- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 30 Aug 2012 15:07:30 -0400
- To: Jonathan Mayer <jmayer@stanford.edu>
- Cc: W3C DNT Working Group Mailing List <public-tracking@w3.org>
On Aug 29, 2012, at 12:17 PM, Jonathan Mayer wrote: > Some possible status ambiguities for service providers. All are solvable with trivial engineering. You seem to forget that service providers are acting on in the place of a first party. > -If a service provider is using its own domain: > -Is the entity a first party, third party, or service provider? It is a first party. > -Which party is it providing outsourcing services to? (Might be multiple parties in different roles.) The party that owns the URI in the policy link, which is required for this case. > -If a service provider is using a different party's domain (e.g. a CNAMEd analytics service): > -Who is the service provider? See the first party's policy information. There is no need for a machine-readable identification of service providers while they are acting in the place of a first party. If there is, please explain why there is no equivalent identification of subsidiaries and employees within non-service provider first parties that will be handling the request on behalf of their controlling interest. ....Roy
Received on Thursday, 30 August 2012 19:07:54 UTC