RE: Issue-65: How does logged in and logged out state work -- Draft Proposal from Andy Zeigler on 2012-01-25 (public-tracking@w3.org from January 2012)

From: Andy Zeigler <andyzei@microsoft.com>
Date: Wed, 25 Jan 2012 18:24:49 +0000
To: Tom Lowenthal <tom@mozilla.com>
CC: "Tracking Protection Working Group WG (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <0F7D108E1379EE45AE5867800F8DB18D93D13157@TK5EX14MBXC128.redmond.corp.microsoft.>

That would be simpler. Either way is fine with me.

-----Original Message-----
From: Tom Lowenthal [mailto:tom@mozilla.com] 
Sent: Wednesday, January 25, 2012 7:22 PM
To: Andy Zeigler
Cc: Tracking Protection Working Group WG (public-tracking@w3.org)
Subject: Re: Issue-65: How does logged in and logged out state work -- Draft Proposal

ACTION-70 ISSUE-65
Fine, I suppose. I'd rather just not have any text on this topic at all, and let the existing rules work it out.

On Wed 25 Jan 2012 02:10:04 PM CET, Andy Zeigler wrote:
> I apologize - sent before the cut-and-paste.
>
> Draft text:
>
>                  If a user is logged into a first-party website and it receives a DNT:1 signal, the website MUST respect DNT:1 signal as a first party and SHOULD handle the user login as it normally would. If a user is logged into a third-party website, and the third party receives a DNT:1 signal, then it MUST respect the DNT:1 signal unless it falls under an exemption described in section 3.4.
>
> Example use cases:
>
>  - A user with DNT:1 logs into a search service called "Searchy". Searchy also operates advertisements on other websites. When the user is on a news website,  Searchy receives DNT:1, and it must respect it, as Searchy is operating in a third-party context.
>  
>  - A user with DNT:1 enabled visits a shopping website and logs in. The shopping website continues to provide recommendations, order history, etc. The shopping site includes third-party advertisements. Those third-parties continue to respect DNT:1. When the user purchases the items in their basket, a third-party financial transaction service is used. The user interacts with the third-party service, at which point it becomes first-party and may use previously collected data.
>  
> - A user with DNT:1 visits a website (Website A) that uses a third-party authentication service called "LogMeIn". The user logs into the site with his LogMeIn credentials. The user has interacted with LogMeIn, and now it can act as a first-party. Now the user vists Website B, which also uses the LogMeIn service, but is branded differently than Website A. LogMeIn MUST respect the DNT:1 signal until the user chooses to interact with LogMeIn in order to log into Website B.
>
> From: Andy Zeigler
> Sent: Wednesday, January 25, 2012 2:02 PM
> To: Tracking Protection Working Group WG (public-tracking@w3.org)
> Subject: Issue-65: How does logged in and logged out state work -- 
> Draft Proposal
>
>
>
>
>

Received on Wednesday, 25 January 2012 18:25:31 UTC