W3C home > Mailing lists > Public > public-tracking@w3.org > November 2011

TPE removing first vs third-party issues

From: Roy T. Fielding <fielding@gbiv.com>
Date: Mon, 31 Oct 2011 23:24:59 -0700
Message-Id: <6AFA2C4E-509C-40FE-A779-DFE6348954E5@gbiv.com>
To: "public-tracking@w3.org WG" <public-tracking@w3.org>
Since the first-party vs third-party issues will now be moved to
the compliance spec, I have removed them from the TPE spec.

Below is the HTML section in case someone would like to paste it
into the compliance spec.


      <section id='1-3-party'>
        <h2>Determining 1st vs 3rd Party Role</h2>

          There is nothing in HTTP that distinguishes requests made to
          first-party sites versus requests made to third-party sites.
          However, a browser knows which requests are directed by the user
          (making them first-party) and which requests are automatic or
          scripted subrequests to a site other than the first-party.
          Should we attempt to communicate that distinction in the DNT
          protocol or depend on origin servers using different URI patterns
          to distinguish their third-party resources?
        <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/60">ISSUE-60</a>: Will a recipient know if it itself is a 1st or 3rd party?</p>      
        <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/77">ISSUE-77</a>: How does a website determine if it is a first or third party and should this be included in the protocol?</p>      
          Likewise, a piece of content might be retrieved from a site as
          a first-party resource request or be embedded within the context of
          an <code>iframe</code> as a third-party subrequest.  Should we
          attempt to have the browser communicate that context to any
          scripts or subrequests within the embedded content?
        <p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/62">ISSUE-62</a>: The browser or embedding site could send an architectural signal to an embedded iframe so it knows it&#039;s in a 3rd-party context</p>      
Received on Tuesday, 1 November 2011 06:26:30 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:42 UTC