- From: JC Cannon <jccannon@microsoft.com>
- Date: Wed, 29 Aug 2012 17:01:59 +0000
- To: Jonathan Mayer <jmayer@stanford.edu>
- CC: W3C DNT Working Group Mailing List <public-tracking@w3.org>
- Message-ID: <BB17D596C94A854E9EE4171D33BBCC81015AA881@TK5EX14MBXC239.redmond.corp.microsoft.>
I don’t have a problem with the first three items.
Item 4) appears to be out of scope for our work since the service provider is not involved in the session. I feel sending a list to the UA is to inform the UA of the status of a third-party site. Since the UA can’t see the site why send unusable information?
JC
From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Wednesday, August 29, 2012 9:53 AM
To: JC Cannon
Cc: W3C DNT Working Group Mailing List
Subject: Re: Service Provider Status (ISSUE-137)
Here are some concrete use cases with service provider ambiguity.
1) HTTP traffic goes to a website that looks like a third party, but is actually a service provider.
Example: News.com<http://News.com> embeds content from Analytics.com<http://Analytics.com>.
Solution: A simple Service Provider flag (e.g. "Tk: S").
2) HTTP traffic goes to a website that looks like a first party, but is actually a service provider.
Example: Blog.com<http://Blog.com> is hosted by BlogPlatform.com<http://BlogPlatform.com>.
Solution: A simple Service Provider flag (e.g. "Tk: S") plus some sort of party identification (e.g. a "Tk-Party: blogplatform.com" response header or a "party" field in the status resource).
3) HTTP traffic goes to a website that is a service provider, but it's unclear which party it's working for.
Example: Analytics.com<http://Analytics.com> appears buried in a set of advertising iframes on News.com<http://News.com>.
Solution: A Service Provider can signal the party it's working for (e.g. a "Tk-Service: news.com<http://news.com>" response header or a "service-provider-party" field in the status resource).
4) A website uses a service provider on the backend.
Example: Shopping.com<http://Shopping.com> copies its user account data into a cloud-based CRM service.
Solution: A list of service providers in a party's tracking status resource.
On Wednesday, August 29, 2012 at 9:38 AM, JC Cannon wrote:
Could you describe a scenario where the service provider is not on HTTP? How would it send a response I the first place? Are you talking about offline scenarios?
Thanks,
JC
From: Jonathan Mayer [mailto:jmayer@stanford.edu]
Sent: Wednesday, August 29, 2012 9:36 AM
To: W3C DNT Working Group Mailing List
Subject: Re: Service Provider Status (ISSUE-137)
A related design decision: What about service providers that aren't at visible via HTTP? I don't think we have consensus on this yet.
On Wednesday, August 29, 2012 at 9:17 AM, Jonathan Mayer wrote:
Some possible status ambiguities for service providers. All are solvable with trivial engineering.
-If a service provider is using its own domain:
-Is the entity a first party, third party, or service provider?
-Which party is it providing outsourcing services to? (Might be multiple parties in different roles.)
-If a service provider is using a different party's domain (e.g. a CNAMEd analytics service):
-Who is the service provider?
Received on Wednesday, 29 August 2012 17:02:37 UTC