W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

RE: Proposed First Party definition

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Wed, 26 Oct 2011 10:16:21 -0700
To: Matthias Schunter <mts@zurich.ibm.com>, Clay Webster <clay.webster@cbsinteractive.com>
CC: Karl Dubost <karld@opera.com>, Jonathan Mayer <jmayer@stanford.edu>, "Amy Colando (LCA)" <acolando@microsoft.com>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8023D034FEF28@SP2-EX07VS02.ds.corp.yahoo.com>

The only element I would suggest adding is:

- Sites/Companies are responsible for devising solutions that allow them to understand if they are a 1st party or a 3rd party in a given circumstance.  

Without this, the elements you've outlined (a-d) seem to stance this as a "Should" instead of a "Must".  Was that your intention?

- Shane

-----Original Message-----
From: Matthias Schunter [mailto:mts@zurich.ibm.com] 
Sent: Wednesday, October 26, 2011 3:47 AM
To: Clay Webster
Cc: Karl Dubost; Jonathan Mayer; Shane Wiley; Amy Colando (LCA); public-tracking@w3.org
Subject: Re: Proposed First Party definition

Hi Folks,

thanks for your inputs on whether/how a site can determine whether it
is playing a 1st or 3rd party role wrt a given request.

I think the important likely consensus that I see is
 a) Sites are likely to behave different in 1st and 3rd party contexts
 b) There are multiple feasible ways that allow a site to determine
    whether they are 1st or 3rd party
 c) We do not want to prescribe 'the single way' to do this
 d) We should give examples how it can be done

Do you agree in general?


On 10/24/2011 8:07 PM, Clay Webster wrote:
> On Fri, Oct 21, 2011 at 6:26 PM, Karl Dubost <karld@opera.com
> <mailto:karld@opera.com>> wrote:
>     Le 16 oct. 2011 � 01:35, Jonathan Mayer a �crit :
>     > Second, I'm very hesitant to provide a broad "affiliate"
>     carveout. �In other privacy debates, affiliate relationships have
>     proven to be sizable loopholes.
>     plus they are technically impossible to decipher.
>     http://www.w3.org/wiki/FirstThirdPartyDetection

> There have been a few discussions (published and in the f2f) on
> technical approaches to resolve issue.� e.g.- a commonly published
> file, some response header metadata, and even a few approaches using DNS.
> I agree, there are loopholes with all of those technical approaches.�
> But they are technical solutions.� I'd suggest, the best approach is
> to find one (or more) technique where it is reasonably easy to be a
> good actor to promote adoption -- and a reasonably easy bit-trail for
> groups to detect groups exploiting a loophole.
> --cw
> Clay Webster
> Associate Vice President, Platform Infrastructure
> T 908-541-3724�� C 908-507-6663�� F 908-575-7474
> 1200 Route 22 East, Bridgewater NJ 08807

Dr. Matthias Schunter, MBA
IBM Research - Zurich, Switzerland
Ph. +41 (44) 724-8329,  schunter(at)acm.org
PGP 989A A3ED 21A1 9EF2 B005 8374 BE0E E10D
VCard: http://www.schunter.org/schunter.vcf

Received on Wednesday, 26 October 2011 17:17:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:26 UTC