Re: Draft Text on First Parties and Third Parties (ACTION-34, ISSUE-10, ISSUE-26, ISSUE-88)

Jonathan, 

the lawyer in me suggests that you suffer from the fuzziness of your definition 
of "party". And this is mainly, because your definition of "party" already 
determines who will be a first and who will be a third party. 

I can give you plenty of examples. Here is one: You talk about organizations 
and their subsidiaries. But you do not define subsidiaries. Would a subsidiary 
mean every other legal entity that the asserting entity has shares of? From 
how many shares on, in your opinion, should we talk about subsidiaries?

The other things is that portals typically use 3rd party services under a 
contract. Do those participate in the first party privilege? If yes, 
advertisers are doing exactly the same. How would you distinguish those?

At the end of the day, the user agent must make a decision which out of a 
range of IP addresses he interacts with has what privileges. So your document 
must be able to answer that question. Unfortunately, I'm with Heather here. I 
don't see that this is workable for the moment, because your "packaging" of 
IPs considered first parties don't work semantically. 

Have you tried to get inspiration from the cross-site scripting folks?

Best, 

Rigo

On Thursday 05 January 2012 17:38:25 Jonathan Mayer wrote:
> > From our perspective, we have a several issues with this latest draft as
> > it stands, and no, we don't think it's workable - we need to make sure,
> > as a group, that the language is clear and implementable if we hope to
> > see any adoption of the standard. The current draft allows for enough
> > vagueness that evolving and contradictory interpretations would be
> > possible across multiple regulatory environments. 
> Which parts of the text do you find vague?  We attempted to draft it quite
> tightly.

Received on Friday, 6 January 2012 12:13:33 UTC