- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Wed, 29 Aug 2012 10:27:04 -0700
- To: JC Cannon <jccannon@microsoft.com>
- Cc: W3C DNT Working Group Mailing List <public-tracking@w3.org>
- Message-ID: <F1AD4AB320D74D30A6EE3F7139B1B202@gmail.com>
I don't follow why you think information about a backend service provider would be unusable. The benefits to users, user agents, researchers, and policymakers remain. If we give backend service providers a free pass on signaling, I fear we establish a perverse incentive to diminish transparency even further. Jonathan On Wednesday, August 29, 2012 at 10:01 AM, JC Cannon wrote: > I don’t have a problem with the first three items. > > Item 4) appears to be out of scope for our work since the service provider is not involved in the session. I feel sending a list to the UA is to inform the UA of the status of a third-party site. Since the UA can’t see the site why send unusable information? > > JC > > From: Jonathan Mayer [mailto:jmayer@stanford.edu] > Sent: Wednesday, August 29, 2012 9:53 AM > To: JC Cannon > Cc: W3C DNT Working Group Mailing List > Subject: Re: Service Provider Status (ISSUE-137) > > Here are some concrete use cases with service provider ambiguity. > > > > 1) HTTP traffic goes to a website that looks like a third party, but is actually a service provider. > > Example: News.com (http://News.com) embeds content from Analytics.com (http://Analytics.com). > > Solution: A simple Service Provider flag (e.g. "Tk: S"). > > > > 2) HTTP traffic goes to a website that looks like a first party, but is actually a service provider. > > Example: Blog.com (http://Blog.com) is hosted by BlogPlatform.com (http://BlogPlatform.com). > > Solution: A simple Service Provider flag (e.g. "Tk: S") plus some sort of party identification (e.g. a "Tk-Party: blogplatform.com (http://blogplatform.com)" response header or a "party" field in the status resource). > > > > 3) HTTP traffic goes to a website that is a service provider, but it's unclear which party it's working for. > > Example: Analytics.com (http://Analytics.com) appears buried in a set of advertising iframes on News.com (http://News.com). > > Solution: A Service Provider can signal the party it's working for (e.g. a "Tk-Service: news.com (http://news.com)" response header or a "service-provider-party" field in the status resource). > > > > 4) A website uses a service provider on the backend. > > Example: Shopping.com (http://Shopping.com) copies its user account data into a cloud-based CRM service. > > Solution: A list of service providers in a party's tracking status resource. > > > > > On Wednesday, August 29, 2012 at 9:38 AM, JC Cannon wrote: > > > > Could you describe a scenario where the service provider is not on HTTP? How would it send a response I the first place? Are you talking about offline scenarios? > > > > > > > > > > > > Thanks, > > > > > > JC > > > > > > > > > > > > From: Jonathan Mayer [mailto:jmayer@stanford.edu] > > Sent: Wednesday, August 29, 2012 9:36 AM > > To: W3C DNT Working Group Mailing List > > Subject: Re: Service Provider Status (ISSUE-137) > > > > > > > > > > > > A related design decision: What about service providers that aren't at visible via HTTP? I don't think we have consensus on this yet. > > > > > > > > > > > > > > > > On Wednesday, August 29, 2012 at 9:17 AM, Jonathan Mayer wrote: > > > > > > > > > > Some possible status ambiguities for service providers. All are solvable with trivial engineering. > > > > > > > > > > > > > > > > > > > > > > > > -If a service provider is using its own domain: > > > > > > > > > > > > -Is the entity a first party, third party, or service provider? > > > > > > > > > > > > -Which party is it providing outsourcing services to? (Might be multiple parties in different roles.) > > > > > > > > > > > > -If a service provider is using a different party's domain (e.g. a CNAMEd analytics service): > > > > > > > > > > > > -Who is the service provider? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
Received on Wednesday, 29 August 2012 17:27:32 UTC