CVS WWW/2011/tracking-protection/drafts from CVS User dsinger2 on 2013-04-23 (public-tracking-commit@w3.org from April 2013)

From: CVS User dsinger2 <cvsmail@w3.org>
Date: Tue, 23 Apr 2013 09:23:08 +0000
To: public-tracking-commit@w3.org
Message-Id: <E1UUZRM-0002sN-2W@gil.w3.org>
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv11055

Modified Files:
	tracking-dnt.html 
Log Message:
sync the issues in the document with the database, remove closed issues
and insert a note on using exceptions for consent



--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2013/04/22 23:11:49	1.202
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2013/04/23 09:23:07	1.203
@@ -144,7 +144,7 @@
         is received.
       </p>
       <p class="issue" data-number="136" title="Resolve dependencies of the TPE on the compliance specification">
-        The WG has not come to consensus regarding the definition of tracking
+        [OPEN] The WG has not come to consensus regarding the definition of tracking
         and the scope of DNT.  As such, a site cannot actually say with any
         confidence whether or not it is tracking, let alone describe the finer
         details in a tracking status resource. This issue will be resolved by
@@ -414,7 +414,10 @@
         not apply here; hence, at most one DNT header may be present in a valid 
         HTTP request.
         </p>
+        
+        <p class="issue" data-number="176" title="Requirements on intermediaries/isps and header insertion that might affect tracking">[OPEN]</p>
 
+		<p class="issue" data-number="153" title="What are the implications on software that changes requests but does not necessarily initiate them?">[PENDING REVIEW]</p>
       </section>
 
       <section id='js-dom'>
@@ -1058,7 +1061,8 @@
               / %x72  ; "r" - referral
           </pre>
           <p class="issue" data-number="136" title="Resolve dependencies of the TPE on the compliance specification">
-            The list of qualifiers is intended to match one to one to the permitted uses 
+            [OPEN] The list of qualifiers is intended to match one to one to the 
+            permitted uses 
             identified by [[!TRACKING-COMPLIANCE]], using references to the
             definitions there. The list will then be updated accordingly.
           </p> 
@@ -1216,7 +1220,7 @@
 }
 </pre>
 		  <p class="issue" data-number="164" title="To what extent should the same-party attribute of tracking status resource be required?">
-		  3 Alternatives - text is needed:<br/>
+		  [OPEN] 3 Alternatives - text is needed:<br/>
 		  (A) Current draft: Resource is optional<br/>
 		  (B) Alternative proposal 1: If multiple domains on a page belong to the 
 		  same party, then this fact SHOULD be declared using the 
@@ -1408,10 +1412,10 @@
           so that sites may request and check the status of exceptions for
           tracking.
         </p>
-
-        <p class="issue" data-number="144" title="What constraints on user agents should be imposed for user/granted exceptions">
-          <b>[PENDING REVIEW]</b> but mostly addressed in the proposal here.
+        <p class="note">We envisage that the exceptions may also be usable as 
+          a consent mechanism.
         </p>
+
       </section>
 
       <section id="exceptions-principles" class="informative">
@@ -1549,7 +1553,7 @@
              <strong>targets</strong>.
           </p>
           <p class="issue" data-number="112" title="How are sub-domains handled for site-specific exceptions?">
-            <b>[OPEN]</b> Should a request for a tracking exception
+            <b>[PENDING REVIEW]</b> Should a request for a tracking exception
             apply to all subdomains of the first party making the request? Or
             should a first party explicitly list the subdomains that it's
             asking for? Similarly, should third-party subdomains be allowed
@@ -1604,7 +1608,7 @@
 
 
           <p class="issue" data-number="159" title="How do we allow sites that mash-in ad-supported content to maintain their own trusted third parties?">
-            This model does not support mashed-up content which is in turn
+            [POSTPONED] This model does not support mashed-up content which is in turn
             supported by ads; it's not clear how to distinguish between
             embedded content which is embedding ads (and hence the top-level
             origin stays the same) and embedded content that should start a
@@ -1658,14 +1662,10 @@
             'no' to all exception requests, and a UA that does not implement the 
             calls.
            </p>
-           <p class="issue" data-number="187" title="What is the right approach to exception handling?">
-            <b>[PENDING REVIEW]</b><br/>OLD: Site asks user agent for exception; user 
-            agent asks user and responds (UA is responsible to ensure that 
-            exceptions reflect user preferences)<br/>
-			NEW: Site asks user for their preference and stores this in user 
-			agent. User agent may double-check that this indeed matches preference 
-			but is not obliged to do so.
-           </p>
+           
+           <p class="issue" data-number="167" title="Multiple site exceptions">
+             [PENDING REVIEW] The current assumption is that the best practice is 
+             to use frames.</p>
         </section>
       </section>
 
@@ -2048,7 +2048,7 @@
 		<p class="issue" data-number="168" title="What is the correct way for 
 		sub-services to signal that they are taking advantage of a 
 		transferred exception?">
-		When the status values and qualifiers are fixed, the 
+		[OPEN] When the status values and qualifiers are fixed, the 
 			penultimate paragraph will probably need adjusting to match.  The use of "tl" 
 			(which meant "tracking but only in accordance with local laws" when this text 
 			was written) doesn't seem right, as the text talks, essentially, of
Received on Tuesday, 23 April 2013 09:23:09 UTC