W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Identity providers as first parties

From: イアンフェッティ <ifette@google.com>
Date: Wed, 13 Jun 2012 07:13:27 -0700
Message-ID: <CAF4kx8cNO030nFKYn0w89n1Nk0OJrnNRDNqoztnfhYjBp=xpkQ@mail.gmail.com>
To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
This email is intended to satisfy ACTION-187 and ISSUE-99

I propose adding to the compliance spec the following:

"If a site offers users the choice to log in with an identity provider, via
means such as OpenID, OAuth, or other conceptually similar mechanisms, the
identity provider is considered a first party for the current transactions
and subsequent transactions for which the user remains authenticated to the
site via the identity provider."

Clearly when the user is logging in, there is a meaningful interaction with
what was previously a third party widget, thus promoting it to a first
party. If all that's being provided is a userid, then the interaction is
basically over at that point. If more info is being provided from the
user's account (such as a friend list, a chat widget, or whatever), I think
one could still assume that the user made a meaningful interaction with
that party and thus the party is still a first party.

Received on Wednesday, 13 June 2012 14:14:00 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:50 UTC