W3C home > Mailing lists > Public > public-tracking@w3.org > June 2013

Re: Batch closing of TPE related issues

From: Rob van Eijk <rob@blaeu.com>
Date: Thu, 06 Jun 2013 09:35:37 +0200
To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>, public-tracking-announce@w3.org
Message-ID: <3f679580-8d24-4cc2-84f5-10d1f83d9a2a@email.android.com>
Revocation should be a cornerstone.

I would therefore suggest not to close this issue and discuss how revocation ties in with expiry or other means of undoing an exception.

In NL for example there is most likely to be a (local law) requirement to keep consent on record for multiple years. 

I am concerned that an indication that a granted exception at first visit turns into an out of band consent on next visits. 
Another concern is that granting an exception and undoing that are two sides of the same coin. The undoing part could be addressed with (automatic) expiry, revocation, clearing the browser state etc. I do not have a complete picture of all the options to reset a UGA.

Without turning this into a compliance discussion, the buildingblock to deal with revocation should be looked at more in detail.


"Matthias Schunter (Intel Corporation)" <mts-std@schunter.org> wrote:

>Hi Team,
>enclosed is a list of TPE-related ISSUES that I believe can be closed.
>Please drop me a line if you disagree and believe that some of these 
>issues should be kept open.
>Thanks a lot!
>ISSUE-112: How are sub-domains handled for site-specific exceptions?
>- Cookie-like
>- As documented in the spec
>ISSUE-152: User Agent Compliance: feedback for out-of-band consent
>- User agents (in the new model) are free to interact with users
>- We do not mandate that they do so
>ISSUE-167: Multiple site exceptions
>- No special approach for multi-site exceptions
>- Based on implementation experience, we may later revisit the issue
>ISSUE-182: protocol for user agents to indicate whether a request with 
>DNT set is 1st party or 3rd party
>- This seems technically impossible
>- As a consequence, I suggest to close
>ISSUE-192: Should exceptions have expiry date, secure flag or other 
>cookie-like attributes?
>- User agents may expire exceptions (or use other mechanisms for 
>aligning them with user preference)
>- Suggestion: No additional management mechanisms; leave TPE spec as it
Received on Thursday, 6 June 2013 07:36:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:39:41 UTC