Re: Issue-187 from David Singer on 2013-03-20 (public-tracking@w3.org from March 2013)

From: David Singer <singer@apple.com>
Date: Wed, 20 Mar 2013 16:20:10 -0700
To: Mike O'Neill <michael.oneill@baycloud.com>
Cc: 'David Singer' <singer@apple.com>, mts-std@schunter.org, wileys@yahoo-inc.com, public-tracking@w3.org
Message-id: <9AA57DEB-3424-4723-AD1E-01770EA2D076@apple.com>

On Mar 20, 2013, at 8:00 , Mike O'Neill <michael.oneill@baycloud.com> wrote:

> Hi David,
>  
> I think that wildcards (or regular expressions) for arrayOfDomainStrings would be useful anyway and does not break the same-origin rule because it only applies to requests in the context of the first-party.
>  
> StoreSiteSpecificException({ arrayOfDomainStrings: {“exampleone.*,”*.exampletwo.com”},..});

Yes, I think you are right.  We discussed this in Cambridge informally.

The key point, from my point of view, is that the site is already allowed to ask for site-wide [me, *] and the user-agent is already allowed to change an explicit list into a *, so allowing 'Partial wildcards' in the list can't be opening any more doors.

So, concretely, we'd allow some syntax to indicate

"this hostname and all sub-domains thereof" in the explicit list (which Ian F and Adrian B think no-one will use or implement, just to save them from the trouble of pointing this out).  Probably

"*.hostname"

Correct?


>  
> Registers DNT:0 for exampleone.co.uk and any TLD, and any subdomain of exampletwo.com. This would help to answer many of Shane’s use-cases.
>  
> I think it would be useful to have the API defined before Last Call because it does offer functionality that may help get European DPA buy-in for the TPE. Recital 66 of the ePrivacy directive and the new Regulation’s emphasis on explicit consent both point to more granular specification of third-parties and the ability to selectively revoke consent.
>  
> If the new dictionary member was optional then the default could be the status-quo:
> StoreSiteSpecificException({ arrayOfDomainStrings: {“exampleone.co.uk”,”www.exampletwo.com”},..}) would be equivalent to:
> StoreSiteSpecificException({ arrayOfDomainStrings: { “exampleone.co.uk”,”www.exampletwo.com “}, action: “set-dnt-0”,...});
>  
> The wildcard functionality may need definition now, but this would solve other use-cases anyway. The precedence rule would be very simple, just ignore preceding matches.
>  
>  
> Mike
>  
>  
>  
>  
>  
> From: David Singer [mailto:singer@apple.com] 
> Sent: 18 March 2013 16:18
> To: Mike O'Neill
> Cc: public-tracking@w3.org
> Subject: Re: Issue-187
>  
>  
>  
> Hi Mike
>  
> I think that we should make this a separate API;  the consent requirements are on setting a DNT:0 header; the consent requirements for setting a DNT:1 header are different, and indeed we'd have to think about how this would interact with a user preference of DNT:0.  At the moment we don't need a precedence rule, but if the APIs can ask for DNT:1 and then the user sets DNT:0 later, we'd have to work out what takes precedence when.
>  
> In summary: I see what you're asking for, and I wonder if we can leave this to a separate API and a future version?
>  
>  
> David Singer
> Multimedia and Software Standards, Apple Inc.
>  

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 20 March 2013 23:20:40 UTC