W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Re: Well-known URI vs response headers? [ISSUE-81, ISSUE-47, ISSUE-80]

From: Roy T. Fielding <fielding@gbiv.com>
Date: Thu, 27 Oct 2011 15:17:23 -0700
Cc: public-tracking@w3.org, Matthias Schunter <mts@zurich.ibm.com>
Message-Id: <EA1147BB-3530-4664-AF44-470150673625@gbiv.com>
To: Rigo Wenning <rigo@w3.org>
On Oct 26, 2011, at 2:00 PM, Rigo Wenning wrote:

> Matthias, 
> this makes it too complex (and complicated). I would really suggest we keep it 
> very very simple by just having a header in the response saying whether the 
> site honors DNT. This means the first interaction with the site, a user may 
> set DNT=1 and still be tracked for one page. This is not really an issue. But 
> it avoids going down the path of expanding beyond the HTTP request and running 
> into the wild caching issues we had in P3P.

A well-known location is always simpler than a header field due to the
way that intermediary and browser security policies interfere (rightly so)
with the ability to process new header fields.  Header fields on all
responses are also a problem for shared-hosting sites that do not have
access to the half-dozen different ways that one can configure the
server to send a header field, and it is far easier to teach a content
owner how to place content at a well-known location than it is to teach
them how to configure the Apache server [personal experience].

In all respects, the well-known location solution is simpler,
particularly if (one of) the required format(s) is JSON and the
required content is no more than what we would have required for
the header.  Likewise, optional content (e.g., links to a tracking
policy, opt-in location, same-brand groupings, etc.) can only be
efficiently implemented by a well-known location.

Received on Thursday, 27 October 2011 22:18:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:26 UTC