Action-99, Write up automated discoverability of party relationships proposal; also action-80

[[ Pending: parts of both POWDER and P3P are prior work that we should check and/or acknowledge. ]]

The following techniques enable a set of Sites that form a single Party to make their assertion of relationship status automatically discoverable.

Each site in the set MAY maintain a re-direction pointer from the well-known URL /.well-known/dnt-sites.txt to a URL at their master site.  The existence of this re-direct, by itself, makes a claim of party relationship.  If the URL does not re-direct, then the site may be treated as an single-site party, or party relationships discovered in some other way.

The well-known URL, and the targets of any re-direction, MAY resolve to a text file, for validation. That file MUST consist of a list of domain names, one per line, which are asserted to be part of the same party. To validate, the file MUST contain both (a) the master-site domain name AND (b) the domain name of the original URL, if different.

Note - If the re-directed file does not exist at the master site, the user-agent might report, for example "site X claims to be part of party Y, but this cannot be verified".

EXAMPLE 1 and are both managed by  
The URL re-directs to  (as does the URL at

That file contains:

A user agent might disclose the asserted relationship to the user: "The site you're visiting ( is a part of a larger organization (, including another site (; the history of this transaction may be shared with those sites."

EXAMPLE 2 maintains a set of embeddable widgets at,, etc.  The user visits and says “your widgets may track me” (out of band opt-in).  

They then visit a site which embeds “soccer-scores” (3rd party) and it claims to have an opt-in. The user-agent knows nothing of an opt-in, and checks with the user.  He confirms it.  The user-agent records that; later loads of and get the reply from the server that an opt-in has happened, and the user-agent is able to verify that they are part of, which the user has opted into, and thus does not need to pester the user repeatedly asking for confirmation.

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 15 February 2012 00:45:58 UTC