- From: CVS User rfieldin <cvsmail@w3.org>
- Date: Fri, 06 Dec 2013 00:24:23 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv19059
Modified Files:
tracking-dnt.html
Log Message:
return to using N/T instead of 0/1 in TSV; note compliance array as an option (still need issue num); remove requirement on clearing UGE when cookies are cleared
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/11/28 03:03:55 1.226
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2013/12/06 00:24:23 1.227
@@ -525,7 +525,7 @@
<p>
A <dfn>tracking status value</dfn> (TSV) is a short notation for
- communicating the tracking behavior for data collected via a
+ communicating the tracking behavior regarding data collected via a
<dfn>designated resource</dfn>.
</p>
<p>
@@ -541,13 +541,14 @@
by the following ABNF.
</p>
<pre class="abnf">
-<dfn>TSV</dfn> = "0" ; "0" — not tracking
- / "1" ; "1" — tracking
- / "?" ; "?" - dynamic
- / %x43 ; "C" - tracking with consent
- / %x44 ; "D" - disregarding DNT
- / %x50 ; "P" - tracking only if consented
- / %x55 ; "U" - updated
+<dfn>TSV</dfn> = %x21 ; "!" - under construction
+ / %x3F ; "?" - dynamic
+ / %x4E ; "N" — not tracking
+ / %x54 ; "T" — tracking
+ / %x43 ; "C" - tracking with consent
+ / %x50 ; "P" - tracking only if consented
+ / %x44 ; "D" - disregarding DNT
+ / %x55 ; "U" - updated
</pre>
<p class="issue" data-number="137" title="Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)">
@@ -560,36 +561,24 @@
between a service provider acting for some other site and the same
service provider acting on one of its own sites.
</p>
- <p class="issue" data-number="161" title="Do we need a tracking status value for partial compliance or rejecting DNT?">
- <b>[PENDING REVIEW]</b> Not for partial compliance, since the
- presence of a tracking status value no longer implies compliance.
- See below for separate discussion of disregarding.
- </p>
</section>
- <section id='TSV-N' class="option">
- <h4>Not Tracking (0)</h4>
+ <section id='TSV-!' class="option">
+ <h4>Under Construction (!)</h4>
<p>
- A tracking status value of <dfn>0</dfn> means the origin server
- claims that data collected via the <a>designated resource</a> is
- not used for tracking and will not be combined with other data in
- a form that would enable tracking.
+ A tracking status value of <dfn>!</dfn> means that the origin
+ server is currently testing its communication of tracking status.
+ The <code>!</code> value has been provided to ease testing and
+ deployment on production systems during the initial periods of
+ testing compliance and during adjustment periods due to future
+ protocol changes or shifting regulatory constraints. Note that
+ this value does necessarily indicate that the DNT signal will be
+ ignored, nor that tracking will occur as a result of accessing the
+ designated resource.
</p>
- <p class="issue" data-number="119" title='Specify "absolutely not tracking"'>
- <b>[OPEN]</b> The <code><a>0</a></code> tracking status
- value replaces the notion of absolutely not tracking.
- </p>
- </section>
-
- <section id='TSV-1'>
- <h4>Tracking (1)</h4>
- <p>
- A tracking status value of <dfn>1</dfn> means the origin server
- might perform or enable tracking using data collected via the
- <a>designated resource</a>. Information provided in the tracking
- status representation might indicate whether such tracking is
- limited to a set of commonly accepted uses or adheres to one or
- more compliance regimes.
+ <p class="issue" data-number="161" title="Do we need a tracking status value for partial compliance or rejecting DNT?">
+ <b>[PENDING REVIEW]</b> The <code><a>!</a></code> tracking status
+ value indicates that tracking status is under construction.
