[RFC] HTTP timezone

Bert Bos bert at w3.org
Wed Jun 13 08:46:00 BST 2007 

Stefanos Harhalakis wrote:

>   I'm currently writting and Internet Draft candidate to describe an HTTP 
> header that will be used to transfer timezone information from browsers to 
> servers. Compliant browsers will need to send a timezone string:
> 
> Timezone: +0200
> 
> that will specify their timezone offset. This way scripts will be able to 
> provide appropriate date/time strings/representations and/or content.

I think this is not a good idea, for more or less the same reasons
cookies, Referer and User-Agent headers are not good ideas, viz.:

   - The information is privacy sensitive. The server has no right to
     this information, unless the user explicitly wants to give it.

   - The identifier of a page is the URL. That's what you store in a
     bookmark, what you copy and paste, print on a billboard or send to
     friends. But, if the page depends on other headers than the URL,
     such bookmarks fail.

   - I travel a lot, use computers in other countries than where I am
     physically, and I don't want to know what time zones all those
     machines are configured for. I'd hate to get different content just
     because I use one device rather than another.

   - If a page's content can differ based on the user's time zone, the
     user should be able to choose what time zone he wants the
     information for. He may want it for a different time zone than where
     he currently is, and he may want to try out different ones.

   - The header is redundant. Everything on the client-side that might
     influence the content of a page can be (and should be) in the URL or
     in the authentication headers (in case the content is protected).

   - I don't know (and I'm not online to check), but if time zone
     information is currently not a category in P3P, it would need to be
     added there first.

   - There are generic techniques for client profiles that don't need a
     new header for every new piece of client-side information: see CC/PP
     and UAProf. (I think content should *not* depend on client-side
     information other than the URL, but these techniques exist, mostly
     because of underpowered mobile phones, so better to re-use existing
     techniques than add new ones.)

   - All headers that you add to HTTP cause overhead. The time zone is
     rarely needed, but it takes up bandwidth all the time. (The same
     goes for anything else you might want to know about the client side:
     name of user, OS, amount of RAM, free disk space, whether there is a
     printer, name of the user's mother...)



Bert
-- 
   Bert Bos                                ( W 3 C ) http://www.w3.org/
   http://www.w3.org/people/bos                               W3C/ERCIM
   bert at w3.org                             2004 Rt des Lucioles / BP 93
   +33 (0)4 92 38 76 92            06902 Sophia Antipolis Cedex, France

More information about the kfm-devel mailing list