Re: ACTION-43: added user-agent-managed site-specific exception proposal to Editor's Draft

On Jan 18, 2012, at 4:37 PM, David Singer wrote:
> On Jan 6, 2012, at 17:56 , Nicholas Doty wrote:
>> What would you suggest specifically to replace this text? One possibility:
>> "If a user has pre-configured the user agent to accept or reject these permissions, the user agent SHOULD respond with that preference. If no pre-configured preference exists, the user agent MUST provide a user interface prompting the user to choose whether to provide site-specific permissions for the requested origins."
> I think we're designing a protocol between the UA and the server, and what that protocol means and its requirements.  UA to user interactions are out of the scope of a MUST statement, I think.

I really want to heartily agree and remove any mention of the user interaction at all, but the reason I'm pushing here is that we want sites to be able to rely on this API to negotiate permissions with the user. If sites aren't confident that user agents will reach out to the user in some fashion, they may instead fall back on a diversity of site-by-site schemes to get out-of-band permission from the user to override a DNT preference. Down that road, I fear, lies a situation of poor usability and transparency, where users have a DNT preference set, don't realize it's being overridden and would struggle to re-apply it site-by-site.

That is, I recognize the concern and the principle, and I just want to explain the motivation. I'm extremely open to alternatives here.


Received on Thursday, 19 January 2012 02:39:20 UTC