- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 27 Oct 2011 15:17:23 -0700
- To: Rigo Wenning <rigo@w3.org>
- Cc: public-tracking@w3.org, Matthias Schunter <mts@zurich.ibm.com>
On Oct 26, 2011, at 2:00 PM, Rigo Wenning wrote: > Matthias, > > this makes it too complex (and complicated). I would really suggest we keep it > very very simple by just having a header in the response saying whether the > site honors DNT. This means the first interaction with the site, a user may > set DNT=1 and still be tracked for one page. This is not really an issue. But > it avoids going down the path of expanding beyond the HTTP request and running > into the wild caching issues we had in P3P. A well-known location is always simpler than a header field due to the way that intermediary and browser security policies interfere (rightly so) with the ability to process new header fields. Header fields on all responses are also a problem for shared-hosting sites that do not have access to the half-dozen different ways that one can configure the server to send a header field, and it is far easier to teach a content owner how to place content at a well-known location than it is to teach them how to configure the Apache server [personal experience]. In all respects, the well-known location solution is simpler, particularly if (one of) the required format(s) is JSON and the required content is no more than what we would have required for the header. Likewise, optional content (e.g., links to a tracking policy, opt-in location, same-brand groupings, etc.) can only be efficiently implemented by a well-known location. ....Roy
Received on Thursday, 27 October 2011 22:18:06 UTC