- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 16 Nov 2011 00:17:52 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: public-tracking@w3.org
On Nov 14, 2011, at 3:46 PM, Mark Nottingham wrote: > Hello, > > Congratulations on getting a WD out. > > Regarding <http://www.w3.org/TR/2011/WD-tracking-dnt-20111114/>, the draft makes liberal use of the term "cross-site." It is short-hand for tracking from one branded site to a differently branded site. > I could suggest leveraging the work happening in the IETF regarding "origin" <http://tools.ietf.org/html/draft-ietf-websec-origin>, if that's the intent, or concepts in DNS, if that's the intent. No, they have nothing to do with one another. Origin is a trusted domain list for running javascript. Its scope is based on which domains are locked-down secure (no user-provided data), not which domains share the same user branding. One would not sensibly list a user forum inside the same Origin as a bank application, even if they are branded as the same site. > However, I think what you're *really* looking for is a term that's less technical and more legal / societal / organisational; something analogous to what people occasionally call "administrative domain" and which your introduction obliquely refers to using variants of the term "party." > > I think this distinction is important, because using a (pseudo-) technical term as the basis of DNT's semantics opens it to technical circumvention. There is nothing in the term that impacts how the protocol is implemented. What it impacts is the scope of compliance in terms of user expectations. ....Roy
Received on Wednesday, 16 November 2011 08:18:15 UTC