- From: CVS User rfieldin <cvsmail@w3.org>
- Date: Sun, 14 Apr 2013 01:31:02 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv14612
Modified Files:
tracking-dnt.html
Log Message:
(editorial) reformat TSV as sections instead of table so that individual values can be highlighted as options
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/04/14 00:21:03 1.195
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/04/14 01:31:01 1.196
@@ -517,147 +517,31 @@
user to a request-specific tracking status resource applicable to
the current request.
</p>
-
</section>
<section id='tracking-status-value'>
<h3>Tracking Status Value</h3>
- <p>
- A <dfn>tracking status value</dfn> is a short notation for
- communicating how a designated resource conforms to the tracking
- protection protocol, as defined by this document and
- [[!TRACKING-COMPLIANCE]].
- </p>
- <p>
- For a site-wide tracking status resource, the designated resource
- to which the tracking status applies is any resource on the same
- origin server. For a <a>Tk</a> response header field, the
- corresponding request target is the designated resource and
- remains so for any subsequent request-specific tracking status
- resource referred to by that field.
- </p>
- <p>
- All of the tracking status mechanisms use a common format for the
- tracking status value: a single character from a limited set.
- The meaning of each allowed character is defined in the following
- table.
- </p>
- <table class="simple">
- <tr>
- <th>status</th>
- <th>meaning</th>
- </tr>
- <tr><td><dfn>N</dfn></td>
- <td><strong>None</strong>: The designated resource does not
- perform tracking of any kind, not even for a <a>permitted use</a>,
- and does not make use of any data collected from tracking.</td>
- </tr>
- <tr><td><dfn>1</dfn></td>
- <td><strong>First party</strong>: The designated resource is
- designed for use within a first-party context and conforms to
- the requirements on a first party. If the designated resource
- is operated by an outsourced service provider, the service
- provider claims that it conforms to the requirements on a
- third party acting as a first party.</td>
- </tr>
- <tr><td><dfn>3</dfn></td>
- <td><strong>Third party</strong>: The designated resource is
- designed for use within a third-party context and conforms to
- the requirements on a third party.</td>
- </tr>
- <tr><td><dfn>X</dfn></td>
- <td><strong>Dynamic</strong>: The designated resource is
- designed for use in both first and third-party contexts and
- dynamically adjusts tracking status accordingly.
- If <code>X</code> is present in the site-wide tracking status,
- more information MUST be provided via the <a>Tk</a> response
- header field when accessing a designated resource.
- If <code>X</code> is present in the <a>Tk</a> header field,
- more information will be provided in a request-specific
- tracking status resource referred to by the <a>status-id</a>.
- An origin server MUST NOT send <code>X</code> as the
- tracking status value in the representation of a
- request-specific tracking status resource.</td>
- </tr>
- <tr><td><dfn>C</dfn></td>
- <td><strong>Consent</strong>: The designated resource believes
- it has received prior consent for tracking this user, user
- agent, or device, perhaps via some mechanism not defined by
- this specification, and that prior consent overrides the
- tracking preference expressed by this protocol.</td>
- </tr>
- <tr><td><dfn>D</dfn></td>
- <td><strong>Disregarding</strong>: The origin server is unable
- or unwilling to respect a tracking preference received from
- the requesting user agent.
- For example, an origin server might disregard the DNT field
- received from specific user agents (or via specific network
- intermediaries) that are deemed to be non-conforming, might be
- collecting additional data from specific source network
- locations due to prior security incidents, or might be
- compelled to disregard certain DNT requests to comply with a
- local law, regulation, or order. An origin server that sends
- this tracking status value MUST detail within the server's
- corresponding privacy policy the conditions under which a
- tracking preference might be disregarded.
- </tr>
- <tr><td><dfn>U</dfn></td>
- <td><strong>Updated</strong>: The request resulted in a
- potential change to the tracking status applicable to this
- user, user agent, or device. A user agent that relies on a
- cached tracking status SHOULD update the cache entry with
- the current status by making a new request on the applicable
- tracking status resource. An origin server MUST NOT send
- <code>U</code> as a tracking status value anywhere other than
- a <a>Tk</a> header field that is in response to a
- state-changing request.</td>
- </tr>
- <tr><td><dfn>!</dfn></td>
- <td><strong>Non-compliant</strong>: The origin server is unable
- or unwilling to claim that the designated resource conforms to
- the tracking protection protocol, but is providing a tracking
- response for the sake of testing and transparency. This value
- MAY be followed by an additional character in order to
- communicate further information for testing.</td>
- </tr>
- </table>
- <div class="option"><p>
- The <code><a>!</a></code> (non-compliant) tracking status value has
- been provided to ease testing and deployment on production systems
- during the initial periods of testing compliance and during
- adjustment periods due to future protocol changes or shifting
- regulatory constraints. Note that this value does not indicate that
- the DNT signal will be ignored, nor that tracking will occur as a
- result of accessing the designated resource, but rather that the
- site makes no claim to conformance at this time. The purpose of
- the optional <a>testv</a> character is to provide additional
- information for the sake of testing, such as what tracking status
- the server intends to deploy for the designated resource at some
- point in the future, but cannot be relied upon as an indication
- of conformance.
