ISSUE-45 managing compliance mode tokens

This relates to ISSUE-45 
(, and my 
related proposal to create a field in the status resource where servers 
can indicate a compliance regime under which they are honoring a DNT 

On the mailing list, and in discussion at the f2f, there was concern 
about how to manage or limit the available tokens. My view is that 
tokens used will naturally, without us specifying, become limited to a 
narrow set associated with regional jurisdictions and with legitimate, 
well-established self-reg programs. Servers using tokens outside this 
set will be easily discoverable.

However, others do not see transparency as an adequate control. I am 
therefore opening this thread to solicit ideas. The only idea that comes 
to mind for me is establishing high-level principles acceptable programs 
must adhere to in order to promulgate a valid token. But I'd like to 
discuss others, if anyone has suggestions.


Received on Monday, 29 October 2012 16:24:57 UTC