W3C home > Mailing lists > Public > public-tracking@w3.org > August 2017

Re: Monday Call

From: Roy T. Fielding <fielding@gbiv.com>
Date: Sun, 6 Aug 2017 21:23:36 -0700
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <BF0EEFE6-3340-47D2-9848-610C00DD42E9@gbiv.com>
To: Matthias Schunter <mts-std@schunter.org>
> On Aug 5, 2017, at 12:09 AM, Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:
> Dear TPWG,
> I finally returned from holiday ;-) and can chair the call on Monday
> again. Sorry for any hickups during my absence.
> Roy promised to finalize the "camera-ready" version of the TPE by
> Monday. During our call, he will walk us through the final edits and we
> then have two weeks to review the spec. Afterwards, we plan to submit to
> CR to kick off updated implementations.
> Any questions/feedback is welcome!
> Regards,
> matthias

I have completed all of the changes that I could think of to simplify
the API and fill out the security/privacy issues.  The draft is at


dated 07 August 2017 (UTC).  I won't be changing it at all for
the next two weeks, even if we find something at the meeting.
Suggested changes should be added as github issues, pull requests,
or sent to the mailing list (if you don't have a github account).


A complete diff since the last CR is at


However, the above diff is a little messy due to the section moves.
The following diff is easier to read because it is against the CR
with sections reordered in the same way as the current document.


In addition, a history of the changes over time can be seen at


Since our last discussion, the primary changes have been:

1. Sec 6: Re-org and rewrite of the User-Granted Exceptions,
   reduced the API to three methods and two dictionaries,
   and moved the section up above the server response section.

2. Sec 6.6.1:
   Added a restriction that web-wide exceptions can only be
   stored/removed while interacting with the target domain as
   a first party:

   For each of the targets in a web-wide exception, a user agent MUST NOT
   store the duplets and MUST reject the promise with a DOMException named
   "SecurityError" unless the target domain matches both the document.domain
   of the script's responsible document and the document.domain of the
   top-level browsing context's active document [HTML5]. This effectively
   limits the API for web-wide exceptions to the single target domain of the

3. Sec 5.3:
   Clarified what Navigator.doNotTrack means in terms of the
   [site, target] duplet:

   Specifically, the value of Navigator.doNotTrack for a given script is
   either null or the string value that would be sent in a DNT field-value
   (section 5.2 DNT Header Field for HTTP Requests) in a request to a target
   resource at the effective script origin (the current document.domain of
   the script's responsible document) when that request is due to an embedded
   reference from this site (the document.domain of the top-level browsing
   context's active document).

4. Removed all of my notes and moved the note about defaults
   to its own section under Privacy Considerations (sec 10.1).

5. Added Security Considerations (sec 9) and an additional
   privacy consideration sec 10.3 "Stored Exceptions are Stored History".

Personally, I think the document is now ready for publication.
However, I have not updated the Acknowledgements section in several
years, so please let us know if anything there needs to be added
or removed.  Also, I have not changed the status from ED to CR,
since that only impacts the front matter and I think that is
better done after WG approval of the content.

I will try to be on the call, but I am currently on sabbatical,
away from home, and in a small hotel room with family.
The above should be sufficient to guide reviewers, so there's
no need to wait for me (any more).


Roy T. Fielding                     <http://roy.gbiv.com/>
Senior Principal Scientist, Adobe   <https://www.adobe.com/>
Received on Monday, 7 August 2017 04:24:03 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:39 UTC