- From: Matthias Schunter <mts-std@schunter.org>
- Date: Fri, 13 Apr 2012 02:15:38 +0200
- To: "public-tracking@w3.org" <public-tracking@w3.org>
Hi Heather,
thanks for taking this action. I'd benefit from some clarification what
you meant:
> ACTION-170: Provide an alternative approach to well-known URI for
> resources that are used in both first-party and third-party contexts
> without changing the resource URI
The reason I am asking is because I do not see a need to change the
well-known resource URI in the current proposal.
I see a scenario where, e.g., a site/URI (say
widget.somecompany.com/weather) can be directly visited (for learning
about the weather)
as well as embedded as a widget. Right?
In our current approach, the well-known URI would state that it is safe
to embed this URL ('this URI (also) intended for 3rd party use').
This statement says that it is safe to embed this URI since it conforms
with our stricter requirements on 3rd parties. This always implies that
the URI can also be used in a 1st party context (since the restrictions
are relaxed). I.e., I do not see a need to change the information at the
well-known URI.
Note that the main point of the 1st/3rd party statement in the
header/URI is to prevent that someone accidentally embeds a 1st party
URI (not satisfying our stricter 3rd party requirements) into a site. By
sending the information 'this URI is (only) intended for 1st party use',
the embedding party as well as the user agent can learn that this
information ended up in the wrong place.
What do you (and others) think?
Regards,
matthias
Received on Friday, 13 April 2012 00:16:00 UTC