W3C home > Mailing lists > Public > public-tracking@w3.org > September 2012

Re: ISSUE-164 (requirements on same-party attribute): Call for text alternatives (possibly until Wednesday September 26)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Sun, 23 Sep 2012 11:31:09 -0700
Cc: "public-tracking@w3.org" <public-tracking@w3.org>
Message-Id: <CA3DC813-A3F2-4570-8FE2-31FE87704A45@gbiv.com>
To: Matthias Schunter <mts-std@schunter.org>
On Sep 22, 2012, at 11:13 AM, Matthias Schunter wrote:

> Hi Team,
> 
> triggered by last weeks call, I created ISSUE-146 that allows us to
> discuss to what extent the "same-party" attribute should be optional.
> 
> During the call, we discussed three options so far:
> 
> (A) Current draft: Resource is optional

I think you mean: The same-party member is optional.  User agents can
still be deployed that test for same-party and complain when none is
found, possibly resulting in incentive for first party sites to supply
it, but there is no interoperability requirement.

> (B) Alternative proposal 1: If multiple domains on a page belong to the
> same party, then this fact SHOULD be declared using the same-party attribute
> 
> (C) Alternative proposal 2: State that user agents MAY assume that
> additional elements that are hosted under a different URL and occur on a
> page and declare "intended for 1st party use" are malicious unless this
> URL is listed in the "same-party"  attribute

I only recall discussing (A) and (B).  (C) is not a valid statement
because it has nothing to do with interoperability -- user agents are
free to assume anything they want based on the input they get,
including equally bogus assumptions like the moon is made of cheese.
It certainly doesn't deserve mentioning in a spec.

....Roy
Received on Sunday, 23 September 2012 18:31:32 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:34 UTC