- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 30 Aug 2017 09:17:11 -0700
- To: Shane M Wiley <wileys@oath.com>
- Cc: public-tracking@w3.org
- Message-Id: <8A26B8F1-01D7-4C43-AFCE-A2D9066569AA@gbiv.com>
> On Aug 30, 2017, at 8:01 AM, Shane M Wiley <wileys@oath.com> wrote: > > Mike and Group, > > This statement "A site can request an exception be stored even when the user's general preference is not enabled." is a bit misleading as an exception can be stored at any time if the user has granted consent - regardless of their general preference. That's exactly what it says. What am I missing? ....Roy > For example, the general preference maybe DNT:1 to all sites UNTIL an exception is granted. Not sure when this language made it's way into the document but it isn't what we've been discussing. > > - Shane > >> On Wed, Aug 30, 2017 at 6:32 AM, Mike O'Neill <michael.oneill@baycloud.com> wrote: >> Roy, >> >> >> >> This is very good, I am happy with it except for the following nits: >> >> >> >> 6.3 para 4 >> >> >> >> A first party site's page (the top-level browsing context) might be used to obtain site-specific consent for multiple parties; e.g., using multiple iframe elements containing scripts that can convey information about each party's policies and obtain specific consent for each party. In this case, the effective script origin might be different from the site for which consent is being granted. >> >> >> >> It can be also web-wide also now, and consent is always being granted for the script origin, or a subdomain of it (or site-specific consent for a subresource of it). Suggested change: >> >> >> >> A first party site's page (the top-level browsing context) might be used to obtain site-specific or web-wide consent for multiple parties; e.g., using multiple iframe elements containing scripts that can convey information about each party's policies and obtain specific consent for each party. In this case, consent is being obtained for the effective script origin of the iframe's responsible document, which could be different from that of the top-level browsing context. >> >> >> >> >> >> 6.3 para 6 >> >> >> >> A site can request an exception be stored even when the user's general preference is not enabled. This permits the sending of DNT only for target resources for which an expressed preference is desired. Stored exceptions could affect which preference is transmitted if a user later chooses to configure a general tracking preference. >> >> >> >> This is a bit unclear, especially the meaning of the last sentence. We should say this is only about DNT:0, and remove the last sentence which does not really add anything. It is a MAY anyway, so best leave it to the browser provider. Suggested change: >> >> >> >> A site can request an exception be stored even when the user's general preference is not enabled. This permits the sending of DNT:0 only for target resources for which the expressed preference is desired. >> >> >> >> 6.6.1, 6.6.2, 6.6.3 description of “targets” property. >> >> >> >> targets >> >> An array of target domains for which the exception applies: >> If targets is undefined or null, the user-granted exception to be stored is [site, *], meaning that the exception applies to all domains referenced by the site. >> If targets is an empty array, the user-granted exception to be stored is [site, script domain], meaning that the exception applies only to resources that share the same domain as the effective script origin. >> Otherwise, for each domain string in the targets array, a user-granted exception to be stored is the duplet [site, domain]. >> >> >> It is unclear if the script origin always receives an exception, which was the case before. A “domain referenced by the site” implicitly includes the script origin, and the empty array case specifically includes it, so it would make sense to cover this also for the non-empty targets case. Suggested change: >> >> >> >> >> >> >> >> targets >> >> An array of target domains for which the exception applies: >> If targets is undefined or null, the user-granted exception to be stored is [site, *], meaning that the exception applies to all domains referenced by the site. >> If targets is an array, the user-granted exception to be stored is at least [site, script domain], meaning that the exception applies to resources that share the same domain as the effective script origin. >> Additionally, for each domain string in the targets array, a user-granted exception is stored for the the duplet [site, domain]. >> >> >> Mike >> > > > > -- > - Shane > > Shane Wiley > VP, Privacy > Oath: A Verizon Company
Received on Wednesday, 30 August 2017 16:17:37 UTC