Re: Issue-107, Issue-120, Issue-124

On Feb 27, 2012, at 5:10 PM, Nicholas Doty wrote:

> On Feb 27, 2012, at 4:36 PM, Roy T. Fielding wrote:
> 
>> On Feb 27, 2012, at 4:11 PM, John Simpson wrote:
>> 
>>> I was just reading the latest version of the TPE standard dated today, Feb. 27.  As I now read and understand it you've got a response from a well-known URI as a *must* and an HTTP response header as a *may*.
>> 
>> Matthias made the header field a SHOULD as the resolution of ISSUE-105.
>> I just moved that resolution down to the header proposal section last night.
>> 
>>  http://www.w3.org/2011/tracking-protection/track/issues/105
> 
> I think 105 is different. Issue-105 covers whether the server may send a response header when the user agent didn't send a request header, which we have closed (it may).
> 
> Issue-120 https://www.w3.org/2011/tracking-protection/track/issues/120 is still pending review; that's the proposal that the response header is a SHOULD when a request header is present.

Oops, that's right -- I picked up the wrong revision.  It was added in

Revision 1.62
date: 2012/02/10 07:11:50;  author: rfieldin;  state: Exp;  lines: +19 -0
ACTION-118: Edit the language within ISSUE-120 into the TPE spec.
ISSUE-120: Should the response header be mandatory (MUST) or recommended (SHOULD)
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- tracking-dnt.html	10 Feb 2012 06:34:30 -0000	1.61
+++ tracking-dnt.html	10 Feb 2012 07:11:50 -0000	1.62
@@ -351,6 +351,25 @@
 DNT: 1
 
         </pre>
+        <!-- The following two paras assume response header fields are
+             the only mechanism for responding to the preference. -->
+        <p>
+          An origin server that receives a request containing a DNT
+          field-value starting with "1" MUST conform to the requirements on
+          origin servers defined in
+          <q><a href="tracking-compliance.html">Tracking Compliance and
+          Scope</a></q> and SHOULD send a Tk header field in the
+          corresponding response, as defined in
+          <a href="#response-header-proposal-2" class="sectionRef"></a>.
+        </p>
+        <p class="note">
+          If an origin server chooses not to send a Tk header field, then
+          the user agent will not know if the tracking preference has been
+          received or if it will be honored.  This may have negative
+          consequences for the site, such as triggering preventive measures
+          on the user agent or being flagged as non-compliant by tools that
+          look for response header fields.
+        </p>
         <p>
           An HTTP intermediary MUST NOT add, delete, or modify the DNT header
           field in requests forwarded through that intermediary unless that

> I don't believe we've settled that question yet. The text in the draft says to see Section 4.1, but I think it now refers to Section 5.2. Should we explicitly note inline that the SHOULD/MUST is still debated?

http://www.w3.org/2011/tracking-protection/track/actions/118
http://www.w3.org/2011/tracking-protection/track/issues/120

My understanding is that Matthias believed it was ready for closure
once the text was placed in the document.  I think it is intended for
review at this week's teleconference.  I'll move the issue marker to
the correct location.

....Roy

Received on Tuesday, 28 February 2012 02:14:31 UTC