Re: Agenda for 28 November 2012 call - V01

Hi Matthias,

Thank you for the agenda. Notes inline...

On 11/25/12 11:54 AM, Matthias Schunter (Intel Corporation) wrote:
> ---------------------------
> ---------------------------
> Goal:
> - Agree on adding the proposed text (or create action for writing 
> alternative text)
> ISSUE-21: Enable external audit of DNT compliance
> Are we OK with adding the text proposal by Kevin to our spec:
> ISSUE-113: How to handle sub-domains (ISSUE-112)?
> On these issues IMHO the status is as follows:
> - If a site-wide exception is requested, all subdomains are 
> automatically included
> - This issue is only relevant for explicit/explicit lists of domains 
> (if the site uses them)
> - An original proposal (from Ian) used cookie-like handling
> - The current approach requires explicit listing of all sub-domains
> - Is this current approach OK or do we need to text alternatives?

My understanding of current status is that although some are not 
thrilled with the wild-card (cookie-like) approach, there has not been 
strong opposition, and that several participants have expressed a strong 
need for that approach. Therefore, at this point we are no longer 
debating wild-cards vs explicit, and should be narrowing down to the 
exact implementation of wild-cards.

> ISSUE-137: Does hybrid tracking status need to distinguish between 
> first party (1) and outsourcing service provider acting as a first 
> party (s)
> - The minutes at
>    contain some text on ISSUE-137
> - No action is assigned
> - TODO: Discuss and define way forward
> ISSUE-138: Web-Wide Exception Well Known URI
>     Review non-normative text by Nick and agree that it is OK to put 
> into the spec.

Note that I don't fully understand the aim of this text. I may or may 
not agree with it -- I need further explanation -- so if it's to go in 
the spec, it'll need revision. If it turns out I'm ok with the 
substance, I'll be happy to work with Nick to revise.

> ISSUE-153: What are the implications on software that changes requests 
> but does not necessarily initiate them?
>       Proposed text (by david and nick): "Software outside of the user 
> agent that causes a DNT header to be sent (or modifies existing 
> headers) MUST NOT
>    do so without following the requirements of this section; such 
> software is responsible for assuring the expressed preference reflects 
> the user's intent." 

Note there are two other text proposals for consideration. I proposed 
the following:

"A UA that allows or enables other software to alter the DNT setting 
MUST ensure that such alteration reflects the user's intent."

And Walter suggested this, which I could accept in lieu of my proposal:

"A UA MUST incorporate detection mechanisms for alteration of 
DNT-preferences by third-party software (including third-party 
UA-extensions and plugins) and MUST upon detection of such changes 
verify with the user that they reflect the user's intentions. The UA MAY 
provide the user with the option to ignore future changes in the 
DNT-preferences or to automatically change them back to a user-set 

Received on Sunday, 25 November 2012 17:45:40 UTC