- From: イアンフェッティ <ifette@google.com>
- Date: Wed, 13 Jun 2012 07:13:27 -0700
- To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Received on Wednesday, 13 June 2012 14:14:00 UTC
This email is intended to satisfy ACTION-187 and ISSUE-99 I propose adding to the compliance spec the following: "If a site offers users the choice to log in with an identity provider, via means such as OpenID, OAuth, or other conceptually similar mechanisms, the identity provider is considered a first party for the current transactions and subsequent transactions for which the user remains authenticated to the site via the identity provider." Clearly when the user is logging in, there is a meaningful interaction with what was previously a third party widget, thus promoting it to a first party. If all that's being provided is a userid, then the interaction is basically over at that point. If more info is being provided from the user's account (such as a friend list, a chat widget, or whatever), I think one could still assume that the user made a meaningful interaction with that party and thus the party is still a first party. -Ian
Received on Wednesday, 13 June 2012 14:14:00 UTC