W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Re: Third parties should not pretend to be first parties

From: Roy T. Fielding <fielding@gbiv.com>
Date: Wed, 29 Feb 2012 16:58:59 -0800
Cc: "public-tracking@w3.org" <public-tracking@w3.org>
Message-Id: <0DFCF00C-83D9-4DA7-B462-E85DEF319B2E@gbiv.com>
To: Tom Lowenthal <tom@mozilla.com>
On Feb 29, 2012, at 4:10 PM, Tom Lowenthal wrote:

> The aim is to prohibit anyone who isn't a first party from using the
> first-party options in the URI/Tk header, which even outsourced service
> providers shouldn't do. Perhaps we should add more detail to the
> outsourcing exception to deal with this case?

I've never understood why outsourced services should be considered
a different party if they adhere to the "acting as a first-party"
constraints.  They are, by contract and by practice and by view
of the user, the same party -- the only reason they differ at all
is because of the ownership/control definition in first-party.
If we just add outsourcing (or data processor) to the first-party
definition, we are done.

....Roy
Received on Thursday, 1 March 2012 00:59:23 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC