ISSUE-192 (Re: Batch closing of TPE related issues)

Rob van Eijk <rob@blaeu.com> wrote:

>Revocation should be a cornerstone.
>
>I would therefore suggest not to close this issue and discuss how
>revocation ties in with expiry or other means of undoing an exception.
>
>In NL for example there is most likely to be a (local law) requirement
>to keep consent on record for multiple years. 
>
>I am concerned that an indication that a granted exception at first
>visit turns into an out of band consent on next visits. 
>Another concern is that granting an exception and undoing that are two
>sides of the same coin. The undoing part could be addressed with
>(automatic) expiry, revocation, clearing the browser state etc. I do
>not have a complete picture of all the options to reset a UGA.
>
>Without turning this into a compliance discussion, the buildingblock to
>deal with revocation should be looked at more in detail.
>
>Rob
>
>
>"Matthias Schunter (Intel Corporation)" <mts-std@schunter.org> wrote:
>
>>Hi Team,
>>
>>enclosed is a list of TPE-related ISSUES that I believe can be closed.
>>Please drop me a line if you disagree and believe that some of these 
>>issues should be kept open.
>>
>>Thanks a lot!
>>
>>matthias
>>
>>-----------------
>>ISSUE-112: How are sub-domains handled for site-specific exceptions?
>>http://www.w3.org/2011/tracking-protection/track/issues/112
>>Resolution:
>>- Cookie-like
>>- As documented in the spec
>>
>>ISSUE-152: User Agent Compliance: feedback for out-of-band consent
>>http://www.w3.org/2011/tracking-protection/track/issues/152
>>Resolution:
>>- User agents (in the new model) are free to interact with users
>>- We do not mandate that they do so
>>
>>ISSUE-167: Multiple site exceptions
>>http://www.w3.org/2011/tracking-protection/track/issues/167
>>Resolution:
>>- No special approach for multi-site exceptions
>>- Based on implementation experience, we may later revisit the issue
>>
>>ISSUE-182: protocol for user agents to indicate whether a request with
>
>>DNT set is 1st party or 3rd party
>>http://www.w3.org/2011/tracking-protection/track/issues/182
>>Resolution:
>>- This seems technically impossible
>>- As a consequence, I suggest to close
>>
>>ISSUE-192: Should exceptions have expiry date, secure flag or other 
>>cookie-like attributes?
>>http://www.w3.org/2011/tracking-protection/track/issues/192
>>Resolution:
>>- User agents may expire exceptions (or use other mechanisms for 
>>aligning them with user preference)
>>- Suggestion: No additional management mechanisms; leave TPE spec as
>it
>>is

Received on Thursday, 6 June 2013 07:44:48 UTC