Re: Issue 2: Use of the term "3rd-party"

Is the key distinguishing factor that the "third-party" resources come from a different document origin?

"document origin" is defined by HTML5 [0] (and for URLs in particular in an RFC [1]) and refers to a tuple of host, scheme and port. It's a standard concept in Web security which might make it easier to understand, implement or use.

Does the Microsoft implementation also apply the lists to URIs with domains that are subdomains of the top-level document's origin?

—Nick

[0] http://dev.w3.org/html5/spec/single-page.html#origin-0
[1] http://tools.ietf.org/html/rfc6454

On Apr 6, 2012, at 6:06 PM, Andy Zeigler wrote:

> "Issue 2: Third-party URIs might be confusing when reading along the two other Tracking Protection WG documents. The XLink definition doesn't help either. The third party is vaguely defined in the compliance document with A "third party" is any party, in a specific network interaction, that cannot infer with high probability that the user knowingly and intentionally communicated with it."
> 
> I agree that it would probably better to use a different term here, since we have a real technical definition for what we're trying to describe, which is: 
> 
> Currently:
> 
> - Any Internet URI that uses DNS has a second-level domain name (SLD), e.g. "example.com" or "example.co.uk".
> - There is a topmost document, specified by a URI. This is commonly displayed in the Address/URL bar of user-agents.
> - Any subsequent URIs requested by the topmost document also have an SLD.
> - IF the SLDs of the topmost document and a particular subsequently requested URI differ, then the subsequent URI is currently "third-party"
> 
> Instead of "third-party", here are some other ideas:
> 	"Different Domain Name" 
> 	"Foreign URIs"
> 	"Foreign SLD"
> 
> Just a few ideas. Open to suggestion here.
> 
> Thanks,
> 
> Andy 
> 
> 
> 
>