- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Mon, 31 Oct 2011 23:24:59 -0700
- To: "public-tracking@w3.org WG" <public-tracking@w3.org>
Since the first-party vs third-party issues will now be moved to
the compliance spec, I have removed them from the TPE spec.
Below is the HTML section in case someone would like to paste it
into the compliance spec.
....Roy
<section id='1-3-party'>
<h2>Determining 1st vs 3rd Party Role</h2>
<p>
There is nothing in HTTP that distinguishes requests made to
first-party sites versus requests made to third-party sites.
However, a browser knows which requests are directed by the user
(making them first-party) and which requests are automatic or
scripted subrequests to a site other than the first-party.
Should we attempt to communicate that distinction in the DNT
protocol or depend on origin servers using different URI patterns
to distinguish their third-party resources?
</p>
<p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/60">ISSUE-60</a>: Will a recipient know if it itself is a 1st or 3rd party?</p>
<p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/77">ISSUE-77</a>: How does a website determine if it is a first or third party and should this be included in the protocol?</p>
<p>
Likewise, a piece of content might be retrieved from a site as
a first-party resource request or be embedded within the context of
an <code>iframe</code> as a third-party subrequest. Should we
attempt to have the browser communicate that context to any
scripts or subrequests within the embedded content?
</p>
<p class='issue'><a href="http://www.w3.org/2011/tracking-protection/track/issues/62">ISSUE-62</a>: The browser or embedding site could send an architectural signal to an embedded iframe so it knows it's in a 3rd-party context</p>
</section>
Received on Tuesday, 1 November 2011 06:26:30 UTC