numbering all of the open issues in the document so that they can be referenced more easily in email threads.
authorandyzei@andyzei-w8cp.redmond.corp.microsoft.com
Fri, 06 Apr 2012 14:34:05 -0700
changeset 12 b46012e980f5
parent 11 2c2fc500dfed
child 13 ff9e2afc49cc
numbering all of the open issues in the document so that they can be referenced more easily in email threads.
ED-tracking-tsl.html
--- a/ED-tracking-tsl.html	Wed Jan 25 14:23:44 2012 +0100
+++ b/ED-tracking-tsl.html	Fri Apr 06 14:34:05 2012 -0700
@@ -29,11 +29,11 @@
  
 <p>The Tracking Selection Lists specification defines a format for interchangeable lists for blocking or allowing Web tracking elements and expected user-agent interpretation of this format.</p> 
 
-<p class="issue">Should we change the name for something more generic. It could be URL Filtering Lists or something along. The formats allow more applications than just tracking.</p>
+<p class="issue">Issue 1: Should we change the name for something more generic. It could be URL Filtering Lists or something along. The formats allow more applications than just tracking.</p>
 
 <p>A <dfn id="selection-list">selection list</dfn> contains parts of <a href="#dfn-third-party-uri">third-party URIs</a> that a browser may access automatically when referenced within a Web page that a user deliberately visits. Rules in a selection list may change the way the user agent handles third-party content. By limiting the calls to these Web sites and blocking resources from other Web pages, the <a href="#dfn-filter-list">selection list</a> limits the information other sites can collect about a user.</p>
 
-<p class="issue"><strong>Third-party URIs</strong> might be confusing when reading along the two other Tracking Protection WG documents. The <a href="http://www.w3.org/2003/glossary/keyword/All/third-party.html?keywords=third-party">XLink definition</a> doesn't help either. The third party is vaguely <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#firstThirdPartiesDefn">defined</a> in the compliance document with <q>
+<p class="issue">Issue 2: <strong>Third-party URIs</strong> might be confusing when reading along the two other Tracking Protection WG documents. The <a href="http://www.w3.org/2003/glossary/keyword/All/third-party.html?keywords=third-party">XLink definition</a> doesn't help either. The third party is vaguely <a href="http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#firstThirdPartiesDefn">defined</a> in the compliance document with <q>
     A "third party" is any party, in a specific 
    network interaction, that cannot infer with 
    high probability that the user knowingly and 
@@ -66,20 +66,20 @@
 
 <p>When accessing the Web, users will download Web page which are the agglomeration of multiple resources (visible and not visible). By accessing these resources, the users share information with the owner of these resources. This is inherent in the design of the Web and simply how the Web works, and it has potentially unintended consequences. As users visit one site, many other sites receive information about their activities. For example, when a Web page includes an image file (coming from a different domain), IP address information, cookies, and referrer data can be sent by the user's browser. A script can have additional impact on user privacy and could collect arbitrary data from the initial Web page.</p>
 
-<p class="issue">We could create a very simple infography showing a simple HTTP request and its consequences to illustrate the paragraph above.</p>
+<p class="issue">Issue 3: We could create a very simple infography showing a simple HTTP request and its consequences to illustrate the paragraph above.</p>
 
 <p>This situation results from how Web sites are built. Typically, a Web site today might bring together content from many other Web sites, leaving the impression that the Web site appears to be its own entity. When the browser calls any other Web site to request anything (an image, a cookie, HTML, a script that can execute), the browser explicitly provides information in order to get information. By limiting requests to these sites, it is possible to limit the data available to these sites, including those used for collection and tracking.</p>
 
 <p>A selection list contains parts of third-party URIs that a browser may access automatically when referenced within a Web page a user deliberately visits.</p>
 
-<p class="issue">Should TSLs also apply to 1<sup>st</sup>-party URIs? If so, there should probably be an option that does this – I think that by default, most of the rules you’d want to write are 3<sup>rd</sup>-party specific. There are valid use cases for 1<sup>st</sup>-party rules, such as CNAME’d DNS entries.</p>
+<p class="issue">Issue 4: Should TSLs also apply to 1<sup>st</sup>-party URIs? If so, there should probably be an option that does this – I think that by default, most of the rules you’d want to write are 3<sup>rd</sup>-party specific. There are valid use cases for 1<sup>st</sup>-party rules, such as CNAME’d DNS entries.</p>
 
-<p class="issue">Karl Dubost: It assumes that tracking is made
+<p class="issue">Issue 5: Karl Dubost: It assumes that tracking is made
 only through 3rd party uris.</p>
 
-<p class="issue">[andyzei] There is a difference between “expected” and “unexpected” tracking. 1<sup>st</sup>-party tracking is expected. 3<sup>rd</sup>-party tracking is not.  </p>
+<p class="issue">Issue 6: [andyzei] There is a difference between “expected” and “unexpected” tracking. 1<sup>st</sup>-party tracking is expected. 3<sup>rd</sup>-party tracking is not.  </p>
 