</p>
</section>
@@ -614,6 +603,32 @@
</p>
</section>
+ <section id='TSV-N' class="option">
+ <h4>Not Tracking (N)</h4>
+ <p>
+ A tracking status value of <dfn>N</dfn> means the origin server
+ claims that data collected via the <a>designated resource</a> is
+ not used for tracking and will not be combined with other data in
+ a form that would enable tracking.
+ </p>
+ <p class="issue" data-number="119" title='Specify "absolutely not tracking"'>
+ <b>[OPEN]</b> The <code><a>N</a></code> tracking status
+ value replaces the notion of absolutely not tracking.
+ </p>
+ </section>
+
+ <section id='TSV-1'>
+ <h4>Tracking (T)</h4>
+ <p>
+ A tracking status value of <dfn>T</dfn> means the origin server
+ might perform or enable tracking using data collected via the
+ <a>designated resource</a>. Information provided in the tracking
+ status representation might indicate whether such tracking is
+ limited to a set of commonly accepted uses or adheres to one or
+ more compliance regimes.
+ </p>
+ </section>
+
<section id='TSV-C'>
<h4>Consent (C)</h4>
<p>
@@ -622,13 +637,11 @@
user, user agent, or device, perhaps via some mechanism not
defined by this specification, and that prior consent overrides
the tracking preference expressed by this protocol.
- </p>
- <p>
- If the consent was signaled to the origin server 'out of band',
- that is, by some other mechanism than the receipt of a DNT:0
- header, then the 'edit' member of the well-known-resource MUST
- provide both documentation of how the consent was established and
- documentation of the means to revoke that consent.
+ An origin server that sends this tracking status value for a
+ <a>designated resource</a> MUST provide a reference for
+ controlling consent within the <code><a>edit</a></code> member of
+ its corresponding tracking status representation
+ (<a href="#status-representation" class="sectionRef"></a>).
</p>
<p class="issue" data-number="152" title="User Agent Compliance: feedback for out-of-band consent">
<b>[PENDING REVIEW]</b> Proposal is to not add UA requirements.
@@ -752,7 +765,7 @@
For example, a Tk header field for a resource that claims not to
be tracking would look like:
</p>
- <pre class="example">Tk: 0</pre>
+ <pre class="example">Tk: N</pre>
</section>
<section id='referring-status-id'>
@@ -774,7 +787,7 @@
<p>
For example, a response containing
</p>
- <pre class="example">Tk: 1;fRx42</pre>
+ <pre class="example">Tk: T;fRx42</pre>
<p>
indicates that data collected via the target resource might be
used for tracking and that an applicable tracking status
@@ -898,7 +911,7 @@
</p>
<pre class="example">
{
- "tracking": "1",
+ "tracking": "T",
"compliance": ["https://acme.example.org/tracking101"],
"qualifiers": "afc",
"controller": ["https://www.example.com/privacy"],
@@ -948,8 +961,9 @@
perform tracking.
</p>
<pre class="example">
-{"tracking": "0"}
+{"tracking": "N"}
</pre>
+ <div class="option">
<p>
An origin server MAY send a member named
<code><a>compliance</a></code> with an array value containing
@@ -962,8 +976,9 @@
</p>
<pre class="abnf">
<dfn>compliance</dfn> = %x22 "compliance" %x22
-<dfn>compliance-v</dfn> = array-of-strings
+<dfn>compliance-v</dfn> = array-of-refs
</pre>
+ </div>
<p>
An origin server MAY send a <code><a>status-object</a></code>
member named <code><a>qualifiers</a></code> with a string value
@@ -1013,7 +1028,7 @@
</p>
<pre class="abnf">
<dfn>controller</dfn> = %x22 "controller" %x22
-<dfn>controller-v</dfn> = array-of-strings
+<dfn>controller-v</dfn> = array-of-refs
</pre>
<p>
Since a user's experience on a given site might be composed of
@@ -1039,7 +1054,7 @@
</p>
<pre class="abnf">
<dfn>same-party</dfn> = %x22 "same-party" %x22
-<dfn>same-party-v</dfn> = array-of-strings
+<dfn>same-party-v</dfn> = array-of-refs
</pre>
<p>
An origin server MAY send a member named
@@ -1053,12 +1068,12 @@
</p>
<pre class="abnf">
<dfn>audit</dfn> = %x22 "audit" %x22
-<dfn>audit-v</dfn> = array-of-strings
+<dfn>audit-v</dfn> = array-of-refs
</pre>
<p>
An origin server MAY send a member named
<code><a>policy</a></code> with a string value containing a
- URI-reference to a human-readable document that describes the
+ URI reference to a human-readable document that describes the
relevant privacy policy for the designated resource.
