- From: Nicholas Doty <npdoty@w3.org>
- Date: Tue, 22 Jan 2013 22:31:29 -0800
- To: David Singer <singer@apple.com>
- Cc: "public-tracking@w3.org Working Group" <public-tracking@w3.org>
A few notes from reading over the user-granted exceptions section: I think we're misusing "site-wide" a few times to refer to what might better be called "all targets". The term "site-wide" implies the width of the first-party, not the specificity of trackers for whom an exception is granted. Regarding the enumeration of response values, is there some reason a site needs to know that it received an "all targets" expansion even when it did not ask for one? It seems to me the site cares whether it received as least as much permission as it asked for, and nothing else. That would suggest this response value can be boolean, which is a little simpler for all involved. "the user-agent may still ask for the user's approval" -- are we sure that's right under this version of exceptions? Can a UA ask for the user's approval without blocking the JS thread or granting (and subsequently using) the exception before the user has had a chance to confirm? We refer to "origin" in some cases and "domain" in others. I believe "origin" generally refers to a tuple of host, port and scheme. For the sake of consistency with other specs, we could stick with origins, strictly defined; I've been looking at the definition in HTML5 [0]. If what we actually mean is host (because the distinction between http and https is not significant for our use cases, say), we should make that change. (On the other hand, HTML5 has a document.domain property, which seems to be equivalent to their concept of host.) Thanks, Nick http://www.w3.org/html/wg/drafts/html/master/browsers.html#origin
Received on Wednesday, 23 January 2013 06:31:31 UTC