Re: ISSUE-192 (Re: Batch closing of TPE related issues) ISSUE-201 from Matthias Schunter (Intel Corporation) on 2013-06-12 (public-tracking@w3.org from June 2013)

From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Date: Wed, 12 Jun 2013 17:45:18 +0200
To: public-tracking@w3.org
Message-ID: <51B8978E.50302@schunter.org>

Hi Rob,


I believe that this discussion is a new issue (while related to ISSUE-192).
I closed ISSUE-192 and I have created a new ISSUE-201.

Please review the issue:
  https://www.w3.org/2011/tracking-protection/track/issues/201
and drop me a line if this does not capture your concerns
or if you want ISSUE_192 kept open for other reasons.


Matthias

On 06/06/2013 09:43, Rob van Eijk wrote:
>
>
> Rob van Eijk <rob@blaeu.com> wrote:
>
>     Revocation should be a cornerstone.
>
>     I would therefore suggest not to close this issue and discuss how
>     revocation ties in with expiry or other means of undoing an exception.
>
>     In NL for example there is most likely to be a (local law)
>     requirement to keep consent on record for multiple years.
>
>     I am concerned that an indication that a granted exception at
>     first visit turns into an out of band consent on next visits.
>     Another concern is that granting an exception and undoing that are
>     two sides of the same coin. The undoing part could be addressed
>     with (automatic) expiry, revocation, clearing the browser state
>     etc. I do not have a complete picture of all the options to reset
>     a UGA.
>
>     Without turning this into a compliance discussion, the
>     buildingblock to deal with revocation should be looked at more in
>     detail.
>
>     Rob
>
>
>     "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org> wrote:
>
>         Hi Team,
>
>         enclosed is a list of TPE-related ISSUES that I believe can be closed.
>         Please drop me a line if you disagree and believe that some of these
>         issues should be kept open.
>
>         Thanks a lot!
>
>         matthias
>
>         -----------------
>         ISSUE-112: How are sub-domains handled for site-specific exceptions?
>         http://www.w3.org/2011/tracking-protection/track/issues/112
>         Resolution:
>         - Cookie-like
>         - As documented in the spec
>
>         ISSUE-152: User Agent Compliance: feedback for out-of-band consent
>         http://www.w3.org/2011/tracking-protection/track/issues/152
>         Resolution:
>         - User agents (in the new model) are free to interact with users
>         - We do not mandate that t!
>           hey do
>         so
>
>         ISSUE-167: Multiple site exceptions
>         http://www.w3.org/2011/tracking-protection/track/issues/167
>         Resolution:
>         - No special approach for multi-site exceptions
>         - Based on implementation experience, we may later revisit the issue
>
>         ISSUE-182: protocol for user agents to indicate whether a request with
>         DNT set is 1st party or 3rd party
>         http://www.w3.org/2011/tracking-protection/track/issues/182
>         Resolution:
>         - This seems technically impossible
>         - As a consequence, I suggest to close
>
>         ISSUE-192: Should exceptions have expiry date, secure flag or other
>         cookie-like attributes?
>         http://www.w3.org/2011/tracking-protection/track/issues/192
>         Resolution:
>         - User agents may expire
>         exceptions (or use other mechanisms for
>         aligning them with user preference)
>         - Suggestion: No additional management mechanisms; leave TPE spec as it is
>
>
>
>
>
>

Received on Wednesday, 12 June 2013 15:45:44 UTC