Re: extensions in Determining User Preference

On April 8, 2014, at 10:16 AM, David Singer <singer@apple.com> wrote:

> On Apr 8, 2014, at 19:10 , Adrian Bateman <adrianba@microsoft.com> wrote:
>> 
>> My main concern with the proposal is the MUST requirement:
>> 
>> "A user agent that allows extensions to directly make or modify HTTP requests MUST
>> provide a corresponding API to those extensions for determining the user's tracking
>> preference."
>> 
>> The spec gives some examples of extensions but doesn't really define them. There are many
>> different ways to extend a browser and I'm not convinced it is always possible to
>> provide such an API.
>> 
>> In the past, IE and others have provided similar APIs to allow plug-ins to determine
>> private browsing modes so I don't think it's an unrealistic goal in general. However,
>> it will be possible to write an extension where it would be hard to provide such an
>> API and I think we need to recognise this in the spec.
>> 
>> Given the previous discussions in this group I'm hesitant to suggest it but I think
>> this requirement should be a SHOULD.
>> 
> 
> I am with you.  
> 
> It seems like a good idea to have extensions respect DNT. However, (a) I am not sure we can reasonably provide this API for all types of software that could be considered an extension, plug-in or add-on; and (b) in some cases, where the UA is in control of networking done by the extension, as with Safari Extensions, it would be more appropriate for the UA to automatically add the right DNT header and therefore there is no need to expose the preference. 
> 
> Based on these points, I think the requirement should be, for now,  a SHOULD.
> 
> Iím not saying that Roy hasnít raised a good point; itís that it needs consideration, looking at the cases, and so on.  

(As noted earlier, some of our discussions on this thread might have strayed from the original topic. This isn't about the software for getting the user's preference, but about the details for browsers to communicate to extensions (unrelated to DNT) that might independently create and execute HTTP requests, so that they can send the same DNT header.)

To pick up on the suggestion of SHOULD instead of MUST and to clarify the confusion I had about "allow" and "direct", I'd suggest the following.

How about, in place of:
> A user agent that allows extensions to directly make or modify HTTP requests MUST provide a corresponding API to those extensions for determining the user's tracking preference.

We instead wrote:
> A user agent SHOULD provide an API or configuration option to extensions that might create HTTP requests external to the user agent.

This isn't about extensions that are modifying user agent configuration but about communicating user agent configuration to extensions. And those extensions that use browser APIs for executing their HTTP requests don't need the separate API because those requests can already have DNT headers that correspond to the user preference configured in the browser. The previous sentences that Roy included already give the motivation and note that extension interfaces aren't going to be identical.

I think "MAY" would be fine as well, but "SHOULD" would indicate to an extension developer that if they can't get access to the user's DNT setting to send it on independently-created HTTP requests, they probably ought to talk to the UA about it, rather than creating their own configuration/DNT store.

Hope this helps,
Nick

Received on Wednesday, 9 April 2014 02:43:45 UTC