Trace Context 2022-09-29

[kalyanaj]

The Privacy IG prefers groups to complete a self-review around the time of FPWD. See https://w3ctag.github.io/security-questionnaire/.

If you still want us to review your spec, please provide the information below.

In the issue title above add the document name followed by the date of this request.

• name of spec to be reviewed: Trace Context Level 2
• URL of spec: https://services.w3.org/htmldiff?doc1=https%3A%2F%2Fwww.w3.org%2FTR%2Ftrace-context-1%2F&doc2=https%3A%2F%2Fwww.w3.org%2FTR%2F2022%2FWD-trace-context-2-20220929%2F
• Does your document have an in-line Privacy Considerations section, ideally one separate from Security Considerations? Yes
• Do you need a reply by a particular date? We are looking to get into recommendation stage before end of year.
• Please point to the results of your own self-review (see https://w3ctag.github.io/security-questionnaire/ , https://w3c.github.io/fingerprinting-guidance/, https://tools.ietf.org/html/rfc6973): https://github.com/w3c/trace-context/issues/496
• Where and how to file issues arising? https://github.com/w3c/trace-context/issues/
• Pointer to any explainer for the spec?
  Explainer: https://github.com/w3c/distributed-tracing-wg/blob/main/EXPLAINER.md.

Other comments: What: The main difference from Trace Context Level 1 (which is already in recommendation status) is the ability to express whether at least a part of the traceID has been randomly (or pseudo-randomly) generated. Why: This enables downstream systems to use the trace ID for sampling purposes or for sharding purposes. How: This is achieved by the introduction of a new flag called "Random Trace ID flag". If the newly introduced random-trace-id flag is set, at least the right-most 7 bytes of the trace-id MUST be randomly (or pseudo-randomly) generated.

[pes10k]

Ive completed the review of this proposal and filed the following issues:

• https://github.com/w3c/trace-context/issues/509
• https://github.com/w3c/trace-context/issues/510