RE: Change proposal Issue-201

Hi Rob,


+1 to that, though in the OOBC case “A user agent SHOULD change the DNT expression to DNT:0 for that network transaction” It would be easy to do it, if it can execute JS so why not. It helps transparency.


I think we could also add non-normative text in the TPE for an example of using an HTTP cookie for OOBC. This way we could recommend (it is non-normative)  the name and value encoding which also helps transparency, and if we use a W3C well-known name UAs could use it to revoke consent automatically in the same UI used for UGEs.


I will have a stab at text for this during the week, something like  (in a response header – it could of course also be done in JS) Set-Cookie: W3CTP=C=1 ( i.e. the cookie is named W3CTP and has a subkey C with value 1). If C=0 or the cookie is absent this indicates consent has been revoked or has not been given.





From: Rob van Eijk [] 
Sent: 24 June 2013 21:45
To: Group WG
Subject: Change proposal Issue-201


Dear group,

hereby my text proposal for issue-201. It is also open for discussion.

Nick could you please add it to the change list for the June Draft?


Text proposal: 
In general, OOBC trumps UGE. 

When a party relies on OOBC, it MUST use the tracking status value "C" and a well as a provide a well known resource/control link to easily revoke consent. A user agent MAY change the DNT expression to DNT:0 for that network interaction. 

When a party relies on UGE, and a user grants a UGE, the user agent MUST change the DNT expression to DNT:0 for that network interaction. The user agent MUST provide easy access to the list of UGEs as well as provide a means to easily revoke an individual UGE or all UGEs. 

Received on Monday, 24 June 2013 21:58:58 UTC