- From: Rigo Wenning <rigo@w3.org>
- Date: Fri, 06 Jan 2012 13:13:07 +0100
- To: public-tracking@w3.org
- Cc: Jonathan Mayer <jmayer@stanford.edu>, Heather West <heatherwest@google.com>, Justin Brookman <justin@cdt.org>
Jonathan, the lawyer in me suggests that you suffer from the fuzziness of your definition of "party". And this is mainly, because your definition of "party" already determines who will be a first and who will be a third party. I can give you plenty of examples. Here is one: You talk about organizations and their subsidiaries. But you do not define subsidiaries. Would a subsidiary mean every other legal entity that the asserting entity has shares of? From how many shares on, in your opinion, should we talk about subsidiaries? The other things is that portals typically use 3rd party services under a contract. Do those participate in the first party privilege? If yes, advertisers are doing exactly the same. How would you distinguish those? At the end of the day, the user agent must make a decision which out of a range of IP addresses he interacts with has what privileges. So your document must be able to answer that question. Unfortunately, I'm with Heather here. I don't see that this is workable for the moment, because your "packaging" of IPs considered first parties don't work semantically. Have you tried to get inspiration from the cross-site scripting folks? Best, Rigo On Thursday 05 January 2012 17:38:25 Jonathan Mayer wrote: > > From our perspective, we have a several issues with this latest draft as > > it stands, and no, we don't think it's workable - we need to make sure, > > as a group, that the language is clear and implementable if we hope to > > see any adoption of the standard. The current draft allows for enough > > vagueness that evolving and contradictory interpretations would be > > possible across multiple regulatory environments. > Which parts of the text do you find vague? We attempted to draft it quite > tightly.
Received on Friday, 6 January 2012 12:13:33 UTC