Full Title or Meme
- A statement from a User as to the behavior that the user expects of a Web Site.
- A condition, requirement, or item specified in a legal instrument from, about, or with the consent of the user. (synonym: condition)
There are at least two important contexts in which a user is required to stipulate their terms of engagement:
- The user is operating a browser on any internet connected device.
- The user is operating on a portable device (e.g. a Smart Phone) with a native app installed by the Web Site that wants to collect their data.
An other option is that the user is on a computer of any sort using an application what interacts with the user's data. If the User Information does not leave the User Device there is no User Stipulation required.
There are at least two sources of User Stipulation:
- The user can create a statement to be send to the correspondent Web Site informing the site as to the expectations of the user. (aka intent casting e.g. Do Not Track)
This page does not presently include user settings on a User Device.
Whenever third party access is discussed, there are two distinct types of third party access:
- The third party is given access to User Information from the second party (i.e. from the Web Site that the user voluntarily accessed.)
Compliance by the Web Site with the agreed terms will be hard to track.
- The wiki page Cookies has some description of user cookies that have been proposed as a source of user stipulations.
- The Best Practice shows one way to track user expressed intent within a Relying Party database.
This solution covers the projection of user terms onto a correspondent Web Site.
- An existing example is the DNT (Do Not Track) HTTP header.
- The following example assumes a richer format for intent casting that is not yet defined.
- See the page on stalking on Kantara.
Here are the potential terms to be cast
|Site and App Use||information will be used for providing and / or enhancing the site or service only. This information seems better a part of the following fields.|
|1st party||yes||2||data on the user device that does not leave the user device, for example apps that access the local data. This cast is to access limited (in theory) to the device itself.|
|2nd party||yes||3||The Web Site that the user navigated to and understand through some secure indication of the site identity.|
|3rd party||yes||9||Some other site that is able to access the User Device or User Information which was not the user's intent to access.|
|tracking||not clear that this can give more information that 1,2,3 above.|
|session||yes||5||data may not persist beyond completion (may be long for commercial transaction)|
|duration||yes||shorter better||how long can the data be held (default one year)|
|data category||yes||na||list of permitted categories (optional)|
- Merriam Webster, 3rd International Dictionary