- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Mon, 24 Jun 2013 22:58:15 +0100
- To: "'Rob van Eijk'" <rob@blaeu.com>, <public-tracking@w3.org>
- Message-ID: <06b601ce7125$ede7e790$c9b7b6b0$@baycloud.com>
Hi Rob, +1 to that, though in the OOBC case “A user agent SHOULD change the DNT expression to DNT:0 for that network transaction” It would be easy to do it, if it can execute JS so why not. It helps transparency. I think we could also add non-normative text in the TPE for an example of using an HTTP cookie for OOBC. This way we could recommend (it is non-normative) the name and value encoding which also helps transparency, and if we use a W3C well-known name UAs could use it to revoke consent automatically in the same UI used for UGEs. I will have a stab at text for this during the week, something like (in a response header – it could of course also be done in JS) Set-Cookie: W3CTP=C=1 ( i.e. the cookie is named W3CTP and has a subkey C with value 1). If C=0 or the cookie is absent this indicates consent has been revoked or has not been given. Mike From: Rob van Eijk [mailto:rob@blaeu.com] Sent: 24 June 2013 21:45 To: public-tracking@w3.org Group WG Subject: Change proposal Issue-201 Dear group, hereby my text proposal for issue-201. It is also open for discussion. Nick could you please add it to the change list for the June Draft? Thanks, Rob Text proposal: <text> In general, OOBC trumps UGE. OOBC: When a party relies on OOBC, it MUST use the tracking status value "C" and a well as a provide a well known resource/control link to easily revoke consent. A user agent MAY change the DNT expression to DNT:0 for that network interaction. UGE: When a party relies on UGE, and a user grants a UGE, the user agent MUST change the DNT expression to DNT:0 for that network interaction. The user agent MUST provide easy access to the list of UGEs as well as provide a means to easily revoke an individual UGE or all UGEs. </text>
Received on Monday, 24 June 2013 21:58:58 UTC