Re: Action 13 - Mandatory Server Response

Please provide a concrete use case with an example set of resource requests. Either I'm not seeing the problem, or it seems trivial to solve.

Jonathan

On Oct 10, 2011, at 7:46 PM, "Roy T. Fielding" <fielding@gbiv.com> wrote:

> Note that this would require all responses from that server
> to disable shared caching ("Vary: DNT").  I think that is a non-starter.
> 
> If any DNT response is given, it should be restricted to responses
> that are already intended to be non-cacheable (e.g., custom content
> and advertising placements).
> 
> ....Roy
> 
> On Oct 10, 2011, at 4:25 PM, Tom Lowenthal wrote:
> 
>> Proposal to the W3C Tracking Protection Working Group
>> Authored by Thomas Lowenthal, Mozilla
>> Associated with [Action
>> 13](http://www.w3.org/2011/tracking-protection/track/actions/13)
>> 
>> 
>> When a server receives a request in which the DNT header is present, any
>> response **must** include a header of the form:
>> 
>>> DNT:AB
>> 
>> where:
>> - "A" is the the value of the header that the server received, and
>> - "B" is a statement by the server about how it will act, where:
>>   -"0" represents "will act as if the DNT signal is not present", and
>>   -"1" represents "will act as if the DNT signal is present".
>> 
>> Examples:
>> - A client sends a request with "DNT:1". The server knows that this user
>> has previously agreed to be tracked in exchange for a delicious scone.
>> The server responds with "DNT10", thereby stating that the user has
>> requested not to be tracked, but the server will still track this user.
>> - A client sends a request with "DNT:1". The server responds with
>> "DNT:11", thereby stating that they have received, and will honor the
>> user's request not to be tracked.
>> - A client sends a request with "DNT:0". The server protects the privacy
>> of all users equally, and responds with "DNT:01", thereby stating that
>> the server will not track the user.    
>> 
> 
> 

Received on Monday, 10 October 2011 23:58:00 UTC