RE: Issue-187 from Mike O'Neill on 2013-03-20 (public-tracking@w3.org from March 2013)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Wed, 20 Mar 2013 15:00:44 -0000
To: "'David Singer'" <singer@apple.com>, <mts-std@schunter.org>, <wileys@yahoo-inc.com>
Cc: <public-tracking@w3.org>
Message-ID: <0aa601ce257b$b31de8d0$1959ba70$@baycloud.com>

Hi David,

 

I think that wildcards (or regular expressions) for arrayOfDomainStrings
would be useful anyway and does not break the same-origin rule because it
only applies to requests in the context of the first-party.

 

StoreSiteSpecificException({ arrayOfDomainStrings:
{"exampleone.*,"*.exampletwo.com"},..});

 

Registers DNT:0 for exampleone.co.uk and any TLD, and any subdomain of
exampletwo.com. This would help to answer many of Shane's use-cases.

 

I think it would be useful to have the API defined before Last Call because
it does offer functionality that may help get European DPA buy-in for the
TPE. Recital 66 of the ePrivacy directive and the new Regulation's emphasis
on explicit consent both point to more granular specification of
third-parties and the ability to selectively revoke consent.

 

If the new dictionary member was optional then the default could be the
status-quo:

StoreSiteSpecificException({ arrayOfDomainStrings:
{"exampleone.co.uk","www.exampletwo.com"},..}) would be equivalent to:

StoreSiteSpecificException({ arrayOfDomainStrings: {
"exampleone.co.uk","www.exampletwo.com "}, action: "set-dnt-0",...});

 

The wildcard functionality may need definition now, but this would solve
other use-cases anyway. The precedence rule would be very simple, just
ignore preceding matches.

 

 

Mike

 

 

 

 

 

From: David Singer [mailto:singer@apple.com] 
Sent: 18 March 2013 16:18
To: Mike O'Neill
Cc: public-tracking@w3.org
Subject: Re: Issue-187

 

 

 

Hi Mike

 

I think that we should make this a separate API;  the consent requirements
are on setting a DNT:0 header; the consent requirements for setting a DNT:1
header are different, and indeed we'd have to think about how this would
interact with a user preference of DNT:0.  At the moment we don't need a
precedence rule, but if the APIs can ask for DNT:1 and then the user sets
DNT:0 later, we'd have to work out what takes precedence when.

 

In summary: I see what you're asking for, and I wonder if we can leave this
to a separate API and a future version?

 

 

David Singer

Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 20 March 2013 15:01:22 UTC