RE: Batch closing of TPE-related issues (response by April 16)

Hi Matthias,


The reason for issue-185 was to address the danger of web-wide consent being
registered invisibly (bad actors or accidentally). This was not a problem
with the old API because the UA could intervene and notify the user, and is
not a problem with the new site-specific API because of the limited scope. 


We should still keep it open to discuss ways to mitigate this, for example
requiring web-wide exceptions to be executed in user click context or
requiring  a data-controller string to be present in the TR.


If illicitly registered web-wide exceptions are too easy and become common
it could weaken the authority of the standard.




From: Matthias Schunter (Intel Corporation) [] 
Sent: 12 April 2013 14:00
To: (
Subject: Batch closing of TPE-related issues (response by April 16)


Hi Folks,

as part of our final cleanup in preparation of our next working draft, I
suggest to close the issues listed below.

Please respond by April 16 if you cannot live with the proposed resolution
of those issues.
If you do so, please include a justification and describe what concern of
yours is not addressed in
the currently documented draft of the TPE.



ISSUE-112 <>
<>  (edit)


How are sub-domains handled for site-specific exceptions?

- We agreed to use cookie-matching-like wildcards and rules to allow
  for code-reuse in user agents
- This is reflected in the spec

ISSUE-144 <>
<>  (edit)

	User-granted Exceptions: Constraints on user agent behavior while
granting and for future requests?

REASON: In the new exception model, user agents are required to communicate
the status of an exception.
 The status may be changed by end users and no further requirements are
needed. This is reflected in the spec.

NOTE: We still have an open issue whether user agents are required to
implement the exception API.

ISSUE-161 <>
<>  (edit)

	o we need a tracking status value for partial compliance or
rejecting DNT? <>

- We defined a "!" indicator that says that the site is not claiming to
comply (e.g., maintenance / under construction)

ISSUE-185 <>
<>  (edit)
WebWide Not

	There should not be an API for web-wide exceptions

- We reached agreement that there will be an API for web-side exceptions

ISSUE-143 <>
<>  (edit)
Reciprocal Consent

	Activating a Tracking Preference must require explicit, informed
consent from a user

- We will have this discussion as part of ISSUE-194.

Received on Friday, 12 April 2013 13:22:05 UTC