- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 13 Feb 2012 01:29:25 -0800
- To: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
ISSUE-78: Fix the definitions of DNT 0 and 1 as we discussed a while
back but kept forgetting to do because there was no AI.
Update the abstract and intro to reflect text added for ACTION-115.
[Below is a patch file -- lines beginning with "-" have been modified and
replaced by the lines beginning with "+".]
Index: tracking-dnt.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- tracking-dnt.html 13 Feb 2012 08:05:59 -0000 1.67
+++ tracking-dnt.html 13 Feb 2012 09:21:27 -0000 1.68
@@ -38,10 +38,9 @@
HTTP, via an HTML DOM property readable by embedded scripts, and via
properties accessible to various user agent plug-in or extension APIs.
It also defines mechanisms for sites to signal whether and how they
- honor this preference, both in the form of a machine-readable policy
- at a well-known location for first-party sites and a <q>Tracking</q>
- response header field for third-party resources that engage in
- tracking, and a mechanism for allowing the user to approve
+ honor this preference, both in the form of a machine-readable tracking
+ status resource at a well-known location and via a <q>Tk</q>
+ response header field, and a mechanism for allowing the user to approve
site-specific exceptions to DNT as desired.
</p>
</section>
@@ -163,11 +162,10 @@
<p>
This specification defines the HTTP request header field <a>DNT</a> for
expressing a tracking preference on the Web, a well-known location
- (URI) for providing a machine-readable site-wide policy regarding DNT
- compliance, and the HTTP response header field <a>Tracking</a> for
- third-party resources engaged in dynamic tracking behavior to
- communicate their compliance or non-compliance with the user's
- expressed preference.
+ (URI) for providing a machine-readable <a>tracking status resource</a>
+ that describes a service's DNT compliance, and the HTTP response
+ header field <a>Tk</a> for resources to communicate their compliance
+ or non-compliance with the user's expressed preference.
</p>
<p>
A companion document, <q><a href="tracking-compliance.html">Tracking
@@ -281,20 +279,16 @@
activated for various media types.
</p>
<p>
- The preference is expressed as either:
+ When <a>enabled</a>, a tracking preference is expressed as either:
<table class="simple" width="80%" align="center">
<tr><th>DNT</th>
<th>meaning</th>
</tr>
<tr><td align="middle">1</td>
- <td>Do not track me across differently-branded sites and
- do not use previously tracked/obtained behavioral data from
- other sites to personalize a response.</td>
+ <td>This user prefers not to be tracked on the target site.</td>
</tr>
<tr><td align="middle">0</td>
- <td>Use of tracking and personalization has been
- specifically permitted for this site, as described in
- <a href='#exceptions' class='sectionRef'></a>.<td>
+ <td>This user prefers to allow tracking on the target site.<td>
</tr>
</table>
</p>
@@ -303,14 +297,12 @@
preference is expressed by this protocol. This means that no
expression is sent for each of the following cases:
<ul>
- <li>the user agent does not implement this protocol;</li>
+ <li>the user agent does not implement this protocol; or</li>
<li>the user agent does implement the protocol but the user has
- not yet enabled a preference; or,</li>
- <li>the user's preference is that DNT be <a>not enabled</a> for
- all sites.</li>
+ not yet enabled a preference.</li>
</ul>
- In the absence of regulatory, legal, or other requirements, servers
- MAY interpret the lack of an expressed tracking preference
+ In the absence of regulatory, legal, or other requirements,
+ servers MAY interpret the lack of an expressed tracking preference
as they find most appropriate for the given user, particularly when
considered in light of the user's privacy expectations and cultural
circumstances. Likewise, servers might make use of other preference
@@ -320,13 +312,8 @@
this protocol.
</p>
<p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/78">ISSUE-78</a>: What is the difference between absence of DNT header and DNT = 0?<br />
- <strong>[OPEN]</strong>
- Proposed text above and in 4.1 below defines that a "0" is only
- sent when a tracking preference is enabled and some
- mechanism known to the user agent has specifically made an exception
- for this origin server. If a tracking preference is not enabled or
- not implemented, no DNT header field is sent. This text will change
- soon.
+ <strong>[PENDING REVIEW]</strong>
+ Proposed text above.
</p>
<section id='dnt-header-field'>
@@ -348,13 +335,17 @@
</pre>
<p>
The DNT field-value sent by a user agent MUST begin with the
- character "1" (%x31) if a tracking preference is
- <a>enabled</a> and there is not, to the user agent's knowledge, a
- specific exception for the origin server targeted by this request.
- If a tracking preference is <a>enabled</a> and there is
- a specific exception for the target origin server via some mechanism
- understood by the user agent, then the DNT field-value sent by the
- user agent MUST begin with the character "0" (%x30).
+ numeric character "1" (%x31) if a tracking preference is
+ <a>enabled</a>, the preference is for no tracking, and
+ there is not a site-specific exception for the origin server
+ targeted by this request.
+ </p>
+ </p>
+ The DNT field-value sent by a user agent MUST begin with the
+ numeric character "0" (%x30) if a tracking preference is
+ <a>enabled</a> and the preference is to allow tracking in general
+ or by specific exception for the origin server targeted by this
+ request.
</p>
<pre class="example">
GET /something/here HTTP/1.1
@@ -362,15 +353,21 @@
DNT: 1
</pre>
- <!-- The following two paras assume response header fields are
- the only mechanism for responding to the preference. -->
<p>
- An origin server that receives a request containing a DNT
- field-value starting with "1" MUST conform to the requirements on
- origin servers defined in
+ An origin server that receives a request containing a
+ <a>DNT-field-value</a> starting with "1" MUST conform to the
+ requirements on origin servers defined in
<q><a href="tracking-compliance.html">Tracking Compliance and
- Scope</a></q> and SHOULD send a Tk header field in the
- corresponding response, as defined in
+ Scope</a></q>.
+ </p>
+ <p class="note">
+ The following paragraph assumes that a response header field is
+ the mechanism for responding to the preference.
+ </p>
+ <p>
+ An origin server that receives a request containing a
+ <a>DNT-field-value</a> starting with "1" SHOULD send a
+ <a>Tk</a> header field in the corresponding response, as defined in
<a href="#response-header-proposal-2" class="sectionRef"></a>.
</p>
<p class="note">
@@ -567,8 +564,8 @@
<p class="note">This section is new.</p>
<p>
- An origin server MUST provide a well-known resource [RFC5785] at
- the identifier path
+ An origin server MUST provide a <dfn>tracking status resource</dfn>
+ at the well-known identifier [RFC5785]
</p>
<pre>/.well-known/dnt</pre>
<p>
Received on Monday, 13 February 2012 09:29:58 UTC