- From: CVS User rfieldin <cvsmail@w3.org>
- Date: Sat, 13 Apr 2013 09:55:43 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv16413
Modified Files:
tracking-dnt.html
Log Message:
Restore the definition of qualifiers as it was agreed in Bellevue.
In particular, the WG rejected their presence in the header field
and limited their use to an optional member field in the tracking
status representation, as summarized by the chair in
<http://www.w3.org/mid/5036702A.3050601@schunter.org>
(note that p is now in the TSV as C).
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/04/13 08:25:36 1.192
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/04/13 09:55:43 1.193
@@ -660,14 +660,14 @@
by the following ABNF.
</p>
<pre class="abnf">
-<dfn>tracking-v</dfn> = "!" ; "!" - non-compliant
- / "1" ; "1" — first-party
- / "3" ; "3" — third-party
- / %x43 ; "C" - consent
- / %x44 ; "D" - disregarding
- / %x4E ; "N" - none
- / %x55 ; "U" - updated
- / %x58 ; "X" - dynamic
+<dfn>TSV</dfn> = "!" ; "!" - non-compliant
+ / "1" ; "1" — first-party
+ / "3" ; "3" — third-party
+ / %x43 ; "C" - consent
+ / %x44 ; "D" - disregarding
+ / %x4E ; "N" - none
+ / %x55 ; "U" - updated
+ / %x58 ; "X" - dynamic
</pre>
<p class="issue" data-number="137" title="Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)">
@@ -686,87 +686,6 @@
</p>
</section>
- <section id='status-qualifier-value'>
- <h3>Tracking Status Qualifier Values</h3>
-
- <p>
- When present, the tracking status qualifier member's value
- consists of a string of characters indicating what permitted
- uses for tracking are being used.
- Multiple qualifiers can be provided.
- </p>
- <p class="issue" data-number="136" title="Resolve dependencies of the
- TPE on the compliance specification">
- The list of qualifiers is intended to match one to one to the permitted uses
- identified by [[!TRACKING-COMPLIANCE]], using references to the
- definitions there. The list will then be updated accordingly.
- </p>
-
- <table class="simple">
- <tr><th>qualifier</th>
- <th>meaning</th>
- </tr>
- <tr><td>a</td>
- <td>Audit: Tracking is limited to that necessary for an
- external audit of the service context and the data
- collected is minimized accordingly.</td>
- </tr>
- <tr><td>c</td>
- <td>Ad frequency capping: Tracking is limited to frequency
- capping and the data collected is minimized accordingly.</td>
- </tr>
- <tr><td>f</td>
- <td>Fraud prevention: Tracking is limited to that necessary
- for preventing or investigating fraudulent behavior and
- security violations; the data collected is minimized
- accordingly.</td>
- </tr>
- <tr><td>l</td>
- <td>Local constraints: Tracking is limited to what is
- required by local law, rule, or regulation and the
- data collected is minimized accordingly.</td>
- </tr>
- <tr><td>r</td>
- <td>Referrals: Tracking is limited to collecting referral
- information and the data collected is minimized
- accordingly.</td>
- </tr>
- </table>
- <p>
- Qualifiers that indicate limitations on tracking correspond to
- the specific permitted uses in [[!TRACKING-COMPLIANCE]]. An
- origin server indicating one or more of those permitted uses
- also indicates that it conforms to the requirements associated
- with those permitted uses. Multiple limitation qualifiers mean
- that multiple permitted uses of tracking might be present and
- that each such use conforms to the associated requirements.
- All limitation qualifiers imply some form of tracking might
- be used and thus MUST NOT be provided with a tracking status
- value of <code>N</code> (not tracking).
- </p>
- <p>
- Future extensions to this protocol might define additional
- characters as qualifiers from the
- <code><a>ext-qualifier</a></code> set (consisting of the
- remaining unused lowercase letters, dot, dash, and underscore).
- Recipients SHOULD ignore extension qualifiers that they do not
- understand.
- </p>
- <p>
- The tracking qualifier value is case sensitive, as defined formally
- by the following ABNF.
- </p>
- <pre class="abnf">
- <dfn>tracking-q</dfn> = tracking-q-v*
- <dfn>tracking-q-v</dfn> = %x61 ; "a" - audit
- / %x63 ; "c" — capping
- / %x66 ; "f" - fraud
- / %x6C ; "l" - local
- / %x72 ; "r" - referral
- </pre>
-
- </section>
-
<section id='response-header-field'>
<h3>Tk Header Field for HTTP Responses</h3>
@@ -782,14 +701,12 @@
</p>
<pre class="abnf">
<dfn>Tk-field-name</dfn> = "Tk" ; case-insensitive
-<dfn>Tk-field-value</dfn> = tracking-v [tracking-q] [ ";" status-id ]
+<dfn>Tk-field-value</dfn> = TSV [ ";" status-id ]
</pre>
<p>
The Tk field-value begins with a tracking status value
(<a href="#tracking-status-value" class="sectionRef"></a>),
- optionally followed by one or more tracking qualifiers
- (<a href="#status-qualifier-value" class="sectionRef"></a>), and then
- optionally a semicolon and a <code>status-id</code>
+ optionally followed by a semicolon and a <code>status-id</code>
that refers to a request-specific tracking status resource
(<a href="#referring-status-id" class="sectionRef"></a>).
