- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 27 Feb 2012 18:14:06 -0800
- To: Nicholas Doty <npdoty@w3.org>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Feb 27, 2012, at 5:10 PM, Nicholas Doty wrote:
> On Feb 27, 2012, at 4:36 PM, Roy T. Fielding wrote:
>
>> On Feb 27, 2012, at 4:11 PM, John Simpson wrote:
>>
>>> I was just reading the latest version of the TPE standard dated today, Feb. 27. As I now read and understand it you've got a response from a well-known URI as a *must* and an HTTP response header as a *may*.
>>
>> Matthias made the header field a SHOULD as the resolution of ISSUE-105.
>> I just moved that resolution down to the header proposal section last night.
>>
>> http://www.w3.org/2011/tracking-protection/track/issues/105
>
> I think 105 is different. Issue-105 covers whether the server may send a response header when the user agent didn't send a request header, which we have closed (it may).
>
> Issue-120 https://www.w3.org/2011/tracking-protection/track/issues/120 is still pending review; that's the proposal that the response header is a SHOULD when a request header is present.
Oops, that's right -- I picked up the wrong revision. It was added in
Revision 1.62
date: 2012/02/10 07:11:50; author: rfieldin; state: Exp; lines: +19 -0
ACTION-118: Edit the language within ISSUE-120 into the TPE spec.
ISSUE-120: Should the response header be mandatory (MUST) or recommended (SHOULD)
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- tracking-dnt.html 10 Feb 2012 06:34:30 -0000 1.61
+++ tracking-dnt.html 10 Feb 2012 07:11:50 -0000 1.62
@@ -351,6 +351,25 @@
DNT: 1
</pre>
+ <!-- The following two paras assume response header fields are
+ the only mechanism for responding to the preference. -->
+ <p>
+ An origin server that receives a request containing a DNT
+ field-value starting with "1" MUST conform to the requirements on
+ origin servers defined in
+ <q><a href="tracking-compliance.html">Tracking Compliance and
+ Scope</a></q> and SHOULD send a Tk header field in the
+ corresponding response, as defined in
+ <a href="#response-header-proposal-2" class="sectionRef"></a>.
+ </p>
+ <p class="note">
+ If an origin server chooses not to send a Tk header field, then
+ the user agent will not know if the tracking preference has been
+ received or if it will be honored. This may have negative
+ consequences for the site, such as triggering preventive measures
+ on the user agent or being flagged as non-compliant by tools that
+ look for response header fields.
+ </p>
<p>
An HTTP intermediary MUST NOT add, delete, or modify the DNT header
field in requests forwarded through that intermediary unless that
> I don't believe we've settled that question yet. The text in the draft says to see Section 4.1, but I think it now refers to Section 5.2. Should we explicitly note inline that the SHOULD/MUST is still debated?
http://www.w3.org/2011/tracking-protection/track/actions/118
http://www.w3.org/2011/tracking-protection/track/issues/120
My understanding is that Matthias believed it was ready for closure
once the text was placed in the document. I think it is intended for
review at this week's teleconference. I'll move the issue marker to
the correct location.
....Roy
Received on Tuesday, 28 February 2012 02:14:31 UTC