W3C home > Mailing lists > Public > public-tracking@w3.org > March 2012

Re: Parties and First Party vs. Third Party (ISSUE-10)

From: Lauren Gelman <gelman@blurryedge.com>
Date: Wed, 28 Mar 2012 11:35:48 -0700
Cc: Tracking Protection Working Group WG <public-tracking@w3.org>
Message-Id: <990A9321-4F78-4346-85C5-2606B4CD88DB@blurryedge.com>
To: David Singer <singer@apple.com>

Is there consensus on (b).  

On Mar 27, 2012, at 4:44 PM, David Singer wrote:

> After reading this thread, I am still unsure as to what concrete problem is being addressed.
> 
> Did we not have requirements before that to be considered a single party, two sites must 
> a) make that party relationship discoverable
> and
> b) have a legal relationship such that data flows between the sites are protected by the same obligations, duties etc. (I don't recall the phrasing).
> 
> ?
> 
> 
> It seems that we need to cover the cases:
> * a 1st party asks for exceptions; I think it beholden on the party to explain how broadly this applies ("this permission is not just for the bogville chronicle, but all organizations in the BogNews group").
> * a 3rd party wants a web-wide exception; again, the same applies - explain to the user the affected properties;
> * a site that the UA doesn't immediately detect as the 1st party sends the return header "I am the first party" - the UA can check that they are, or smell a rat.
> 
> Under what circumstances do we need something more than (and more subjective than) (a) and (b) above (suitably phrased), to meet these needs?  What does (for example) a 'branding' requirement add?
> 
> 
> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
> 

Lauren Gelman
BlurryEdge Strategies
415-627-8512
gelman@blurryedge.com
http://blurryedge.com
Received on Wednesday, 28 March 2012 18:36:22 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:26 UTC