- From: Rob van Eijk <rob@blaeu.com>
- Date: Thu, 06 Jun 2013 09:43:57 +0200
- To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
- Message-ID: <b711decd-2879-4dc9-a182-3e55b6f71e5e@email.android.com>
Rob van Eijk <rob@blaeu.com> wrote: >Revocation should be a cornerstone. > >I would therefore suggest not to close this issue and discuss how >revocation ties in with expiry or other means of undoing an exception. > >In NL for example there is most likely to be a (local law) requirement >to keep consent on record for multiple years. > >I am concerned that an indication that a granted exception at first >visit turns into an out of band consent on next visits. >Another concern is that granting an exception and undoing that are two >sides of the same coin. The undoing part could be addressed with >(automatic) expiry, revocation, clearing the browser state etc. I do >not have a complete picture of all the options to reset a UGA. > >Without turning this into a compliance discussion, the buildingblock to >deal with revocation should be looked at more in detail. > >Rob > > >"Matthias Schunter (Intel Corporation)" <mts-std@schunter.org> wrote: > >>Hi Team, >> >>enclosed is a list of TPE-related ISSUES that I believe can be closed. >>Please drop me a line if you disagree and believe that some of these >>issues should be kept open. >> >>Thanks a lot! >> >>matthias >> >>----------------- >>ISSUE-112: How are sub-domains handled for site-specific exceptions? >>http://www.w3.org/2011/tracking-protection/track/issues/112 >>Resolution: >>- Cookie-like >>- As documented in the spec >> >>ISSUE-152: User Agent Compliance: feedback for out-of-band consent >>http://www.w3.org/2011/tracking-protection/track/issues/152 >>Resolution: >>- User agents (in the new model) are free to interact with users >>- We do not mandate that they do so >> >>ISSUE-167: Multiple site exceptions >>http://www.w3.org/2011/tracking-protection/track/issues/167 >>Resolution: >>- No special approach for multi-site exceptions >>- Based on implementation experience, we may later revisit the issue >> >>ISSUE-182: protocol for user agents to indicate whether a request with > >>DNT set is 1st party or 3rd party >>http://www.w3.org/2011/tracking-protection/track/issues/182 >>Resolution: >>- This seems technically impossible >>- As a consequence, I suggest to close >> >>ISSUE-192: Should exceptions have expiry date, secure flag or other >>cookie-like attributes? >>http://www.w3.org/2011/tracking-protection/track/issues/192 >>Resolution: >>- User agents may expire exceptions (or use other mechanisms for >>aligning them with user preference) >>- Suggestion: No additional management mechanisms; leave TPE spec as >it >>is
Received on Thursday, 6 June 2013 07:44:48 UTC