Re: Indirect DNT Processing (Proposed)

On a separate thread, I've suggested a potential response to issue-262, regarding use of "?" tracking status values for the dynamic case.

I don't think Shane's proposal of recent knowledge of UGE addresses the concern raised by the commenter, which was about timing of status. But the use of "?" and Tk response headers does implement what Shane suggested about conveying a signal from server-to-server and then subsequently back to the user agent, so it seems like we're in agreement on that.

I would recommend against adding an additional level of indirection regarding "recent knowledge". It seems like this would introduce mixed signals and increase the frequency with which users get unexpected warnings about preferences being overridden. For example, I might grant lots of user-granted exceptions in the course of my normal browsing, and then turn on a global DNT:1 while researching a sensitive topic. It would be concerning (and decrease trust in the signal) if the user found that their DNT:1 signal was interpreted as DNT:0 because a server that they didn't know they were communicating with remembered a DNT:0 from an earlier browsing session.


On October 15, 2014, at 8:32 AM, Shane M Wiley <> wrote:

> I was asked to develop language for consideration of how to manage DNT signals within Real-Time Bidding (RTB) environments such as an Ad Exchange.  I’ve up-leveled the concept to “Indirect DNT Processing” to cover scenarios where a user’s signal may move from a direct client interaction to one between servers (server-to-server).
> [Normative]
> For Servers in direct communication with the User Agent that then communicate further with other parties within the same transaction but outside direct communication with the User Agent, those Servers MUST convey the current DNT flag relayed to their domain to those other parties.  In cases where other parties have recent knowledge of their own domain’s DNT flag or UGE MAY process the request leveraging that information but MUST respond appropriately in the status response that they have done so – which, in turn, MUST then be conveyed by the Server to the User Agent.
> [Non-Normative]
> This is intended to facilitate indirect communications through a transitive passing of permission to allow for DNT processing to occur even when a processor doesn’t have direct access to the User Agent.  If the processor has direct information about their own domain’s DNT setting with the User Agent, such as their last direct interaction with the User Agent, they may want to consider this in their transaction handling.
> Question – While from a policy perspective the passage of the STATUS RESPONSE value makes sense I’m not sure if this works as cleanly with the current TPE handling of those statuses.  Should we add a new flag/field to state a response is being conveyed from another party as to not confuse the User Agent into thinking the response is coming from the server in which it is in direct communication?
> - Shane

Received on Tuesday, 21 October 2014 23:04:40 UTC