- </p></div>
- <p>
- For the site-wide tracking status and Tk header field, the tracking
- status values <code><a>1</a></code> and <code><a>3</a></code>
- indicate how the designated resource is designed to conform, not
- the nature of the request. Hence, if a user agent is making a
- request in what appears to be a third-party context and the
- tracking status value indicates that the designated resource is
- designed only for first-party conformance, then either the context
- has been misunderstood (both are actually the same party) or the
- resource has been referenced incorrectly. For the request-specific
- tracking status resource, an indication of first or third party as
- the status value describes how the resource conformed to that
- specific request, and thus indicates both the nature of the request
- (as viewed by the origin server) and the applicable set of
- requirements to which the origin server claims to conform.
- </p>
- <p>
- The tracking status value is case sensitive, as defined formally
- by the following ABNF.
- </p>
- <pre class="abnf">
+ <section id='TSV-defn'>
+ <h4>Definition</h4>
+
+ <p>
+ A <dfn>tracking status value</dfn> (TSV) is a short notation for
+ communicating how a designated resource conforms to the tracking
+ protection protocol, as defined by this document and
+ [[!TRACKING-COMPLIANCE]].
+ For a site-wide tracking status resource, the designated resource
+ to which the tracking status applies is any resource on the same
+ origin server. For a <a>Tk</a> response header field, the
+ corresponding request target is the designated resource and
+ remains so for any subsequent request-specific tracking status
+ resource referred to by that field.
+ </p>
+ <p>
+ The tracking status value is case sensitive, as defined formally
+ by the following ABNF.
+ </p>
+ <pre class="abnf">
<dfn>TSV</dfn> = "1" ; "1" — first-party
/ "3" ; "3" — third-party
/ %x43 ; "C" - consent
@@ -668,22 +552,174 @@
/ ( "!" [testv] ) ; "!" - non-compliant
<dfn>testv</dfn> = id-char
- </pre>
+ </pre>
- <p class="issue" data-number="137" title="Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)">
- <b>[PENDING REVIEW]</b> No, in practice there may be dozens of
- service providers on any given request. If the designated resource
- is operated by a service provider acting as a first party, then the
- responsible first party is identified by the
- <code><a>controller</a></code> member or the owner of the origin
- server domain. This satisfies the use case of
- distinguishing between a service provider acting for some other site
- and the same service provider acting on one of its own sites.
- </p>
- <p class="issue" data-number="161" title="Do we need a tracking status value for partial compliance or rejecting DNT?">
- <b>[PENDING REVIEW]</b> See options above for the
- <code><a>!</a></code> and <code><a>D</a></code> tracking status values.
- </p>
+ <p class="issue" data-number="137" title="Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)">
+ <b>[PENDING REVIEW]</b> No, in practice there may be dozens of
+ service providers on any given request. If the designated resource
+ is operated by a service provider acting as a first party, then
+ the responsible first party is identified by the
+ <code><a>controller</a></code> member or the owner of the origin
+ server domain. This satisfies the use case of distinguishing
+ between a service provider acting for some other site and the same
+ service provider acting on one of its own sites.
+ </p>
+ <p class="issue" data-number="161" title="Do we need a tracking status value for partial compliance or rejecting DNT?">
+ <b>[PENDING REVIEW]</b> See options below for the
+ <code><a>!</a></code> and <code><a>D</a></code> tracking status
+ values.
+ </p>
+ </section>
+
+ <section id='TSV-N'>
+ <h4>None (N)</h4>
+ <p>
+ A tracking status value of <dfn>N</dfn> means that the origin
+ server claims that the designated resource does not perform
+ tracking of any kind, not even for a <a>permitted use</a>,
+ and does not make use of any data collected from tracking.
+ </p>
+ </section>
+
+ <section id='TSV-1'>
+ <h4>First Party (1)</h4>
+ <p>
+ A tracking status value of <dfn>1</dfn> means that the origin
+ server claims that the designated resource is designed for use
+ only within a first-party context and conforms to the requirements
+ on a first party.
+ If the designated resource is operated by an outsourced service
+ provider, the service provider claims that it conforms to the
+ requirements on a third party acting as a first party.
