Re: Proposed First Party definition

Hi Folks,

thanks for your inputs on whether/how a site can determine whether it
is playing a 1st or 3rd party role wrt a given request.

I think the important likely consensus that I see is
 a) Sites are likely to behave different in 1st and 3rd party contexts
 b) There are multiple feasible ways that allow a site to determine
    whether they are 1st or 3rd party
 c) We do not want to prescribe 'the single way' to do this
 d) We should give examples how it can be done

Do you agree in general?

Matthias


On 10/24/2011 8:07 PM, Clay Webster wrote:
> On Fri, Oct 21, 2011 at 6:26 PM, Karl Dubost <karld@opera.com
> <mailto:karld@opera.com>> wrote:
> 
> 
>     Le 16 oct. 2011 � 01:35, Jonathan Mayer a �crit :
>     > Second, I'm very hesitant to provide a broad "affiliate"
>     carveout. �In other privacy debates, affiliate relationships have
>     proven to be sizable loopholes.
> 
>     plus they are technically impossible to decipher.
>     http://www.w3.org/wiki/FirstThirdPartyDetection
> 
> 
> There have been a few discussions (published and in the f2f) on
> technical approaches to resolve issue.� e.g.- a commonly published
> file, some response header metadata, and even a few approaches using DNS.
> 
> I agree, there are loopholes with all of those technical approaches.�
> But they are technical solutions.� I'd suggest, the best approach is
> to find one (or more) technique where it is reasonably easy to be a
> good actor to promote adoption -- and a reasonably easy bit-trail for
> groups to detect groups exploiting a loophole.
> 
> --cw
> 
> Clay Webster
> Associate Vice President, Platform Infrastructure
> T 908-541-3724�� C 908-507-6663�� F 908-575-7474
> 1200 Route 22 East, Bridgewater NJ 08807
> 
> 
> 

-- 
Dr. Matthias Schunter, MBA
IBM Research - Zurich, Switzerland
Ph. +41 (44) 724-8329,  schunter(at)acm.org
PGP 989A A3ED 21A1 9EF2 B005 8374 BE0E E10D
VCard: http://www.schunter.org/schunter.vcf

Received on Wednesday, 26 October 2011 10:47:58 UTC