From kfm-devel Wed Jun 13 07:46:00 2007 From: Bert Bos Date: Wed, 13 Jun 2007 07:46:00 +0000 To: kfm-devel Subject: Re: [RFC] HTTP timezone Message-Id: <466FA0B8.3040902 () w3 ! org> X-MARC-Message: https://marc.info/?l=kfm-devel&m=118172678703201 Stefanos Harhalakis wrote: > I'm currently writting and Internet Draft candidate to describe an HTTP > header that will be used to transfer timezone information from browsers to > servers. Compliant browsers will need to send a timezone string: > > Timezone: +0200 > > that will specify their timezone offset. This way scripts will be able to > provide appropriate date/time strings/representations and/or content. I think this is not a good idea, for more or less the same reasons cookies, Referer and User-Agent headers are not good ideas, viz.: - The information is privacy sensitive. The server has no right to this information, unless the user explicitly wants to give it. - The identifier of a page is the URL. That's what you store in a bookmark, what you copy and paste, print on a billboard or send to friends. But, if the page depends on other headers than the URL, such bookmarks fail. - I travel a lot, use computers in other countries than where I am physically, and I don't want to know what time zones all those machines are configured for. I'd hate to get different content just because I use one device rather than another. - If a page's content can differ based on the user's time zone, the user should be able to choose what time zone he wants the information for. He may want it for a different time zone than where he currently is, and he may want to try out different ones. - The header is redundant. Everything on the client-side that might influence the content of a page can be (and should be) in the URL or in the authentication headers (in case the content is protected). - I don't know (and I'm not online to check), but if time zone information is currently not a category in P3P, it would need to be added there first. - There are generic techniques for client profiles that don't need a new header for every new piece of client-side information: see CC/PP and UAProf. (I think content should *not* depend on client-side information other than the URL, but these techniques exist, mostly because of underpowered mobile phones, so better to re-use existing techniques than add new ones.) - All headers that you add to HTTP cause overhead. The time zone is rarely needed, but it takes up bandwidth all the time. (The same goes for anything else you might want to know about the client side: name of user, OS, amount of RAM, free disk space, whether there is a printer, name of the user's mother...) Bert -- Bert Bos ( W 3 C ) http://www.w3.org/ http://www.w3.org/people/bos W3C/ERCIM bert@w3.org 2004 Rt des Lucioles / BP 93 +33 (0)4 92 38 76 92 06902 Sophia Antipolis Cedex, France