Re: Third parties should not pretend to be first parties from Justin Brookman on 2012-03-01 (public-tracking@w3.org from March 2012)

From: Justin Brookman <jbrookman@cdt.org>
Date: Thu, 01 Mar 2012 07:56:43 -0500
To: public-tracking@w3.org
Message-ID: <20120301125643.0721e578@mail.maclaboratory.net>

Right, but Tom's new proposed language (which I'm not sure is necessary anyway) only applies to third parties.  The exceptions currently say that if you're an outsourcer, you can act as a first party and ignore third-party requirements (like this one).  The spec would not hold AWS subject to Tom's new rule, though structurally, you are right that it may make sense to move the outsourcing language from an exception to third-party compliance to an exception to the first-party definition.  We could just move all of 4.4.2 to a new section 3.3.2.  Would that suffice?
  _____  

From: Roy T. Fielding [mailto:fielding@gbiv.com]
To: Justin Brookman [mailto:jbrookman@cdt.org]
Cc: public-tracking@w3.org
Sent: Thu, 01 Mar 2012 00:39:18 -0500
Subject: Re: Third parties should not pretend to be first parties

On Feb 29, 2012, at 7:53 PM, Justin Brookman wrote:

  > There is already an entire section of the compliance spec on this exact issue --- 4.4.2 Exception for Outsourcing.  Is there any reason that exception does not address everyone's concerns, rather than resorting to the fiction that service providers are the same entity as the first party (despite an earlier definition of party that says otherwise)?

  As I said, that is sufficient IF it is applied to this issue.
  It doesn't do any good to have a definition of a third party
  acting as a first party if the other requirements ignore that
  definition and paint all third parties as the same.

  ....Roy

Received on Thursday, 1 March 2012 12:57:17 UTC