- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 07 Mar 2012 12:12:52 +0100
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: public-tracking@w3.org, Matthias Schunter <mts@zurich.ibm.com>
On Wednesday 07 March 2012 02:34:58 Roy T. Fielding wrote: > > you're contradicting the entire P3P WG here: > > http://www.w3.org/TR/P3P11/#ref_file > > I must be doing something right. Sorry this was a double negative here from my side. You're reproducing the P3P WG here. And my aim is not to make the same mistakes again. > > I've set up the ref_files myself and failed for a site as complex as > > W3C's. > Well, yes, but that's because P3P covers everything and cannot presume > to redesign the site. I don't understand that sentence. > Tracking is quite another story. As I mentioned > before, it is extremely rare for a tracking site to have more than one > policy per domain. We are talking about response headers, aren't we? So a site must have at least two policies, one for DNT=0 and one for DNT=1. And some resources will be served in case of DNT=1 AND DNT=0 and some others will not be served and a different response is given. And if you haven't organized your resources in folder according to the policy because it has grown naturally in the past, you're exactly in the situation I'm describing. > If there is more than one policy, it would either be > a delegated control model (meaning hierarchical) or a type-based control > model (meaning a URI pattern, like a file extension). and if some pattern matches, send header back, instead of 1/ pattern matches 2/ construct a file 3/ send file back 4/ send 200OK response you just do: 1/ pattern matches 2/ send header with 200OK response > Both cases are > far easier to handle with a virtual URI space than a single file with > a bunch of complicated rules. or with headers according to a certain rule. > > All of the major web servers have support for URI rewriting based on > prefix and regular expressions, and they are fully capable of rewriting > > /.well-known/dnt/my/path > to > /my/path,tracking-status IBM said in 2002 that this would be far to expensive for the server in terms of computing. > > if a site really wants to have a separate policy per resource delegated > directly to the resource owner's space. But then you have the same as the header but you added another round trip. Rigo
Received on Wednesday, 7 March 2012 11:13:19 UTC