More Proposals for Gathering Consumer Demographics

IV. Profile Request Protocol

This is seen as an HTTP extension protocol using the PEP (protocol extension protocol) mechanism. The sequence proposed is:

1. The server rejects a request which has insufficient profile information with a reject code and a PEP header explaining that a certain profile scheme is required. The profile scheme is identified by a URL.
2. The client will indicate this (typically with a dialog box) giving the user the option of cancelling, or filling in the details.
3. If the user proceeds, the client fetches a description of the profile scheme. This will typically be either as an HTML form, or as a PICS-style rating scheme description. (Hopefully the capabilities of the two will be merged). In either case, the profile scheme contains not only a list of the information required but also a statement of the undertakings by the server as to the privacy treatment of the information.
4. The user fills in the form.
5. The result is a profile containing the contents of the form. This profile is kept by the client. It has a name, perhaps a default derived from the name of the profile scheme, or one chosen by the user. The client stores this information, and gives it an identifier.
6. The client re-issues the request, giving a user-profile: header with the URL of the profile as stored on the client.
7. The server retrieves the profile using either an HTTP call-back, for which a URL scheme would be required, or by a request to an HTTP server port which the client holds open for this.

• It is as the user's and client's discretion when the user operates under the new profile. Other servers may be accept the same profile, so it is probably a question of user preference whether a given profile can be given automatically, or only with user confirmation. The user is always shown by the client the persona which has been used for a given access.
• The server has the option of keeping state or not. To operate rapidly, the server may keep the client profile on hand, and hash into a store of profiles whenever a request arrives with a profile URL.

  Alternatively, the server may retrieve the profile from the client with every request. A compromise is of course to cache profiles for a limited time.

• There is clearly a lot of advantages to content providers agreeing on a small set of shared profile schemes.
• In the short term, a system which avoids the client having to become a server would be for the profile form to be submitted to a profile repository. For example, a mail-order association may keep a profile server which it provides for use by its own clients and clients of stores using the same profile.
• A special case of this could be a void profile, in which any URL can be made up by the client, but the requirement is only that the same profile must be used for all transactions the same hour, week, etc. This provides for tracking without demographics information.

V. Access reporting protocol

The sequence is as follows.

1. The server makes a demand for a profile as above. The PEP line indicates that a proxy should pass the PEP request on or understand it but not remove it.
2. Conforming to the extension protocol, the proxy adds a line to each request indicating that profile logging is available.
3. The server, seeing that line on the request, send back with the data a "mandatory" record indicating
   • The profile scheme required, if any, and other information such as time/date, and other HTTP fields;
   • The URL to which logs should be posted
   • Times at which posting is preferred
4. The proxy does the protocol above locally with the client in order to acquire the necessary profile information before releasing the requested object to the client
5. The proxy spools the log information requested by the server in a serial file for posting to the URL requested.
6. At a suitable time, as a function of spool size, server and proxy preference, the proxy independently accesses the server and performs an HTTP "POST" of the log file to the URL given.

A proxy must be allowed to write back a log file at any time, to protect itself from storage overflow. It may be necessary to define norms for storage space for proxies.