CVS WWW/2011/tracking-protection/drafts

• From: CVS User rfieldin <cvsmail@w3.org>
• Date: Tue, 01 Apr 2014 08:48:26 +0000
• To: public-tracking-commit@w3.org
• Message-Id: <E1WUuMs-0004tX-7B@gil.w3.org>

Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv18812

Modified Files:
	tracking-dnt.html 
Log Message:
(editorial) target requirements on what must obey them (user agent. proxy, server, origin server) like new HTTP standard

--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2014/04/01 08:07:42	1.258
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2014/04/01 08:48:26	1.259
@@ -485,7 +485,7 @@
 
         </pre>
         <p>
-          The remainder of the <a>DNT</a> field-value, after the initial character,
+          The remainder of the field-value, after the initial character,
           is reserved for future extensions. DNT extensions can only be
           transmitted when a tracking preference is <a>enabled</a>.
         </p>
@@ -497,7 +497,7 @@
           For example, additional characters might indicate modifiers to the
           main preference expressed by the first digit, such that the main
           preference will be understood if the recipient does not understand
-          the extension. Hence, a DNT-field-value of "1xyz" can be thought of
+          the extension. Hence, a field-value of "1xyz" can be thought of
           as <q>do not track, but if you understand the refinements defined by
           x, y, or z, then adjust my preferences according to those
           refinements.</q>
@@ -671,10 +671,10 @@
             user, user agent, or device, perhaps via some mechanism not
             defined by this specification, and that prior consent overrides
             the tracking preference expressed by this protocol.
-            An origin server that sends this tracking status value for a
-            <a>designated resource</a> MUST provide a reference for
-            controlling consent within the <code><a>config</a></code> property of
-            its corresponding tracking status representation
+            An origin server that sends the <code>C</code> tracking status
+            value for a <a>designated resource</a> MUST provide a reference
+            for controlling consent within the <code><a>config</a></code>
+            property of its corresponding tracking status representation
             (<a href="#status-representation" class="sectionRef"></a>).
           </p>
         </section>
@@ -716,9 +716,9 @@
             A tracking status value of <dfn>D</dfn> means that the origin
             server is unable or unwilling to respect a tracking preference
             received from the requesting user agent.  An origin server that
-            sends this tracking status value MUST detail within the server's
-            corresponding privacy policy the conditions under which a tracking
-            preference might be disregarded.
+            sends the <code>D</code> tracking status value MUST detail within
+            the server's corresponding privacy policy the conditions under
+            which a tracking preference might be disregarded.
           </p>
           <p>
             For example, an origin server might disregard the DNT field
@@ -817,8 +817,8 @@
           <pre>/.well-known/dnt/fRx42</pre>
           <p>
             If a Tk field-value has a tracking status value of
-            <code><a>?</a></code> (dynamic), then a
-            <code><a>status-id</a></code> MUST be included in the field-value.
+            <code><a>?</a></code> (dynamic), then the origin server MUST also
+            send a <code><a>status-id</a></code> in the field-value.
             The status-id is case-sensitive.
           </p>
         </section>
@@ -931,15 +931,16 @@
             consent to tracking by that origin server.
           </p>
           <p>
-            All requests on the tracking status resource space, including
-            the site-wide tracking status resource, MUST NOT be tracked,
-            irrespective of the presence, value, or absence of a DNT header
-            field, cookies, or any other information in the request.
-            In addition, all responses to those requests, including the
-            responses to redirected tracking status requests, MUST NOT
-            have Set-Cookie or Set-Cookie2 header fields and
-            MUST NOT have content that initiates tracking beyond what was
-            already present in the request.
+            An origin server MUST NOT retain tracking data regarding requests
+            on the site-wide tracking status resource or within the tracking
+            status resource space, regardless of the presence, absence, or
+            value of a DNT header field, cookies, or any other information in
+            the request.
+            In addition, an origin server MUST NOT send Set-Cookie or
+            Set-Cookie2 header fields in responses to those requests,
+            including the responses to redirected tracking status requests,
+            and MUST NOT send a response having content that initiates
+            tracking beyond what was already present in the request.
             A user agent SHOULD ignore, or treat as an error, any Set-Cookie
             or Set-Cookie2 header field received in such a response.
           </p>
@@ -967,19 +968,17 @@
             corresponding change to the tracking status resource.
           </p>
           <p>
-            If the tracking status is only applicable to all users that have
-            the same <q>DNT-field-value</q>, then the response MUST either be
-            marked with a Vary header field that includes "DNT" in its
-            field-value or marked as not reusable by a shared cache without
-            revalidation with a Cache-Control header field containing one of
-            the following directives: "private", "no-cache", "no-store", or
-            "max-age=0".
+            If the tracking status is only applicable to users that have
+            the same <a>DNT-field-value</a>, the origin server MUST send a
+            Vary header field that includes "DNT" in its field-value or a
+            Cache-Control header field containing one of the following
+            directives: "private", "no-cache", "no-store", or "max-age=0".
           </p>
           <p>
             If the tracking status is only applicable to the specific user
-            that requested it, then the response MUST include a Cache-Control
-            header field containing one of the following directives:
-            "private", "no-cache", or "no-store".
+            that requested it, then the origin server MUST send a
+            Cache-Control header field containing one of the following
+            directives: "private", "no-cache", or "no-store".
           </p>
           <p>
             Regardless of the cache-control settings, it is expected that
@@ -1143,11 +1142,11 @@
             for each data controller.
           </p>
           <p>
-            Each URI reference provided in <code>controller</code>
-            MUST refer to a resource that, if a retrieval action is performed
-            on that URI, would provide the user with information regarding
-            (at a minimum) the identity of the corresponding party and
-            its data collection practices.
+            Each URI reference provided in <code>controller</code> ought to
+            refer to a resource that, if a retrieval action is performed on
+            that URI, would provide the user with information regarding (at a
+            minimum) the identity of the corresponding party and its data
+            collection practices.
           </p>
           <pre class="abnf">
 <dfn>controller</dfn>    = %x22 "controller" %x22

Received on Tuesday, 1 April 2014 08:48:28 UTC