- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 27 Feb 2012 18:14:06 -0800
- To: Nicholas Doty <npdoty@w3.org>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Feb 27, 2012, at 5:10 PM, Nicholas Doty wrote: > On Feb 27, 2012, at 4:36 PM, Roy T. Fielding wrote: > >> On Feb 27, 2012, at 4:11 PM, John Simpson wrote: >> >>> I was just reading the latest version of the TPE standard dated today, Feb. 27. As I now read and understand it you've got a response from a well-known URI as a *must* and an HTTP response header as a *may*. >> >> Matthias made the header field a SHOULD as the resolution of ISSUE-105. >> I just moved that resolution down to the header proposal section last night. >> >> http://www.w3.org/2011/tracking-protection/track/issues/105 > > I think 105 is different. Issue-105 covers whether the server may send a response header when the user agent didn't send a request header, which we have closed (it may). > > Issue-120 https://www.w3.org/2011/tracking-protection/track/issues/120 is still pending review; that's the proposal that the response header is a SHOULD when a request header is present. Oops, that's right -- I picked up the wrong revision. It was added in Revision 1.62 date: 2012/02/10 07:11:50; author: rfieldin; state: Exp; lines: +19 -0 ACTION-118: Edit the language within ISSUE-120 into the TPE spec. ISSUE-120: Should the response header be mandatory (MUST) or recommended (SHOULD) =================================================================== RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v retrieving revision 1.61 retrieving revision 1.62 diff -u -r1.61 -r1.62 --- tracking-dnt.html 10 Feb 2012 06:34:30 -0000 1.61 +++ tracking-dnt.html 10 Feb 2012 07:11:50 -0000 1.62 @@ -351,6 +351,25 @@ DNT: 1 </pre> + <!-- The following two paras assume response header fields are + the only mechanism for responding to the preference. --> + <p> + An origin server that receives a request containing a DNT + field-value starting with "1" MUST conform to the requirements on + origin servers defined in + <q><a href="tracking-compliance.html">Tracking Compliance and + Scope</a></q> and SHOULD send a Tk header field in the + corresponding response, as defined in + <a href="#response-header-proposal-2" class="sectionRef"></a>. + </p> + <p class="note"> + If an origin server chooses not to send a Tk header field, then + the user agent will not know if the tracking preference has been + received or if it will be honored. This may have negative + consequences for the site, such as triggering preventive measures + on the user agent or being flagged as non-compliant by tools that + look for response header fields. + </p> <p> An HTTP intermediary MUST NOT add, delete, or modify the DNT header field in requests forwarded through that intermediary unless that > I don't believe we've settled that question yet. The text in the draft says to see Section 4.1, but I think it now refers to Section 5.2. Should we explicitly note inline that the SHOULD/MUST is still debated? http://www.w3.org/2011/tracking-protection/track/actions/118 http://www.w3.org/2011/tracking-protection/track/issues/120 My understanding is that Matthias believed it was ready for closure once the text was placed in the document. I think it is intended for review at this week's teleconference. I'll move the issue marker to the correct location. ....Roy
Received on Tuesday, 28 February 2012 02:14:31 UTC