- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Mon, 31 Jul 2017 17:08:50 +0100
- To: "'Roy T. Fielding'" <fielding@gbiv.com>, "'David Singer'" <singer@apple.com>
- Cc: "'Aleecia M. McDonald'" <aleecia@aleecia.com>, <public-tracking@w3.org>
It looks like the meeting is cancelled, but I would like to raise 3 issues with Roy's changes2 substantive and 1 editorial.. The main one is the change in the API which, although I like the new structure, creates a new danger in that web-wide consent can now be registered by sub-resource iframes. If an iframe script-origin sets site to '*' and target to a set of domains, then each of those domains gets a web-wide exception. I think that makes it too easy for bad actors. I think web-wide registering should be limited to the top-level domain. My other beef is with 9.1 which I think is unnecessary. It also contradicts what European DPAs have been saying. We should leave this up to compliance specs. The editorial point is 7.9 para 2 . This should say the promise is rejected, not that the call throws an exception Mike -----Original Message----- From: Roy T. Fielding [mailto:fielding@gbiv.com] Sent: 31 July 2017 13:40 To: David Singer <singer@apple.com> Cc: Aleecia M. McDonald <aleecia@aleecia.com>; public-tracking@w3.org (public-tracking@w3.org) (public-tracking@w3.org) <public-tracking@w3.org> Subject: Re: do we have cause for a call on monday? I am very close to being happy with the current document. I think the API is okay, but there are still parts of the other sections under Exceptions that should be merged in with the API, and then it needs a clear-eyed read-through. Since the working group doesn't need to make a decision yet, I would like to skip the call, get some sleep, and finish my edits tomorrow. However, folks are welcome to review it right now if they wish. I think the relevant changes are limited to sections 5.2.1, 5.3, and 7 through 9. https://w3c.github.io/dnt/drafts/tracking-dnt.html with history at https://github.com/w3c/dnt/commits/master/drafts/tracking-dnt.html Also, we might consider (as a last step before publication) moving the entire Exceptions section 7 up to be between the existing sections 5 (Expressing a Tracking Preference) and 6 (Communicating a Tracking Status). I say last step because that would be editorial but would mess up the diffs. Cheers, ....Roy > On Jul 30, 2017, at 5:29 PM, David Singer <singer@apple.com> wrote: > > I don’t have cause, and I didn’t have time for the study I hoped to do. > > If we want a working session where Roy takes us through some of what he’s struggling with and we help wordsmith edits, I am fine with that. But I don’t have a need for a formal call, myself. > >> On Jul 29, 2017, at 13:44 , Aleecia M. McDonald <aleecia@aleecia.com> wrote: >> >> When last we left our intrepid heroes, David Singer was pinging Roy to see if we were at a document freeze with no further changes expected. If so, Shane can hand the spec off for internal feedback within Yahoo for up to two weeks, and then at the end of that time if all goes well we ship. [Please correct me if I’m getting any of this wrong.] >> >> It’s been quiet since. >> >> Any news? Are we doc-lock’ed? Perhaps Shane could start his round of reviews with his engineers now? >> >> If there’s no reason for a group call on Monday, it would be better to know that in advance so I can use the time elsewhere. If there is a productive call to be had, all the better and I look forward to the agenda. >> >> Aleecia >> > > David Singer > Manager, Software Standards, Apple Inc. > >
Received on Monday, 31 July 2017 16:09:48 UTC