Re: TPE sec 6.11 on clearing granted exceptions

agreed

let's change the text as i suggested, or something similar.  this should be advice only, anyway

On Apr 26, 2013, at 17:31 , "Roy T. Fielding" <fielding@gbiv.com> wrote:

> On Apr 25, 2013, at 4:40 PM, Nicholas Doty wrote:
> 
>> I think in-band user-granted exceptions have at least two advantages over use of cookies in storing exception consent:
>> * DNT:0 can be sent even when there is no cookie or cookies are not sent
>> * user-agent-managed exceptions can be reviewed and cleared from a centralized store
> 
> So can a specialized cookie (a standard name that can optionally be
> manipulated by an additional set of tools on the browser).  If a
> user agent is not sending any cookies, sending DNT:0 is not going
> to help much.
> 
>> I think perhaps the SHOULD text is a little too specific; browsers are taking different approaches to clearing client-side state and while I think there probably always should be an option to clear all client-side state simultaneously, there will also very likely be implementations that clear cookies or other caches separately. I think the general principle of clearing state set and then subsequently accessible by JavaScript is an important one, and worth noting in the spec.
>> 
>> That would be a third advantage for using in-band exceptions: exceptions may be retained when a user chooses to clear cookies but not other client-side state.
>> 
>> Thanks,
>> Nick
> 
> I don't think I was clear.  Currently, the only advantage the UGE
> framework has is that it doesn't get cleared when cookies get cleared.
> If that isn't true, we should delete the entire framework and replace
> it with a named cookie that is sent along with the DNT:1 signal.
> Then we wouldn't have to wait until all browsers implement UGEs
> and we wouldn't have to implement two different opt-in consent
> mechanisms.
> 
> ....Roy

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Friday, 26 April 2013 08:33:50 UTC