CVS WWW/2011/tracking-protection/drafts

Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv32504

Modified Files:
	tracking-dnt.html 
Log Message:
tracking-ISSUE-262: Add a TSV of G to indicate that the origin server is a gateway to multiple parties. Note this creates a dependency on a definition of service provider, so I will copy that over in a later patch

--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2014/09/24 00:09:56	1.273
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2014/12/05 00:53:00	1.274
@@ -571,6 +571,7 @@
           <pre class="abnf">
 <dfn>TSV</dfn>    = %x21   ; "!" - under construction
        / %x3F   ; "?" - dynamic
+       / %x47   ; "G" - gateway to multiple parties
        / %x4E   ; "N" — not tracking
        / %x54   ; "T" — tracking
        / %x43   ; "C" - tracking with consent
@@ -609,13 +610,61 @@
             responses to requests on the designated resource.
             If <code>?</code> is present in the <a>Tk</a> header field,
             more information will be provided in a request-specific
-            tracking status resource referred to by the <a>status-id</a>.
+            tracking status resource referred to by the <code><a>status-id</a></code>.
             An origin server MUST NOT send <code>?</code> as the
             tracking status value in the representation of a
             request-specific tracking status resource.
           </p>
         </section>
 
+        <section id='TSV-G'>
+          <h4>Gateway (G)</h4>
+          <p>
+            A tracking status value of <dfn>G</dfn> means the origin server
+            is acting as a gateway to an exchange involving multiple parties.
+            This might occur if a response to the <a>designated resource</a>
+            involves an automated selection process, such as dynamic bidding,
+            that determines which party is able to collect tracking data.
+            Similar to the <code>?</code> value, the <code>G</code> TSV
+            indicates that the actual tracking status is dynamic and will be
+            provided in the response message's <a>Tk</a> header field,
+            presumably using information forwarded from the selected party.
+          </p>
+          <p>
+            This tracking status value is only valid as a site-wide status.
+            An origin server MUST NOT send <code>G</code> as the
+            tracking status value in a <a>Tk</a> header field or within the
+            representation of a request-specific tracking status resource.
+            An origin server MUST NOT send <code>G</code> as the tracking
+            status value if it knows in advance that all of the potential
+            recipients have agreed on a single tracking status value of
+            <code>N</code> (not tracking); in this case, the origin server
+            MUST respond with <code>N</code> instead of <code>G</code>.
+          </p>
+          <p>
+            If <code>G</code> is present in the site-wide tracking status:
+            <ul>
+              <li>the origin server MUST meet the requirements of a
+                service provider for each of the parties to which it
+                provides request data;</li>
+              <li>the origin server MUST send a link within its site-wide
+                tracking status representation to a privacy policy that
+                explains what limitations (if any) are placed on parties that
+                might receive data via that gateway;</li>
+              <li>the origin server MUST forward any expressed tracking
+                preference in the request to each party that receives data
+                from that request;</li>
+              <li>the origin server MUST send a <a>Tk</a> header field in
+                responses to requests on the designated resource and include
+                within that field's value a <code><a>status-id</a></code>
+                specific to the selected party, such that information about
+                the selected party can be obtained via the request-specific
+                tracking status resource (see
+                <a href="#request-specific-status-resource" class="sectionRef"></a>).</li>
+            </ul>
+          </p>
+        </section>
+
         <section id='TSV-N'>
           <h4>Not Tracking (N)</h4>
           <p>
@@ -739,11 +788,12 @@
           <h4>Definition</h4>
 
           <p>
-            The <dfn>Tk</dfn> response header field is hereby defined as an
-            OPTIONAL means for indicating the tracking status that applied
-            to the corresponding request and as a REQUIRED means for
-            indicating that a state-changing request has resulted in an
-            interactive change to the tracking status.
+            The <dfn>Tk</dfn> response header field is a means for indicating
+            the tracking status that applied to the corresponding request.
+            An origin server is REQUIRED to send a <code>Tk</code> header
+            field if its site-wide tracking status value is <a>?</a>
+            (dynamic) or <a>G</a> (gateway), or when an interactive change is
+            made to the tracking status and indicated by <a>U</a> (updated).
           </p>
           <pre class="abnf">
 <dfn>Tk-field-name</dfn>   =  "Tk"
@@ -769,11 +819,12 @@
             If an origin server has multiple, request-specific tracking
             policies, such that the tracking status might differ depending on
             some aspect of the request (e.g., method, target URI, header
-            fields, data, etc.), the origin server MAY provide an additional
+            fields, data, etc.), the origin server can provide an additional
             subtree of well-known resources corresponding to each of those
-            distinct tracking statuses.  The OPTIONAL <a>status-id</a> portion
-            of the <a>Tk</a> field-value indicates which specific tracking
-            status resource applies to the current request.
+            distinct tracking statuses. The <code>status-id</code>
+            portion of the <a>Tk</a> field-value indicates which specific
+            tracking status resource applies to the current request.
+            The <code>status-id</code> is case-sensitive.
           </p>
           <pre class="abnf">
 <dfn>status-id</dfn>       =  1*id-char
@@ -791,10 +842,17 @@
           </p>
           <pre>/.well-known/dnt/fRx42</pre>
           <p>
+            Note that the <code>status-id</code> is resolved relative
+            to the origin server of the current request.  A retrieval request
+            targeting that URI can be redirected, if desired, to some other
+            server.  The <code>status-id</code> has been intentionally limited
+            to a small set of characters to encourage use of short tokens
+            instead of potentially long, human-readable strings.
+          </p>
+          <p>
             If a Tk field-value has a tracking status value of
-            <code><a>?</a></code> (dynamic), then the origin server MUST also
-            send a <code><a>status-id</a></code> in the field-value.
-            The status-id is case-sensitive.
+            <code><a>?</a></code> (dynamic), the origin server MUST
+            send a <code>status-id</code> in the field-value.
           </p>
         </section>
 
@@ -865,12 +923,12 @@
             If an origin server has multiple, request-specific tracking
             policies, such that the tracking status might differ depending on
             some aspect of the request (e.g., method, target URI, header
-            fields, data, etc.), the origin server MAY provide an additional
+            fields, data, etc.), the origin server can provide an additional
             subtree of well-known resources corresponding to each of those
             distinct tracking statuses.  The <a>Tk</a> response header field
             (<a href="#response-header-field" class="sectionRef"></a>) can
-            include a <a>status-id</a> to indicate which specific tracking
-            status resource applies to the current request.
+            include a <code><a>status-id</a></code> to indicate which specific
+            tracking status resource applies to the current request.
           </p>
           <p>
             A <dfn>tracking status resource space</dfn> is defined by the

Received on Friday, 5 December 2014 00:53:02 UTC