Re: Identity providers as first parties

Forgetting for a moment the debate on good or not, one of the items that
should always be considered is the communication method back the user.
Every exception has to be coded, and then sent to the user.

I've been looking at the EU cookie messages. Very banner like, which
doesn't eat real estate on a desktop but kills it on mobile. Plus with
Mobile there are bandwidth considerations to take in account.

Peter J. Cranstone

-----Original Message-----
From: Tamir Israel <>
Date: Friday, June 15, 2012 8:54 AM
To: Shane Wiley <>
Cc: Rigo Wenning <>, W3 Tracking <>,
"" <>, Kimon Zorbas <>,
"" <>, "JC Cannon (Microsoft)"
Subject: Re: Identity providers as first parties
Resent-From: W3 Tracking <>
Resent-Date: Fri, 15 Jun 2012 14:55:45 +0000

>Shane --
>The need for independent choice is critical, I think, to the out of band
>consent scheme. You shouldn't be able to force users out of their DNT
>choices as a condition of authentication.
>On 6/15/2012 10:48 AM, Shane Wiley wrote:
>> Rigo,
>> DNT will NEVER trump an out-of-band consent.  The user would simply
>from using the service they had provided prior consent to.  If the
>product would
>like to offer two levels of service, it can of course do that, but that
>would be
>completely outside the scope of DNT.
>> DNT is not the privacy silver bullet and answer to all privacy issues
>>on the
>Internet - let's stop trying to push it in that direction.
>> Thank you,
>> - Shane
>> -----Original Message-----
>> From: Rigo Wenning []
>> Sent: Friday, June 15, 2012 1:28 AM
>> To:
>> Cc: Shane Wiley;; Kimon Zorbas;; Tamir
>JC Cannon (Microsoft)
>> Subject: Re: Identity providers as first parties
>> Shane, Kimon,
>> On Thursday 14 June 2012 16:47:03 Shane Wiley wrote:
>>> Ię÷ve used a few others and they appears to do the same so Ię÷m
>>> confused as to what real-world identity provider scenario someone
>>> is considering where consent wasnę÷t already obtained?
>> I confirm that we agreed that the out-of-band agreement will trump
>> the DNT:1 signal. We also agreed that the service has to signal this
>> to the client.
>> I guess, what Rob is trying to achieve is to say, even in this
>> context, a service could offer the choice of stopping to track and
>> only use information for the login/authentication purpose. This
>> could be the meaning of DNT:1 if the Service sends ACK in a
>> login/authentication context. If you're looking for medical
>> information in a login context, you don't want your login provider
>> to spawn that to your insurance. I think this is a very legitimate
>> use case. The service could say: "yes, I see your point" and send
>> ACK instead of "out-of-band".
>> We are just defining switches. People will decide whether they
>> switch stuff on or off or provide a switch at all.
>> Rigo

Received on Friday, 15 June 2012 15:03:28 UTC