On Monday, August 27, 2018 11:19:06 AM CEST Mike West wrote:
> I believe Rigo's proposal in
> https://github.com/mikewest/http-state-tokens/pull/2 is to bind
> multiple purposes to a single identifier. I think we'd be better
> served if the user agent minted distinct identifiers for a (very)
> small number of purposes whose intentions are publicly described.
> Either way, there's room for healthy debate on the topic.
My suggestion was actually the contrary: To bind identifiers to a
certain class of purposes (one purpose).
The problem with purposes is that there is an infinite number of
them. But we also have purposes that are relatively common. I want
to cover those first. Even though this sounds like multiple purposes
I want to clarify here that this could also mean one identifier per
purpose (or class thereof).
Because IF we have a purpose stated in a specification or
description, using that identifier for a different purpose (e.g.
cross-site tracking) is then triggering the potential for legal
actions in most countries except in the US.
--Rigo