- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 07 Mar 2012 09:50:13 +0100
- To: public-tracking@w3.org
- Cc: "Roy T. Fielding" <fielding@gbiv.com>, Matthias Schunter <mts@zurich.ibm.com>
On Tuesday 06 March 2012 14:34:43 Roy T. Fielding wrote: > > As a consequence, a site where each URL may have a different response > > should live easier with headers; for retrieving the same info from a > > well-known URI, the whole site needs to be 'mirrored' under the > > well-known URI and the number of requests would double (Roy: Correct > > me if I am wrong!). > > Actually, you are wrong, though for reasons that very few people would > anticipate. First, the 'mirror' is not of the site but of the resource > namespace, and it ends at the first ancestor that has the same tracking > policy as all of its descendants. Descendants would redirect up. > Second, there are no sites where every URL has its own tracking policy. > Finally, in the worst case, the site can simply pick the union of all > tracking behavior for the site and present that at the single > /.well-known/dnt --- we do not penalize sites for saying they track more > than they actually do for a given URI. Roy, you're contradicting the entire P3P WG here: http://www.w3.org/TR/P3P11/#ref_file I've set up the ref_files myself and failed for a site as complex as W3C's. While I can imagine that a simple site sets the response headers in a file to be downloaded, complex sites will have to define the scope if the response header and with the above you're only scratching the opening door to a complex can of worms. Defining is easy, implementing is very hard in this field: Definition: some regex will do: DNT reference files make statements about what DNT feedback value applies to a given URI. DNT reference files support a simple wildcard character to allow making statements about regions of URI-space. The character asterisk ('*') is used to represent a sequence of 0 or more of any character. No other special characters (such as those found in regular expressions) are supported. Implementation: In W3C datespace, files with different levels of access are sitting in the same folder. And different levels of access (logged-in) mean different tracking status. As a consequence, the file at the well-known location has to contain a list of all files under DNT policy. For W3C those are some 100k files or more. How heavy is that file at the well-known location now? How hard to generate? BTW and with a reference to Aleecia's discussion with Shane about complex sites and headers: P3P contained the link-tag in the html page for that use case. We now would have RDFa to do that. Best, Rigo
Received on Wednesday, 7 March 2012 08:50:42 UTC