RE: Issue maintenance for the TPE spec from Shane Wiley on 2013-04-14 (public-tracking@w3.org from April 2013)

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Sun, 14 Apr 2013 16:17:21 +0000
To: "Roy T. Fielding" <fielding@gbiv.com>, Matthias Schunter <mts-std@schunter.org>
CC: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-ID: <DCCF036E573F0142BD90964789F720E31404856F@GQ1-MB01-02.y.corp.yahoo.com>

Roy,

With respect to ISSUE-167, I still desire an API approach to the problem but in deeper discussion with Adrian he felt a solution here (other than multiple iFrames) would either be too open to exploitation or to properly construct validation the cost would be too high on the UA.  Unless someone can think of a middle path, it appears we only have the multi-iFrame approach to deal with this issue.

- Shane

From: Roy T. Fielding [mailto:fielding@gbiv.com]
Sent: Saturday, April 13, 2013 3:18 PM
To: Matthias Schunter
Cc: public-tracking@w3.org (public-tracking@w3.org)
Subject: Re: Issue maintenance for the TPE spec

On Apr 12, 2013, at 5:39 AM, Matthias Schunter (Intel Corporation) wrote:

Hi Folks,

in order to ensure that the issues documented in the next working draft of TPE reflect our actual status,
I conducted some issue maintenance (Note: The list below does NOT close any issues) that I document in this email.

Feel free to drop me a line if you believe that any of the proposed changes do not reflect the current state of our discussion.
ISSUE-112<http://www.w3.org/2011/tracking-protection/track/issues/112><stock_edit2.png><http://www.w3.org/2011/tracking-protection/track/issues/112/edit>

How are sub-domains handled for site-specific exceptions?<http://www.w3.org/2011/tracking-protection/track/issues/112>

http://www.w3.org/2011/tracking-protection/track/issues/112
CHANGE:  OPEN to Pending Review
Reason:  We agreed to use cookie-like rules; this is reflected in the updated TPE spec and needs further review.

I was going to update the status in TPE, but I don't see any evidence
that cookie-like rules have been introduced for UGE comparisons.
There is something vaguely like wildcards for storage, but that
isn't useful if the process for determining what to send in DNT
only checks for origin matches.

ISSUE-167<http://www.w3.org/2011/tracking-protection/track/issues/167><stock_edit2.png><http://www.w3.org/2011/tracking-protection/track/issues/167/edit>

Multiple site exceptions<http://www.w3.org/2011/tracking-protection/track/issues/167>

http://www.w3.org/2011/tracking-protection/track/issues/167
CHANGE:  OPEN to Pending Review
Reason:  It seems as if everyone can live without special support for multi-site exceptions (i.e., using iframes as a workaround);
this is reflected in the updated TPE spec and needs further review.

As far as I can tell, the TPE does not support exceptions that
apply across multiple first party sites due to the origin policy
and there is little interest in pursuing yet another API.
Hence, the proposed status change should be to CLOSED.

Cheers,

....Roy

Received on Sunday, 14 April 2013 16:18:11 UTC