-<p class="issue">[karl] we should say entirely neutral with regards to the intent of blocking or not the URLs.</p>
+<p class="issue">Issue 7: [karl] we should say entirely neutral with regards to the intent of blocking or not the URLs.</p>
 
 <p>Rules in a selection list may change the way the user agent handles third-party content. By limiting the calls to these Web sites and blocking resources from other Web pages, the selection list limits the information other sites can collect about a user.</p>      
 </section>
@@ -91,9 +91,9 @@
 
 <p>A user agent must evaluate any URIs that indicate a sub-document—such as an iframe or any URIs defined in any sub-documents—as third-party with respect to the topmost document. </p>
 
-<p class="issue">Not testable. This needs to be framed as something implementable.</p>
+<p class="issue">Issue 8: Not testable. This needs to be framed as something implementable.</p>
 
-<p class="issue">"MUST evaluate" doesn't mean anything in that context.</p>
+<p class="issue">Issue 9: "MUST evaluate" doesn't mean anything in that context.</p>
 
 <p>For example, consider a top-level document whose URI is http://www.microsoft.com. This page might contain an iframe whose src URI is http://www.example.com. If the page at http://www.example.com contains an img element whose src is http://www.example.com/img.png, the URI http://www.example.com/img.png is a third-party URI, as its domain name differs from that of the top-level page. </p>
 
@@ -101,15 +101,15 @@
 
 <p>A user-agent must apply a selection list to third-party URIs only. </p>
 
-<p class="issue">Not testable. Apply a filter list is not an operation in this case.</p>
+<p class="issue">Issue 10: Not testable. Apply a filter list is not an operation in this case.</p>
 
-<p class="issue">Need to clearly define "apply a filter list" / rules and frame requirements to match.</p>
+<p class="issue">Issue 11: Need to clearly define "apply a filter list" / rules and frame requirements to match.</p>
 
 <h3 id="blocking-downloads">Blocking Downloads</h3>
 
 <p >When a user agent issues a request for a Webpage and receives an HTTP status code that returns a document, and the user or user agent has chosen to apply a selection list, all third-party URIs that can generate a download request must be evaluated against this selection list. </p>
 
-<div class="issue">
+<div class="issue">Issue 12: 
 <p>incorrect sentence. Maybe something along the following paragraph will be the real implementable requirement. </p>
 <blockquote><p>(When the user and/or user agents have activated the filter list mechanism,) for each HTTP response sent by server, a user agent MUST drop any subsequent HTTP requests according to the rules defined in the filter list.</p></blockquote></div>
 
@@ -177,15 +177,15 @@
 
 <h3>Settings</h3>
 
-<p class="issue">Format about the settings doesn't define what the browser should do with the spaces. There is plenty of things to define here to make it implementable by browsers. Specifically in terms of error recovery or draconian mode. </p>
+<p class="issue">Issue 13: Format about the settings doesn't define what the browser should do with the spaces. There is plenty of things to define here to make it implementable by browsers. Specifically in terms of error recovery or draconian mode. </p>
 
 <p >The selection list format supports settings in the form of key-value pairs. A settings line begins with a colon, (:) and has two string values separated by an equal sign (=). If a setting is not recognized, the user agent must ignore that setting. </p>
 
 <h4>Expires</h4>
 
-<p class="issue">Karl Dubost: The value seems arbitrary. Is there any rationale behind this range?</p>
+<p class="issue">Issue 14: Karl Dubost: The value seems arbitrary. Is there any rationale behind this range?</p>
 
-<p class="issue">[andyzei] It was chosen by anticipating the useful time range that a customer might want to set the value to. Having it bounded makes it easier to test.</p>
+<p class="issue">Issue 15: [andyzei] It was chosen by anticipating the useful time range that a customer might want to set the value to. Having it bounded makes it easier to test.</p>
 
 <pre>Expires = n</pre>
 
@@ -372,9 +372,9 @@
 <section class="appendix">
 <h2>Issues</h2>
 
-<p class="issue">Interesting but what is the purpose of allowing something if there is no disallow rules for the same domain before.  Or maybe is it implied? In this case there is a need for an example with the two: block and allow.</p>
+<p class="issue">Issue 16: Interesting but what is the purpose of allowing something if there is no disallow rules for the same domain before.  Or maybe is it implied? In this case there is a need for an example with the two: block and allow.</p>
 
-<p class="issue">[andyzei] The only time that that's interesting is when you have multiple TPLs. If you want to write a TPL that ensures that no other TPL that the user has installed can block your site, then you can do that. Agreed there should be a better example of this.</p>
+<p class="issue">Issue 17: [andyzei] The only time that that's interesting is when you have multiple TPLs. If you want to write a TPL that ensures that no other TPL that the user has installed can block your site, then you can do that. Agreed there should be a better example of this.</p>
 </section>
 
 <section class="appendix">