Re: ISSUE-161: Discussion of semantics and alternatives to "!"

Hi Roy/David/Jonathan,

thanks for your inputs!

I agree that
- the semantics of "!" is well defined in the spec
- Once a site claims "!" we can no longer impose rules (since the site 
claims not to abide by those rules).

I believe that for "D", things are different since "D" is part of our 
compliance regime.

The concern I see is that sites use "D" far too often (or even always) 
and thus
having a way to "escape" the compliance rules we create. E.g., without 
any rules on "D",
a site could always respond "D" while not implementing any part of the 
compliance rules we create.
I believe that this is not in the spirit of this WG.

However, I agree with Roy that preventing this is hard in a voluntary 
A related goal we cannot achieve is to force people to implement DNT.

The current resolution is to require that parties who reply "D" are 
required to
document the conditions under which "D" is sent and are therefore 
transparent on their practices.

This documentation can then be used within dialogues (e.g., with 
regulators or customers or advocacy groups) that is outside the scope
of the protocol and also outside the scope of this WG.

I believe that if we do not provide the "D", then sites will just ignore 
certain signals of UAs they deem non-compliant.
This scenario is much worse since
  (a) users cannot learn that their signal has been ignored
  (b) sites are not required to be transparent about their 
practices/conditions under which signals are ignored

ALL: We have a concrete text on the table (within the TPE spec) and the 
next step for people not agreeing with this text
is to propose improvements / alternatives. Without alternatives, it is 
likely that this issue will eventually be closed.


On 17/04/2013 10:02, Roy T. Fielding wrote:
> On Apr 17, 2013, at 12:04 AM, Jonathan Mayer wrote:
>> Roy,
>> I entirely fail to see how the semantics of a status indicator 
>> "cannot be addressed."  Could you please explain your concern?
>> Thanks,
>> Jonathan
> I don't have a concern.  The concern you expressed is a fear that
> sites will be allowed to express some degree of non-conformance,
> rather than an all-or-nothing adherence to some compliance regime
> that simply does not exist.  The place to address your concern is
> in that compliance regime, not the protocol.
> Some people have a desire for the server to communicate when there
> is a lack of conformance.  There are two solutions to that: 1) allow
> them to do so in the protocol; 2) sit by and watch them do so
> outside the protocol.  There is no third option of "require them
> to always conform" because non-conformance is outside our scope.
> Failure to provide a means for communicating "D" inside the protocol
> just means that it will be expressed as either a non-standard
> extension or within the privacy policy of each site.
> Failure to provide a means for testing ("!") inside the protocol
> just means everyone will invent their own means for pre-deployment
> testing (e.g., use different field and WKR names), and then they
> will have a legitimate excuse for implementing it wrong the first
> few times.
> The protocol can't place limits on how long or how often the
> testing periods might be, nor is there any reason to believe
> that sites will game an explicit indication on non-conformance.
> Compliance regimes can do that, either in the form of regulations
> or self-regulatory guidelines.  I am not writing either one, so
> I will not be addressing your concern in TPE.
> Cheers,
> ....Roy

Received on Wednesday, 17 April 2013 09:21:43 UTC