- From: Peter Eckersley <peter.eckersley@gmail.com>
- Date: Mon, 28 Nov 2011 13:38:47 -0800
- To: Kevin Smith <kevsmith@adobe.com>
- Cc: "public-tracking@w3.org" <public-tracking@w3.org>
- Message-ID: <CAOYJvnJqbyjUTuJfJE+1FyREiWHczTRfratwyDqwhDjVj8JyHA@mail.gmail.com>
Picking up this thread again... On 15 November 2011 13:16, Kevin Smith <kevsmith@adobe.com> wrote: > Peter, > > Sorry. I missed the URI parameter somehow and read it as an additional > header. A URI parameter could work, although I actually think this could > be quite complicated since many requests go through multiple services and > multiple redirects and the request to the final service likely does not > even resemble the original request. The parameter would have to be passed > on. This makes sense to me, and I would be happy to amend the proposed language to say that passing on the parameter is permitted. > Cookies would actually have similar challenges, but at least then the > communication only needs to happen once - not on every request. Of course, > that does expose the solution to the usual cookie disadvantages, but if the > 1st party is storing the exception in a cookie (which is a very likely > scenario) then those disadvantages already exist. > My guess is it will be more common for 1st parties to store the exception in association with accounts rather than specific cookies, though clearly the cookie-only case is possible. > Practically speaking, I do not think we should attempt to enforce a > particular methodology, but should allow the participants to choose the > method that works best for them (could even be out-of-band visitor id > syncing). Of course, we can still suggest different methods such as these > in the docs. > >From a web developer's point of view, using MUST in a proposal like this has the benefit of standardization: it means that 1st and 3rd party opt-back-in code is more likely to be compatible even when the relationship between the 1st and 3rd party is very casual (eg, the 1st party just turned on a plugin in their CMS, pasted some JS into a page, etc). Of course there are different benefits in terms of transparency for users who want to be able to see what domains regard them as having opted-back-in to tracking. -- Peter
Received on Monday, 28 November 2011 21:39:15 UTC