Re: site-specific with no targets

Hi Rob,

thanks a lot for this good news.
I would appreciate if you double check the API and send an endorsement
to the list.
Something like "I had a look at the API and I believe the draft is ready
for CR."

Thanks a lot!

matthias

On 29.08.2017 21:14, Rob van Eijk wrote:
> The parameter may work for both use cases in the same API: (1) the
> NAI/DAA style call (parameter not in dictionary means everyone)and (2)
> the European ePR style call ( parameter present but set to the empty
> array means no-one else).
> 
> Rob
> 
> -----Original message-----
> *From:* David (Standards) Singer
> *Sent:* Tuesday, August 29 2017, 2:53 am
> *To:* Mike O'Neill
> *Cc:* public-tracking@w3.org
> *Subject:* Re: site-specific with no targets
> 
> (...) I assume we can have it that — parameter missing (not in dictionary) means everyone, and parameter present but set to the empty array means no-one else.
> 
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 
> 
> 
>     -----Original message-----
>     *From:* Mike O'Neill
>     *Sent:* Tuesday, August 29 2017, 7:29 pm
>     *To:* singer@apple.com; 'Roy T. Fielding'
>     *Cc:* public-tracking@w3.org
>     *Subject:* RE: site-specific with no targets
> 
>     David, 
> 
>     Yes, you should not need to remember consent in a cookie if you can set DNT to 0, and both ends know what it means, as well as regulators, researchers etc.
> 
>     Also It would be less confusing to developers if the empty array just meant "no (subresource) targets", we can signal "any and all subresources" with targets==undefined (absent) or null.
> 
>     And yes Roy, I mean the domain that the script can get from its version of document.domain.
> 
>     Mike
> 
> 
> 
> 
>     -----Original Message-----
>     From: singer@apple.com <mailto:singer@apple.com> [mailto:singer@apple.com <mailto:singer@apple.com>] 
>     Sent: 29 August 2017 01:52
>     To: Mike O'Neill <michael.oneill@baycloud.com <mailto:michael.oneill@baycloud.com>>
>     Cc: public-tracking@w3.org <mailto:public-tracking@w3.org>
>     Subject: Re: site-specific with no targets
> 
> 
>     > On Aug 28, 2017, at 14:15 , Mike O'Neill <michael.oneill@baycloud.com <mailto:michael.oneill@baycloud.com>> wrote:
>     > 
>     > The text says that an empty array is same as null or undefined for
>     > site-specific targets. It would be better if an empty array just meant there
>     > were no targets so only the script-origin (or a subdomain of it) received
>     > DNT:0
>     > 
>     > Otherwise, if only wanted to register consent for the script origin and not
>     > any subresources, you would have to set targets to contain a non-existent
>     > subresource, or the script-origin domain., which is weird.
>     > 
>     > 
> 
> 
>     If you have consent from the user, and you want DNT:0 to come back only to you, and not be sent to anyone else, you really don’t need the DNT signal. Its greatest value is in sending DNT:0 to third parties with whom it is otherwise very hard to communicate.  You *could* remember “I have consent” in any way you like.
> 
>     But, it would be tidier to use DNT.  I’ll check, but I assume we can have it that — parameter missing (not in dictionary) means everyone, and parameter present but set to the empty array means no-one else.
> 
> 
>     David Singer
>     Manager, Software Standards, Apple Inc.
> 
> 
> 
> 

Received on Wednesday, 30 August 2017 09:44:13 UTC