W3C home > Mailing lists > Public > public-tracking@w3.org > June 2012

Re: Identity providers as first parties

From: Tamir Israel <tisrael@cippic.ca>
Date: Fri, 15 Jun 2012 10:49:39 -0400
Message-ID: <4FDB4B83.2090009@cippic.ca>
To: rob@blaeu.com
CC: Kimon Zorbas <vp@iabeurope.eu>, "ifette@google.com" <ifette@google.com>, "JC Cannon (Microsoft)" <jccannon@microsoft.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
I fully agree with this. IdPs are not first parties, and much of their 
activity could be viewed as third party tracking.

Should be within the DNT scope and users will be very confused, I think, 
if they have DNT-1 enabled and the IdP overrides that wholesale, this 
will undermine trust (in the standard and in online tracking in general).

We should ensure the out-of-band consent mechanism ensures this is clear.

On 6/14/2012 6:52 PM, Rob van Eijk wrote:
> My point is that I disagree that the general terms & conditions, 
> suffices when it comes to seeing the phenomena in a DNT context. I 
> would rather see normative text on use limitations IF you wanted to 
> bring this use case into the scope of DNT=1.
>
> Personally I think it fits in the DNT scope nicely. Identity providers 
> have an important role on the Web, and having normative text in the 
> standard that reassures trust makes sense to me.
Received on Friday, 15 June 2012 14:50:20 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:30 UTC