- From: Jonathan Mayer <jmayer@stanford.edu>
- Date: Fri, 16 Mar 2012 10:30:21 -0700
- To: Vinay Goel <vigoel@adobe.com>
- Cc: Tracking Protection Working Group WG <public-tracking@w3.org>
Vinay, At the Santa Clara meeting we debated whether to mandate specific technical requirements for the outsourcing exception. The compromise consensus was to call for "reasonable" measures and give implementers guidance in a non-normative section. Jonathan On Mar 16, 2012, at 6:14 AM, Vinay Goel wrote: > Hi Jonathan, > > This is a normative statement (and not a non-normative statement as you've > labeled it) and is inappropriate for inclusion in the spec. It belongs > within a Best Practices document separate from the Compliance/Preferences > Specs that is best published by someone other than the WG. > > > -Vinay > > ___________________________________________________________________________ > ________ > Vinay Goel | Privacy Product Manager | Adobe Systems | Office: 917.934.0867 > > > On 3/14/12 8:08 PM, "Jonathan Mayer" <jmayer@stanford.edu> wrote: > >> Here's some non-normative text on best practices for outsourcing. >> >> -------------------------------------------------- >> >> I. Technical Precautions >> >> A. Siloing in the Browser >> >> Outsourcing services should use browser access control features so that >> stored data specific to one first party is never accessed or collected >> when the user visits another first party. >> >> i. Same-Origin Policy >> >> The same-origin policy silos stored data by domain name. An outsourcing >> service can use a different domain name for each first party. >> >> Example: Example Analytics provides an outsourced analytics service to >> Example News and Example Sports, two unrelated websites. Example >> Analytics stores its cookies for Example News at >> examplenews.exampleanalytics.com, and it stores its cookies for Example >> Sports at examplesports.exampleanalytics.com. >> >> An outsourcing service could also use the first party's domain. >> >> Example: Example Analytics stores its cookies for Example News at >> examplenews.com, and it stores its cookies for Example Sports at >> examplesports.com. >> >> ii. Cookie Path Attribute >> >> The HTTP cookie path can be used to silo data to a first party. >> >> Example: Example Analytics stores its cookies for Example News with >> "Path=/examplenews", and it stores its cookies for Example Sports with >> "Path=/examplesports". >> >> iii. Storage Key >> >> For key/value storage APIs, such as Web Storage and Indexed Database, an >> outsourcing service can use a different key or key prefix for each first >> party. >> >> Example: Example Analytics stores data for Example News at >> window.localStorage["examplenews"] and data for Example Sports at >> window.localStorage["examplesports"]. >> >> B. Siloing in the Backend >> >> i. Encryption Keys >> >> An outsourcing service should encrypt each first party's data with a >> different set of keys. >> >> ii. Access Controls >> >> An outsourcing service should deploy access controls so that only >> authorized personnel are able to access siloed data, and only for >> authorized purposes. >> >> iii. Access Monitoring >> >> An outsourcing service should deploy access monitoring mechanisms to >> detect improper use of siloed data. >> >> C. Retention in the Backend >> >> An outsourcing service should retain information only so long as >> necessary to provide necessary functionality to a first party. If a >> service creates periodic reports, for example, it should delete the data >> used for a report once it is generated. An outsourcing service should be >> particularly sensitive to retaining protocol logs, since they may allow >> correlating user activity across multiple first parties. >> >> II. Business Precautions >> >> i. Policy >> >> An outsourcing service should establish a clear internal policy that >> gives guidance on how to collect, retain, and use outsourced data in >> compliance with this standard. >> >> ii. Training >> >> Personnel that interact with outsourced data should be familiarized with >> internal policy on compliance with this standard. >> >> iii. Supervision and Reporting >> >> An outsourcing service should establish a supervision and reporting >> structure for detecting improper access. >> >> iv. Auditing >> >> External auditors should periodically examine an outsourcing service to >> assess whether it is in compliance with this standard and has adopted >> best practices. Auditor reports should be made available to the public. >> >> > > > Confidentiality Notice: The contents of this e-mail (including any attachments) may be confidential to the intended recipient, and may contain information that is privileged and/or exempt from disclosure under applicable law. If you are not the intended recipient, please immediately notify the sender and destroy the original e-mail and any attachments (and any copies that may have been made) from your system or otherwise. Any unauthorized use, copying, disclosure or distribution of this information is strictly prohibited. <ACL> >
Received on Friday, 16 March 2012 17:30:52 UTC