[TPE] editorial changes in terminology section from Roy T. Fielding on 2015-03-20 (public-tracking@w3.org from March 2015)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Fri, 20 Mar 2015 07:03:50 -0700
To: Tracking Protection Working Group <public-tracking@w3.org>
Message-Id: <C53A4C3D-7CC1-4A79-B4F8-FE90B0AC5855@gbiv.com>
As described on last week's call, this is the change to add the two
definitions from TCS, for permanently de-identified and service provider,
that were already being used in TPE.  I also partitioned the section into
related subsections and added links to the HTTP standard's terms, since
we probably can't assume that our readers will know HTTP architecture.

....Roy

Begin forwarded message:

> Resent-From: public-tracking-commit@w3.org
> From: "CVS User rfieldin" <cvsmail@w3.org>
> Subject: CVS WWW/2011/tracking-protection/drafts
> Date: March 20, 2015 6:37:36 AM PDT
> To: public-tracking-commit@w3.org
> Archived-At: <http://www.w3.org/mid/E1YYx7I-000331-Mc@gil.w3.org>
> 
> Update of /w3ccvs/WWW/2011/tracking-protection/drafts
> In directory gil:/tmp/cvs-serv11715/drafts
> 
> Modified Files:
> 	tracking-dnt.html 
> Log Message:
> (editorial) Partition the terminology into subsections, add references to the HTTP terms, and copy definitions of permanently de-identified and service provider from TCS
> 
> --- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2015/02/10 19:36:19	1.279
> +++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html	2015/03/20 13:37:36	1.280
> @@ -135,7 +135,7 @@
>         unable to turn that off. In other cases, a server might perform only
>         limited forms of tracking that would be acceptable to most users.
>         Servers need mechanisms for communicating their tracking behavior and
> -        for storing user-granted exceptions after the user has made an
> +        for storing a <a>user-granted exception</a> after the user has made an
>         informed choice.
>       </p>
>       <p>
> @@ -148,7 +148,7 @@
>         <a>Tk</a> response header field are defined for communicating the
>         server's tracking behavior. In addition, JavaScript APIs are defined
>         for enabling scripts to determine DNT status and register a
> -        <a>user-granted exception</a>.
> +        user-granted exception.
>       </p>
>       <p>
>         This specification does not define requirements on what a recipient
> @@ -164,6 +164,31 @@
> 
>     <section id='terminology'>
>       <h2>Terminology</h2>
> +
> +    <section id='terminology.http'>
> +      <h3>HTTP</h3>
> +      <p>
> +        The following terms are used as defined by HTTP/1.1 syntax [[!RFC7230]]
> +        and semantics [[!RFC7231]]:
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">client</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">server</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">origin server</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">user agent</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">sender</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">recipient</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">request</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">response</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">message</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.3">intermediary</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.3">proxy</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.3">cache</a></dfn>,
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7231#section-2">resource</a></dfn>, and
> +        <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7231#section-3">representation</a></dfn>.
> +      </p>
> +    </section>
> +
> +    <section id='terminology.activity'>
> +      <h3>Activity</h3>
>       <p>
>         <dfn>Tracking</dfn> is the collection of data regarding a particular
>         user's activity across multiple distinct contexts and the retention,
> @@ -173,16 +198,6 @@
>         the same party or jointly controlled by a set of parties.
>       </p>
>       <p>
> -        A <dfn>user</dfn> is a natural person who is making, or has made,
> -        use of the Web.
> -      </p>
> -      <p>
> -        A <dfn>user agent</dfn> is any of the various client programs
> -        capable of initiating HTTP requests, including (but not
> -        limited to) browsers, spiders (web-based robots), command-line
> -        tools, custom applications, and mobile apps [[!RFC7230]].
> -      </p>
> -      <p>
>         A <dfn>network interaction</dfn> is a single HTTP request and its
>         corresponding response(s): zero or more interim (1xx) responses and
>         a single final (2xx-5xx) response.
> @@ -194,6 +209,14 @@
>         reloading a page are examples of user actions.
>         <dfn>User activity</dfn> is any set of such user actions.
>       </p>
> +    </section>
> +
> +    <section id='terminology.participants'>
> +      <h3>Participants</h3>
> +      <p>
> +        A <dfn>user</dfn> is a natural person who is making, or has made,
> +        use of the Web.
> +      </p>
>       <p>
>         A <dfn>party</dfn> is a natural person, a legal entity, or a set of
>         legal entities that share common owner(s), common controller(s), and
> @@ -225,6 +248,38 @@
>         of either that user or that first party.
>       </p>
>       <p>
> +        Access to Web resources often involves multiple parties that might
> +        process the data received in a network interaction. For example,
> +        domain name services, network access points, content distribution
> +        networks, load balancing services, security filters, cloud platforms,
> +        and software-as-a-service providers might be a party to a given
> +        network interaction because they are contracted by either the user or
> +        the resource owner to provide the mechanisms for communication.
> +        Likewise, additional parties might be engaged after a network
> +        interaction, such as when services or contractors are used to perform
> +        specialized data analysis or records retention.
> +      </p>
> +      <p>
> +        For the data received in a given network interaction, a
> +        <dfn>service provider</dfn> is considered to be the same party as its
> +        <dfn>contractee</dfn> if the service provider:
> +      </p>
> +      <ol>
> +        <li>processes the data on behalf of the contractee;</li>
> +        <li>ensures that the data is only retained, accessed, and used as
> +            directed by the contractee;</li>
> +        <li>has no independent right to use the data other than in a
> +            <a>permanently de-identified</a> form (e.g., for monitoring
> +            service integrity, load balancing, capacity planning, or billing);
> +            and,</li>
> +        <li>has a contract in place with the contractee which is consistent
> +            with the above limitations.</li>
> +      </ol>
> +    </section>
> +
> +    <section id='terminology.data'>
> +      <h3>Data</h3>
> +      <p>
>         A party <dfn>collects</dfn> data received in a network interaction
>         if that data remains within the party’s control after the network
>         interaction is complete.
> @@ -238,12 +293,24 @@
>         that data to any other party.
>       </p>
>       <p>
> +        Data is <dfn>permanently de-identified</dfn> when there exists a high
> +        level of confidence that no human subject of the data can be
> +        identified, directly or indirectly (e.g., via association with an
> +        identifier, user agent, or device), by that data alone or in
> +        combination with other retained or available information.
> +      </p>
> +    </section>
> +
> +    <section id='terminology.preferences'>
> +      <h3>Preferences</h3>
> +      <p>
>         A <dfn>user-granted exception</dfn> is a specific tracking
>         preference, overriding a user's general tracking preference, that
>         has been obtained and recorded using the mechanisms defined in
>         <a href="#exceptions" class="sectionRef"></a>.
>       </p>
>     </section>
> +    </section>
> 
>     <section id='notational'>
>       <h2>Notational Conventions</h2>
> @@ -742,7 +809,8 @@
>             consent for tracking this user, user agent, or device, but
>             promises not to use or share any <code><a>DNT:1</a></code> data until
>             such consent has been determined, and further promises to delete
> -            or de-identify within forty-eight hours any <code><a>DNT:1</a></code>
> +            or <a href="#dfn-permanently-de-identified">permanently de-identify</a>
> +            within forty-eight hours any <code><a>DNT:1</a></code>
>             data received for which such consent has not been received.
>           </p>
>           <p>
> 
>
Received on Friday, 20 March 2015 14:04:14 UTC