W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Re: Parties and First Party vs. Third Party (ISSUE-10)

From: David Singer <singer@apple.com>
Date: Tue, 27 Mar 2012 16:44:04 -0700
Message-id: <E4398EE3-306F-4A08-BE8B-87FED26DA5CB@apple.com>
To: Tracking Protection Working Group WG <public-tracking@w3.org>
After reading this thread, I am still unsure as to what concrete problem is being addressed.

Did we not have requirements before that to be considered a single party, two sites must 
a) make that party relationship discoverable
b) have a legal relationship such that data flows between the sites are protected by the same obligations, duties etc. (I don't recall the phrasing).


It seems that we need to cover the cases:
* a 1st party asks for exceptions; I think it beholden on the party to explain how broadly this applies ("this permission is not just for the bogville chronicle, but all organizations in the BogNews group").
* a 3rd party wants a web-wide exception; again, the same applies - explain to the user the affected properties;
* a site that the UA doesn't immediately detect as the 1st party sends the return header "I am the first party" - the UA can check that they are, or smell a rat.

Under what circumstances do we need something more than (and more subjective than) (a) and (b) above (suitably phrased), to meet these needs?  What does (for example) a 'branding' requirement add?

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Tuesday, 27 March 2012 23:44:36 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:46 UTC