- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Sun, 6 Aug 2017 21:23:36 -0700
- To: Matthias Schunter <mts-std@schunter.org>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
> On Aug 5, 2017, at 12:09 AM, Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote: > > Dear TPWG, > > I finally returned from holiday ;-) and can chair the call on Monday > again. Sorry for any hickups during my absence. > > Roy promised to finalize the "camera-ready" version of the TPE by > Monday. During our call, he will walk us through the final edits and we > then have two weeks to review the spec. Afterwards, we plan to submit to > CR to kick off updated implementations. > > Any questions/feedback is welcome! > > Regards, > matthias I have completed all of the changes that I could think of to simplify the API and fill out the security/privacy issues. The draft is at https://w3c.github.io/dnt/drafts/tracking-dnt.html dated 07 August 2017 (UTC). I won't be changing it at all for the next two weeks, even if we find something at the meeting. Suggested changes should be added as github issues, pull requests, or sent to the mailing list (if you don't have a github account). https://github.com/w3c/dnt/issues A complete diff since the last CR is at https://w3c.github.io/dnt/diffs/diff_tpe_CR_to_ED_20170806.html However, the above diff is a little messy due to the section moves. The following diff is easier to read because it is against the CR with sections reordered in the same way as the current document. https://w3c.github.io/dnt/diffs/diff_tpe_CRx_to_ED_20170806.html In addition, a history of the changes over time can be seen at https://github.com/w3c/dnt/commits/master/drafts/tracking-dnt.html Since our last discussion, the primary changes have been: 1. Sec 6: Re-org and rewrite of the User-Granted Exceptions, reduced the API to three methods and two dictionaries, and moved the section up above the server response section. 2. Sec 6.6.1: Added a restriction that web-wide exceptions can only be stored/removed while interacting with the target domain as a first party: For each of the targets in a web-wide exception, a user agent MUST NOT store the duplets and MUST reject the promise with a DOMException named "SecurityError" unless the target domain matches both the document.domain of the script's responsible document and the document.domain of the top-level browsing context's active document [HTML5]. This effectively limits the API for web-wide exceptions to the single target domain of the caller. 3. Sec 5.3: Clarified what Navigator.doNotTrack means in terms of the [site, target] duplet: Specifically, the value of Navigator.doNotTrack for a given script is either null or the string value that would be sent in a DNT field-value (section 5.2 DNT Header Field for HTTP Requests) in a request to a target resource at the effective script origin (the current document.domain of the script's responsible document) when that request is due to an embedded reference from this site (the document.domain of the top-level browsing context's active document). 4. Removed all of my notes and moved the note about defaults to its own section under Privacy Considerations (sec 10.1). 5. Added Security Considerations (sec 9) and an additional privacy consideration sec 10.3 "Stored Exceptions are Stored History". Personally, I think the document is now ready for publication. However, I have not updated the Acknowledgements section in several years, so please let us know if anything there needs to be added or removed. Also, I have not changed the status from ED to CR, since that only impacts the front matter and I think that is better done after WG approval of the content. I will try to be on the call, but I am currently on sabbatical, away from home, and in a small hotel room with family. The above should be sufficient to guide reviewers, so there's no need to wait for me (any more). Cheers, Roy T. Fielding <http://roy.gbiv.com/> Senior Principal Scientist, Adobe <https://www.adobe.com/>
Received on Monday, 7 August 2017 04:24:03 UTC