-v</dfn> = array-of-strings
+<dfn>controller</dfn> = %x22 "controller" %x22
+<dfn>controller-v</dfn> = array-of-strings
</pre>
<p>
An OPTIONAL member named <code><a>same-party</a></code> MAY be
@@ -1087,26 +1087,26 @@
in the machine-readable tracking status representation.
If no <code><a>policy</a></code> member is provided, this
information might be obtained via the links provided in
- <code><a>first-party</a></code>.
+ <code><a>controller</a></code>.
</p>
<pre class="abnf">
<dfn>policy</dfn> = %x22 "policy" %x22
<dfn>policy-v</dfn> = string ; URI-reference
</pre>
<p>
- An OPTIONAL member named <code><a>control</a></code> MAY be
+ An OPTIONAL member named <code><a>edit</a></code> MAY be
provided with a string value containing a URI-reference to a
resource for giving the user control over personal data collected
by the designated resource (and possibly other resources);
- a <code><a>control</a></code> member SHOULD be provided if the
+ an <code><a>edit</a></code> member SHOULD be provided if the
tracking status value indicates prior consent
(<code><a>C</a></code>).
- If no <code><a>control</a></code> member is provided, this
+ If no <code><a>edit</a></code> member is provided, this
information might be obtained via the links provided in
- <code><a>first-party</a></code>.
+ <code><a>controller</a></code> or <code><a>policy</a></code>.
</p>
<p>
- Such a control resource might include the ability to review
+ An edit resource might include the ability to review
past data collected, delete some or all of the data, provide
additional data (if desired), or <q>opt-in</q>, <q>opt-out</q>,
or otherwise modify an out-of-band consent status regarding
@@ -1116,8 +1116,8 @@
beyond the scope of this protocol.
</p>
<pre class="abnf">
-<dfn>control</dfn> = %x22 "control" %x22
-<dfn>control-v</dfn> = string ; URI-reference
+<dfn>edit</dfn> = %x22 "edit" %x22
+<dfn>edit-v</dfn> = string ; URI-reference
</pre>
<p>
Additional <code><a>extension</a></code> members MAY be provided
@@ -1154,7 +1154,7 @@
{
"tracking": "3",
"policy": "/privacy.html",
- "control": "/your/data",
+ "edit": "/your/data",
}
</pre>
<p class="issue" data-number="164" title="To what extent should the same-party attribute of tracking status resource be required?">
Received on Saturday, 13 April 2013 08:18:59 UTC