Two more editorial issues in the TPE

On Apr 10, 2014, at 6:38 , Roy T. Fielding <fielding@gbiv.com> wrote:

> Please note, however,
> that I have not reviewed the section on User-granted Exceptions.
> I just haven't had the time. 

Re-reading it one more time, I notice:

"	• While the user is browsing a given site (top-level origin), and a DNT header is to be sent to a target domain, if the duplet [top-level origin, target domain] matches any duplet in the database, then a DNT:0 header is sent, otherwise DNT:1 is sent.”

This is careless writing on my part.  Actually, If there is no exception that applies, the default is that whatever the user has set as their general preference (if any) is sent, not necessarily DNT:1.

"	• While the user is browsing a given site (top-level origin), and a DNT header is to be sent to a target domain, if the duplet [top-level origin, target domain] matches any duplet in the database, then a DNT:0 header is sent, otherwise the header (if one is needed) corresponding to the user’s general preference is sent.”


"A named third party acquiring an exception with this mechanism must make sure that sub-services it uses acknowledge this constraint by requiring the use of the appropriate tracking status value of 'C' (consent), and the qualifier "t", from its sub-sub-services.”

Technical issue. This defines a qualifier, but the tracking status part of the document no longer has defined qualifiers. We can’t define something for all compliance specs, the most we can do is suggest.

"A named third party acquiring an exception with this mechanism must make sure that sub-services it uses acknowledge this constraint by requiring the use, by them, of the tracking status value ‘C’ (consent), and an appropriate qualifier defined by the compliance regime(s) they operate under that indicates this transfer; the qualifier “t” (transferred) is suggested."





David Singer
Manager, Software Standards, Apple Inc.

Received on Friday, 11 April 2014 08:29:18 UTC