Re: Agenda for 2012-02-01 call (V02: added more incoming issues with text)

On Jan 31, 2012, at 13:12 , Matthias Schunter wrote:

> 
> 7. Collect arguments "SHOULD" vs. "MUST" for response headers
>     https://www.w3.org/2011/tracking-protection/track/issues/120
> 

Since I can't be on the call…

Background: We have a service that claims compliance to the protocol, responding to a DNT request.

If the response header is only a SHOULD, then we need to define a default.  We could say "for cacheable objects, the default value is "not trackable"; for all others it is "I may be tracking you (claiming all possible exceptions)".  The UA will have to work out whether the service is 1st or 3rd party, to work out which set of exceptions are possibly claimed.  In addition, it's possible that the entity determining the default is not able to see the cache headers (there were discarded by the HTTP end-point) and that it therefore erroneously concludes that untrackable resources are potentially being tracked.

The advantage of a SHOULD is that the service only needs to add the header in the systems that handle tracking; ordinary (cacheable) resource delivery would not need any engineering changes, to remain in compliance (even if that's dangerous).

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 31 January 2012 14:43:51 UTC