- From: CVS User rfieldin <cvsmail@w3.org>
- Date: Fri, 20 Mar 2015 13:37:36 +0000
- To: public-tracking-commit@w3.org
Update of /w3ccvs/WWW/2011/tracking-protection/drafts
In directory gil:/tmp/cvs-serv11715/drafts
Modified Files:
tracking-dnt.html
Log Message:
(editorial) Partition the terminology into subsections, add references to the HTTP terms, and copy definitions of permanently de-identified and service provider from TCS
--- /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2015/02/10 19:36:19 1.279
+++ /w3ccvs/WWW/2011/tracking-protection/drafts/tracking-dnt.html 2015/03/20 13:37:36 1.280
@@ -135,7 +135,7 @@
unable to turn that off. In other cases, a server might perform only
limited forms of tracking that would be acceptable to most users.
Servers need mechanisms for communicating their tracking behavior and
- for storing user-granted exceptions after the user has made an
+ for storing a <a>user-granted exception</a> after the user has made an
informed choice.
</p>
<p>
@@ -148,7 +148,7 @@
<a>Tk</a> response header field are defined for communicating the
server's tracking behavior. In addition, JavaScript APIs are defined
for enabling scripts to determine DNT status and register a
- <a>user-granted exception</a>.
+ user-granted exception.
</p>
<p>
This specification does not define requirements on what a recipient
@@ -164,6 +164,31 @@
<section id='terminology'>
<h2>Terminology</h2>
+
+ <section id='terminology.http'>
+ <h3>HTTP</h3>
+ <p>
+ The following terms are used as defined by HTTP/1.1 syntax [[!RFC7230]]
+ and semantics [[!RFC7231]]:
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">client</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">server</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">origin server</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">user agent</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">sender</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">recipient</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">request</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">response</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.1">message</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.3">intermediary</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.3">proxy</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7230#section-2.3">cache</a></dfn>,
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7231#section-2">resource</a></dfn>, and
+ <dfn><a class="externalDFN" href="https://tools.ietf.org/html/rfc7231#section-3">representation</a></dfn>.
+ </p>
+ </section>
+
+ <section id='terminology.activity'>
+ <h3>Activity</h3>
<p>
<dfn>Tracking</dfn> is the collection of data regarding a particular
user's activity across multiple distinct contexts and the retention,
@@ -173,16 +198,6 @@
the same party or jointly controlled by a set of parties.
</p>
<p>
- A <dfn>user</dfn> is a natural person who is making, or has made,
- use of the Web.
- </p>
- <p>
- A <dfn>user agent</dfn> is any of the various client programs
- capable of initiating HTTP requests, including (but not
- limited to) browsers, spiders (web-based robots), command-line
- tools, custom applications, and mobile apps [[!RFC7230]].
- </p>
- <p>
A <dfn>network interaction</dfn> is a single HTTP request and its
corresponding response(s): zero or more interim (1xx) responses and
a single final (2xx-5xx) response.
@@ -194,6 +209,14 @@
reloading a page are examples of user actions.
<dfn>User activity</dfn> is any set of such user actions.
</p>
+ </section>
+
+ <section id='terminology.participants'>
+ <h3>Participants</h3>
+ <p>
+ A <dfn>user</dfn> is a natural person who is making, or has made,
+ use of the Web.
+ </p>
<p>
A <dfn>party</dfn> is a natural person, a legal entity, or a set of
legal entities that share common owner(s), common controller(s), and
@@ -225,6 +248,38 @@
of either that user or that first party.
</p>
<p>
+ Access to Web resources often involves multiple parties that might
+ process the data received in a network interaction. For example,
+ domain name services, network access points, content distribution
+ networks, load balancing services, security filters, cloud platforms,
+ and software-as-a-service providers might be a party to a given
+ network interaction because they are contracted by either the user or
+ the resource owner to provide the mechanisms for communication.
+ Likewise, additional parties might be engaged after a network
+ interaction, such as when services or contractors are used to perform
+ specialized data analysis or records retention.
+ </p>
+ <p>
+ For the data received in a given network interaction, a
+ <dfn>service provider</dfn> is considered to be the same party as its
+ <dfn>contractee</dfn> if the service provider:
+ </p>
+ <ol>
+ <li>processes the data on behalf of the contractee;</li>
+ <li>ensures that the data is only retained, accessed, and used as
+ directed by the contractee;</li>
+ <li>has no independent right to use the data other than in a
+ <a>permanently de-identified</a> form (e.g., for monitoring
+ service integrity, load balancing, capacity planning, or billing);
+ and,</li>
+ <li>has a contract in place with the contractee which is consistent
+ with the above limitations.</li>
+ </ol>
+ </section>
+
+ <section id='terminology.data'>
+ <h3>Data</h3>
+ <p>
A party <dfn>collects</dfn> data received in a network interaction
if that data remains within the party’s control after the network
interaction is complete.
@@ -238,12 +293,24 @@
that data to any other party.
</p>
<p>
+ Data is <dfn>permanently de-identified</dfn> when there exists a high
+ level of confidence that no human subject of the data can be
+ identified, directly or indirectly (e.g., via association with an
+ identifier, user agent, or device), by that data alone or in
+ combination with other retained or available information.
+ </p>
+ </section>
+
+ <section id='terminology.preferences'>
+ <h3>Preferences</h3>
+ <p>
A <dfn>user-granted exception</dfn> is a specific tracking
preference, overriding a user's general tracking preference, that
has been obtained and recorded using the mechanisms defined in
<a href="#exceptions" class="sectionRef"></a>.
</p>
</section>
+ </section>
<section id='notational'>
<h2>Notational Conventions</h2>
@@ -742,7 +809,8 @@
consent for tracking this user, user agent, or device, but
promises not to use or share any <code><a>DNT:1</a></code> data until
such consent has been determined, and further promises to delete
- or de-identify within forty-eight hours any <code><a>DNT:1</a></code>
+ or <a href="#dfn-permanently-de-identified">permanently de-identify</a>
+ within forty-eight hours any <code><a>DNT:1</a></code>
data received for which such consent has not been received.
</p>
<p>
Received on Friday, 20 March 2015 13:37:37 UTC