- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Wed, 29 Feb 2012 16:58:59 -0800
- To: Tom Lowenthal <tom@mozilla.com>
- Cc: "public-tracking@w3.org" <public-tracking@w3.org>
On Feb 29, 2012, at 4:10 PM, Tom Lowenthal wrote: > The aim is to prohibit anyone who isn't a first party from using the > first-party options in the URI/Tk header, which even outsourced service > providers shouldn't do. Perhaps we should add more detail to the > outsourcing exception to deal with this case? I've never understood why outsourced services should be considered a different party if they adhere to the "acting as a first-party" constraints. They are, by contract and by practice and by view of the user, the same party -- the only reason they differ at all is because of the ownership/control definition in first-party. If we just add outsourcing (or data processor) to the first-party definition, we are done. ....Roy
Received on Thursday, 1 March 2012 00:59:23 UTC