The content of such a policy document is beyond the
scope of this protocol and only supplemental to what is described
@@ -1074,15 +1089,14 @@
<p>
An origin server MAY send a member named
<code><a>edit</a></code> with a string value containing a
- URI-reference to a resource for giving the user control over
+ URI reference to a resource for giving the user control over
personal data collected via the designated resource (and possibly
- other resources);
- an origin server SHOULD send an <code><a>edit</a></code> member
- if the tracking status value indicates prior consent
- (<code><a>C</a></code>).
- If no <code><a>edit</a></code> member is provided, this
- information might be obtained via the links provided in
- <code><a>controller</a></code> or <code><a>policy</a></code>.
+ other resources).
+ If the tracking status value indicates prior consent
+ (<code><a>C</a></code>), the origin server MUST send an
+ <code><a>edit</a></code> member referencing a resource that
+ describes how such consent is established and how to revoke that
+ consent.
</p>
<p>
An edit resource might include the ability to review
@@ -1094,6 +1108,11 @@
how one might implement an out-of-band consent mechanism are
beyond the scope of this protocol.
</p>
+ </p>
+ If no <code><a>edit</a></code> member is provided, this
+ information might be obtained via the links provided in
+ <code><a>controller</a></code> or <code><a>policy</a></code>.
+ </p>
<pre class="abnf">
<dfn>edit</dfn> = %x22 "edit" %x22
<dfn>edit-v</dfn> = string ; URI-reference
@@ -1107,9 +1126,7 @@
<pre class="abnf">
<dfn>extension</dfn> = object
-<dfn>array-of-strings</dfn> = begin-array
- [ string *( vs string ) ]
- end-array
+<dfn>array-of-refs</dfn> = begin-array [ string *( vs string ) ] end-array
<dfn>ns</dfn> = <name-separator (:), as defined in [[!RFC4627]]>
<dfn>vs</dfn> = <value-separator (,), as defined in [[!RFC4627]]>
@@ -1292,13 +1309,13 @@
<a href="#tracking-status-value" class="sectionRef"></a>.
</p>
<p>
- If the tracking status value is <a>0</a>, then the origin server
+ If the tracking status value is <a>N</a>, then the origin server
claims that no tracking is performed for the designated resource
for at least the next 24 hours or until the Cache-Control
information indicates that this response expires.
</p>
<p>
- If the tracking status value is not <a>0</a>, then the origin
+ If the tracking status value is not <a>N</a>, then the origin
server claims that it might track the user agent for requests on
the URI being checked for at least the next 24 hours or until the
Cache-Control information indicates that this response expires.
@@ -2146,12 +2163,7 @@
user fingerprinting and tracking. User agent developers ought to
consider the possibility of fingerprinting during implementation and
might consider rate-limiting requests or using other heuristics to
- mitigate fingerprinting risk. User agents SHOULD NOT clear stored
- user-granted exceptions when the user chooses to clear cookies or
- other client-side state, since the reason cookies are not being
- used for the API is to improve the longevity of grants; however,
- a separate mechanism for clearing all user-granted exceptions is
- advisable as part of the user agent's exception management interface.
+ mitigate fingerprinting risk.
</p>
</section>
</section>
Received on Friday, 6 December 2013 00:24:25 UTC