+ </p>
+ <p>
+ For the site-wide tracking status and Tk header field, the tracking
+ status values <code>1</code> and <code>3</code>
+ indicate how the designated resource is designed to conform, not
+ the nature of the request. Hence, if a user agent is making a
+ request in what appears to be a third-party context and the
+ tracking status value indicates that the designated resource is
+ designed only for first-party conformance, then either the context
+ has been misunderstood (both are actually the same party) or the
+ resource has been referenced incorrectly.
+ </p>
+ <p>
+ For the request-specific tracking status resource, an indication
+ of first or third party as the status value describes how the
+ resource conformed to that specific request, and thus indicates
+ both the nature of the request (as viewed by the origin server)
+ and the applicable set of requirements to which the origin server
+ claims to conform.
+ </p>
+ </section>
+
+ <section id='TSV-3'>
+ <h4>Third Party (3)</h4>
+ <p>
+ A tracking status value of <dfn>3</dfn> means that the origin
+ server claims that the designated resource is designed for use
+ within a third-party context and conforms to the requirements on a
+ third party.
+ </p>
+ </section>
+
+ <section id='TSV-X'>
+ <h4>Dynamic (X)</h4>
+ <p>
+ A tracking status value of <dfn>X</dfn> means that the origin
+ server claims that the designated resource is designed for use in
+ both first and third-party contexts and dynamically adjusts
+ tracking status accordingly.
+ </p>
+ <p>
+ If <code>X</code> is present in the site-wide tracking status,
+ more information MUST be provided via the <a>Tk</a> response
+ header field when accessing a designated resource.
+ If <code>X</code> is present in the <a>Tk</a> header field,
+ more information will be provided in a request-specific
+ tracking status resource referred to by the <a>status-id</a>.
+ An origin server MUST NOT send <code>X</code> as the
+ tracking status value in the representation of a
+ request-specific tracking status resource.
+ </p>
+ </section>
+
+ <section id='TSV-C'>
+ <h4>Consent (C)</h4>
+ <p>
+ A tracking status value of <dfn>C</dfn> means that the origin
+ server believes it has received prior consent for tracking this
+ user, user agent, or device, perhaps via some mechanism not
+ defined by this specification, and that prior consent overrides
+ the tracking preference expressed by this protocol.
+ </p>
+ </section>
+
+ <section id='TSV-D' class="option">
+ <h4>Disregarding (D)</h4>
+ <p>
+ A tracking status value of <dfn>D</dfn> means that the origin
+ server is unable or unwilling to respect a tracking preference
+ received from the requesting user agent. An origin server that
+ sends this tracking status value MUST detail within the server's
+ corresponding privacy policy the conditions under which a tracking
+ preference might be disregarded.
+ </p>
+ <p>
+ For example, an origin server might disregard the DNT field
+ received from specific user agents (or via specific network
+ intermediaries) that are deemed to be non-conforming, might be
+ collecting additional data from specific source network
+ locations due to prior security incidents, or might be
+ compelled to disregard certain DNT requests to comply with a
+ local law, regulation, or order.
+ </p>
+ </section>
+
+ <section id='TSV-U'>
+ <h4>Updated (U)</h4>
+ <p>
+ A tracking status value of <dfn>U</dfn> means that the request
+ resulted in a potential change to the tracking status applicable
+ to this user, user agent, or device. A user agent that relies on a
+ cached tracking status SHOULD update the cache entry with the
+ current status by making a new request on the applicable tracking
+ status resource.
+ </p>
+ <p>
+ An origin server MUST NOT send <code>U</code> as a tracking status
+ value anywhere other than a <a>Tk</a> header field that is in
+ response to a state-changing request.
+ </p>
+ </section>
+
+ <section id='TSV-!' class="option">
+ <h4>Non-compliant (!)</h4>
+ <p>
+ A tracking status value of <dfn>!</dfn> means that the origin
+ server is unable or unwilling to claim that the designated
+ resource conforms to the tracking protection protocol, but is
+ providing a tracking response for the sake of testing and
+ transparency.
+ </p>
+ <p>
+ The <code>!</code> value has been provided to ease testing and
+ deployment on production systems during the initial periods of
+ testing compliance and during adjustment periods due to future
+ protocol changes or shifting regulatory constraints. Note that
+ this value does not indicate that the DNT signal will be ignored,
+ nor that tracking will occur as a result of accessing the
+ designated resource, but rather that the site makes no claim to
+ conformance at this time.
+ </p>
+ <p>
+ This <code>!</code> value MAY be followed by an optional
+ <a>testv</a> character in order to communicate further information
+ for testing, such as what tracking status the server intends to
+ deploy for the designated resource at some point in the future,
+ but that cannot be relied upon as an indication of conformance.
+ </p>
+ </section>
</section>
<section id='response-header-field'>
Received on Sunday, 14 April 2013 01:31:03 UTC