W3C home > Mailing lists > Public > public-tracking@w3.org > October 2014

ISSUE-262: guidance regarding server responses and timing

From: Nicholas Doty <npdoty@w3.org>
Date: Tue, 21 Oct 2014 15:43:47 -0700
Message-Id: <141EC4EA-54E5-4669-8C09-7D100BD70F8E@w3.org>
Cc: "Roy T. Fielding" <fielding@gbiv.com>
To: Tracking Protection Working Group <public-tracking@w3.org>
Our discussion last week of ISSUE-262 (guidance regarding server responses and timing) focused on a question of ad exchanges or other servers that communicate with a number of other servers, for one of which it acts as a service provider. The question was how the exchange/real-time-bidding server should respond, for users that fetch the tracking status resource. In some cases, if the exchange server knows that all of its potential winning bidders/potential responders have a common DNT policy, the server could just respond statically with the tracking status resource that corresponds to the request and those downstream servers. But what if the server's downstream servers don't have a common DNT policy (some comply and some don't; some claim consent and some don't; etc.)?

Based on IRC conversation, here is what I would suggest for that case:

A server that doesn't know ahead of time what server will win the bid and where those downstream servers have varying/incompatible policies, the exchange server can respond to any tracking status resource requests with the tracking status value of "?", which we had previously defined for any resources for which the tracking behavior is dynamic.

	http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#TSV-?

In order to comply with the TPE, the exchange server would need to determine the appropriate tracking status from the downstream server that wins the bid and supplies the response. And in the response to the resource request (to load the ad, for example), the exchange server would send a Tk response header with the appropriate value. The server might also send a "status-id" field so that interested users could query the tracking-status resource that could then be specific to that fulfilling server (links to privacy policy, etc.).

Roy suggests that we might need to make a small change to the requirements about the cached life of these values to correspond to this case (where the same URL might be fulfilled in different ways by different servers within a 24 hour period). I believe we'd indicate that the Tk: response value does not need to be valid for at least 24 hours, but only for the request itself. That wouldn't change any of the expected caching behavior of tracking status resources. I believe that would just be a clarification added to either 6.7.2 or 6.3.1.

(The question also doesn't arise for advertising models where the user agent is redirected to another server to deliver the ad itself -- in that case each server just responds to any tracking status resource requests based on its individual policy.)

Thanks,
Nick

Received on Tuesday, 21 October 2014 22:44:00 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:24 UTC