Re: Issue-65: How does logged in and logged out state work -- Draft Proposal from Sean Harvey on 2012-01-25 (public-tracking@w3.org from January 2012)

From: Sean Harvey <sharvey@google.com>
Date: Wed, 25 Jan 2012 20:00:44 +0100
To: Tom Lowenthal <tom@mozilla.com>
Cc: Andy Zeigler <andyzei@microsoft.com>, "Tracking Protection Working Group WG (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <CAFy-vueC-bgnLN3UtmrwQjW7JJoWZ8WL60qMd3=BGT-yYDBKLA@mail.gmail.com>

In general i'm really excited about the progress on the response header!
but given that we've just reviewed it this afternoon i do need to get more
feedback both internally and from publishers in order to ensure that this
is reasonably implementable. and i believe we need to discuss this as a
group before any issues are formally closed. it's worth stepping back for a
moment and making sure we all know what we're signing up for, but this is
great progress.




On Wed, Jan 25, 2012 at 7:51 PM, Tom Lowenthal <tom@mozilla.com> wrote:

> In that case, let's follow the simplicity principle and avoid
> extraneous text. I'm closing ISSUE-65 and ACTION-70.
>
> On Wed 25 Jan 2012 07:24:49 PM CET, Andy Zeigler wrote:
> > That would be simpler. Either way is fine with me.
> >
> > -----Original Message-----
> > From: Tom Lowenthal [mailto:tom@mozilla.com]
> > Sent: Wednesday, January 25, 2012 7:22 PM
> > To: Andy Zeigler
> > Cc: Tracking Protection Working Group WG (public-tracking@w3.org)
> > Subject: Re: Issue-65: How does logged in and logged out state work --
> Draft Proposal
> >
> > ACTION-70 ISSUE-65
> > Fine, I suppose. I'd rather just not have any text on this topic at all,
> and let the existing rules work it out.
> >
> > On Wed 25 Jan 2012 02:10:04 PM CET, Andy Zeigler wrote:
> >> I apologize - sent before the cut-and-paste.
> >>
> >> Draft text:
> >>
> >>                  If a user is logged into a first-party website and it
> receives a DNT:1 signal, the website MUST respect DNT:1 signal as a first
> party and SHOULD handle the user login as it normally would. If a user is
> logged into a third-party website, and the third party receives a DNT:1
> signal, then it MUST respect the DNT:1 signal unless it falls under an
> exemption described in section 3.4.
> >>
> >> Example use cases:
> >>
> >>  - A user with DNT:1 logs into a search service called "Searchy".
> Searchy also operates advertisements on other websites. When the user is on
> a news website,  Searchy receives DNT:1, and it must respect it, as Searchy
> is operating in a third-party context.
> >>
> >>  - A user with DNT:1 enabled visits a shopping website and logs in. The
> shopping website continues to provide recommendations, order history, etc.
> The shopping site includes third-party advertisements. Those third-parties
> continue to respect DNT:1. When the user purchases the items in their
> basket, a third-party financial transaction service is used. The user
> interacts with the third-party service, at which point it becomes
> first-party and may use previously collected data.
> >>
> >> - A user with DNT:1 visits a website (Website A) that uses a
> third-party authentication service called "LogMeIn". The user logs into the
> site with his LogMeIn credentials. The user has interacted with LogMeIn,
> and now it can act as a first-party. Now the user vists Website B, which
> also uses the LogMeIn service, but is branded differently than Website A.
> LogMeIn MUST respect the DNT:1 signal until the user chooses to interact
> with LogMeIn in order to log into Website B.
> >>
> >> From: Andy Zeigler
> >> Sent: Wednesday, January 25, 2012 2:02 PM
> >> To: Tracking Protection Working Group WG (public-tracking@w3.org)
> >> Subject: Issue-65: How does logged in and logged out state work --
> >> Draft Proposal
> >>
> >>
> >>
> >>
> >>
> >
>
>


-- 
Sean Harvey
Business Product Manager
Google, Inc.
212-381-5330
sharvey@google.com

Received on Wednesday, 25 January 2012 19:01:12 UTC