</p>
@@ -798,15 +715,6 @@
be tracking would look like:
</p>
<pre class="example">Tk: N</pre>
- <p>
- whereas a <a>Tk</a> header field for a resource that might perform
- tracking (though not necessarily for every request) and conforms
- to the third-party requirements of [[!TRACKING-COMPLIANCE]], while
- claiming the audit exception, would
- look like:
- </p>
- <pre class="example">Tk: 3a</pre>
-
</section>
<section id='referring-status-id'>
@@ -952,6 +860,7 @@
<pre class="example">
{
"tracking": "1",
+ "qualifiers": "afc",
"controller": ["https://www.example.com/privacy"],
"same-party": [
"example.com",
@@ -976,7 +885,8 @@
<pre class="abnf">
<dfn>status-object</dfn> = begin-object member-list end-object
-<dfn>member-list</dfn> = tracking ns tracking-v [tracking-q]
+<dfn>member-list</dfn> = tracking ns tracking-v
+ [ vs qualifiers ns qualifiers-v ]
[ vs controller ns controller-v ]
[ vs same-party ns same-party-v ]
[ vs third-party ns third-party-v ]
@@ -987,14 +897,13 @@
</pre>
<p>
A <code><a>status-object</a></code> always has a member named
- <code><a>tracking</a></code> that contains a single character
- tracking status value
- (<a href="#tracking-status-value" class="sectionRef"></a>),
- optionally followed by one or more tracking qualifiers
- (<a href="#status-qualifier-value" class="sectionRef"></a>) .
+ <code><a>tracking</a></code> with a string value that contains a
+ single character tracking status value
+ (<a href="#tracking-status-value" class="sectionRef"></a>).
</p>
<pre class="abnf">
<dfn>tracking</dfn> = %x22 "tracking" %x22
+<dfn>tracking-v</dfn> = %x22 TSV %x22
</pre>
<p>
For example, the following demonstrates a minimal tracking status
@@ -1005,6 +914,66 @@
{"tracking": "N"}
</pre>
<p>
+ An origin server MAY send a <code><a>status-object</a></code>
+ member named <code><a>qualifiers</a></code> with a string value
+ containing a sequence of case sensitive characters corresponding
+ to each of the permitted uses (as defined in
+ [[!TRACKING-COMPLIANCE]]) that might be in use for the designated
+ resource. The purpose of this field is to provide additional
+ transparency where desired.
+ </p>
+ <table class="simple">
+ <tr><th>qualifier</th>
+ <th>meaning</th>
+ </tr>
+ <tr><td>a</td>
+ <td>Audit: Tracking is limited to that necessary for an
+ external audit of the service context and the data
+ collected is minimized accordingly.</td>
+ </tr>
+ <tr><td>c</td>
+ <td>Ad frequency capping: Tracking is limited to frequency
+ capping and the data collected is minimized accordingly.</td>
+ </tr>
+ <tr><td>f</td>
+ <td>Fraud prevention: Tracking is limited to that necessary
+ for preventing or investigating fraudulent behavior and
+ security violations; the data collected is minimized
+ accordingly.</td>
+ </tr>
+ <tr><td>l</td>
+ <td>Local constraints: Tracking is limited to what is
+ required by local law, rule, or regulation and the
+ data collected is minimized accordingly.</td>
+ </tr>
+ <tr><td>r</td>
+ <td>Referrals: Tracking is limited to collecting referral
+ information and the data collected is minimized
+ accordingly.</td>
+ </tr>
+ </table>
+ <p>
+ Multiple qualifiers mean that multiple permitted uses of tracking
+ might be present and that each such use conforms to the associated
+ requirements. All qualifiers imply some form of tracking might be
+ used and thus MUST NOT be provided with a tracking status value of
+ <code>N</code> (not tracking).
+ </p>
+ <pre class="abnf">
+<dfn>qualifiers</dfn> = %x22 "qualifiers" %x22
+<dfn>qualifiers-v</dfn> = %x22 0*5qualifier %x22
+<dfn>qualifier</dfn> = %x61 ; "a" - audit
+ / %x63 ; "c" - capping
+ / %x66 ; "f" - fraud
+ / %x6C ; "l" - local
+ / %x72 ; "r" - referral
+ </pre>
+ <p class="issue" data-number="136" title="Resolve dependencies of the TPE on the compliance specification">
+ The list of qualifiers is intended to match one to one to the permitted uses
+ identified by [[!TRACKING-COMPLIANCE]], using references to the
+ definitions there. The list will then be updated accordingly.
+ </p>
+ <p>
An origin server MAY send a member named
<code><a>controller</a></code> with an array value containing
a list of URI references indirectly identifying the party or
Received on Saturday, 13 April 2013 09:55:44 UTC