- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 4 Dec 2014 17:06:09 -0800
- To: Shane M Wiley <wileys@yahoo-inc.com>
- Cc: 'Tracking Protection Working Group' <public-tracking@w3.org>
This is ISSUE-262 ...
I have attempted to address the general problem of gateways to
multiple parties using a TSV of G. My proposal can now be seen in the
editors draft at
http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#TSV-G
and a diff is below.
....Roy
Index: tracking-dnt.html
===================================================================
RCS file: /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html,v
retrieving revision 1.273
diff -u -r1.273 tracking-dnt.html
--- tracking-dnt.html 24 Sep 2014 00:09:56 -0000 1.273
+++ tracking-dnt.html 5 Dec 2014 00:46:45 -0000
@@ -571,6 +571,7 @@
<pre class="abnf">
<dfn>TSV</dfn> = %x21 ; "!" - under construction
/ %x3F ; "?" - dynamic
+ / %x47 ; "G" - gateway to multiple parties
/ %x4E ; "N" — not tracking
/ %x54 ; "T" — tracking
/ %x43 ; "C" - tracking with consent
@@ -609,13 +610,61 @@
responses to requests on the designated resource.
If <code>?</code> is present in the <a>Tk</a> header field,
more information will be provided in a request-specific
- tracking status resource referred to by the <a>status-id</a>.
+ tracking status resource referred to by the <code><a>status-id</a></code>.
An origin server MUST NOT send <code>?</code> as the
tracking status value in the representation of a
request-specific tracking status resource.
</p>
</section>
+ <section id='TSV-G'>
+ <h4>Gateway (G)</h4>
+ <p>
+ A tracking status value of <dfn>G</dfn> means the origin server
+ is acting as a gateway to an exchange involving multiple parties.
+ This might occur if a response to the <a>designated resource</a>
+ involves an automated selection process, such as dynamic bidding,
+ that determines which party is able to collect tracking data.
+ Similar to the <code>?</code> value, the <code>G</code> TSV
+ indicates that the actual tracking status is dynamic and will be
+ provided in the response message's <a>Tk</a> header field,
+ presumably using information forwarded from the selected party.
+ </p>
+ <p>
+ This tracking status value is only valid as a site-wide status.
+ An origin server MUST NOT send <code>G</code> as the
+ tracking status value in a <a>Tk</a> header field or within the
+ representation of a request-specific tracking status resource.
+ An origin server MUST NOT send <code>G</code> as the tracking
+ status value if it knows in advance that all of the potential
+ recipients have agreed on a single tracking status value of
+ <code>N</code> (not tracking); in this case, the origin server
+ MUST respond with <code>N</code> instead of <code>G</code>.
+ </p>
+ <p>
+ If <code>G</code> is present in the site-wide tracking status:
+ <ul>
+ <li>the origin server MUST meet the requirements of a
+ service provider for each of the parties to which it
+ provides request data;</li>
+ <li>the origin server MUST send a link within its site-wide
+ tracking status representation to a privacy policy that
+ explains what limitations (if any) are placed on parties that
+ might receive data via that gateway;</li>
+ <li>the origin server MUST forward any expressed tracking
+ preference in the request to each party that receives data
+ from that request;</li>
+ <li>the origin server MUST send a <a>Tk</a> header field in
+ responses to requests on the designated resource and include
+ within that field's value a <code><a>status-id</a></code>
+ specific to the selected party, such that information about
+ the selected party can be obtained via the request-specific
+ tracking status resource (see
+ <a href="#request-specific-status-resource" class="sectionRef"></a>).</li>
+ </ul>
+ </p>
+ </section>
+
<section id='TSV-N'>
<h4>Not Tracking (N)</h4>
<p>
@@ -739,11 +788,12 @@
<h4>Definition</h4>
<p>
- The <dfn>Tk</dfn> response header field is hereby defined as an
- OPTIONAL means for indicating the tracking status that applied
- to the corresponding request and as a REQUIRED means for
- indicating that a state-changing request has resulted in an
- interactive change to the tracking status.
+ The <dfn>Tk</dfn> response header field is a means for indicating
+ the tracking status that applied to the corresponding request.
+ An origin server is REQUIRED to send a <code>Tk</code> header
+ field if its site-wide tracking status value is <a>?</a>
+ (dynamic) or <a>G</a> (gateway), or when an interactive change is
+ made to the tracking status and indicated by <a>U</a> (updated).
</p>
<pre class="abnf">
<dfn>Tk-field-name</dfn> = "Tk"
@@ -769,11 +819,12 @@
If an origin server has multiple, request-specific tracking
policies, such that the tracking status might differ depending on
some aspect of the request (e.g., method, target URI, header
- fields, data, etc.), the origin server MAY provide an additional
+ fields, data, etc.), the origin server can provide an additional
subtree of well-known resources corresponding to each of those
- distinct tracking statuses. The OPTIONAL <a>status-id</a> portion
- of the <a>Tk</a> field-value indicates which specific tracking
- status resource applies to the current request.
+ distinct tracking statuses. The <code>status-id</code>
+ portion of the <a>Tk</a> field-value indicates which specific
+ tracking status resource applies to the current request.
+ The <code>status-id</code> is case-sensitive.
</p>
<pre class="abnf">
<dfn>status-id</dfn> = 1*id-char
@@ -791,10 +842,17 @@
</p>
<pre>/.well-known/dnt/fRx42</pre>
<p>
+ Note that the <code>status-id</code> is resolved relative
+ to the origin server of the current request. A retrieval request
+ targeting that URI can be redirected, if desired, to some other
+ server. The <code>status-id</code> has been intentionally limited
+ to a small set of characters to encourage use of short tokens
+ instead of potentially long, human-readable strings.
+ </p>
+ <p>
If a Tk field-value has a tracking status value of
- <code><a>?</a></code> (dynamic), then the origin server MUST also
- send a <code><a>status-id</a></code> in the field-value.
- The status-id is case-sensitive.
+ <code><a>?</a></code> (dynamic), the origin server MUST
+ send a <code>status-id</code> in the field-value.
</p>
</section>
@@ -865,12 +923,12 @@
If an origin server has multiple, request-specific tracking
policies, such that the tracking status might differ depending on
some aspect of the request (e.g., method, target URI, header
- fields, data, etc.), the origin server MAY provide an additional
+ fields, data, etc.), the origin server can provide an additional
subtree of well-known resources corresponding to each of those
distinct tracking statuses. The <a>Tk</a> response header field
(<a href="#response-header-field" class="sectionRef"></a>) can
- include a <a>status-id</a> to indicate which specific tracking
- status resource applies to the current request.
+ include a <code><a>status-id</a></code> to indicate which specific
+ tracking status resource applies to the current request.
</p>
<p>
A <dfn>tracking status resource space</dfn> is defined by the
Received on Friday, 5 December 2014 01:06:34 UTC