Re: example for OOBC with cookies (was Re: change proposal)

On Jun 26, 2013, at 1:22 AM, Nicholas Doty wrote:

> Providing non-normative text suggesting a convention for cookies used for out-of-band consent sounds similar to Roy's proposal that we drop the JS APIs altogether in favor of such conventions. Roy, CCed, do you think providing such conventions (in a non-normative way) would be a useful way forward?

No.  OOBC is (by definition) not specified by the protocol.

My suggestion was that our in-band UGE be replaced by an in-band
opt-in consent mechanism based on a specially named cookie, not
that we specify out of band mechanisms.

A site might obtain user consent via any number of mechanisms,
including old-school written contracts with definite term
periods.  We cannot specify how such consent is obtained,
nor can we require that consent be revocable on demand.

....Roy

Received on Wednesday, 26 June 2013 08:40:16 UTC