Re: Parties and First Party vs. Third Party (ISSUE-10)

After reading this thread, I am still unsure as to what concrete problem is being addressed.

Did we not have requirements before that to be considered a single party, two sites must 
a) make that party relationship discoverable
and
b) have a legal relationship such that data flows between the sites are protected by the same obligations, duties etc. (I don't recall the phrasing).

?


It seems that we need to cover the cases:
* a 1st party asks for exceptions; I think it beholden on the party to explain how broadly this applies ("this permission is not just for the bogville chronicle, but all organizations in the BogNews group").
* a 3rd party wants a web-wide exception; again, the same applies - explain to the user the affected properties;
* a site that the UA doesn't immediately detect as the 1st party sends the return header "I am the first party" - the UA can check that they are, or smell a rat.

Under what circumstances do we need something more than (and more subjective than) (a) and (b) above (suitably phrased), to meet these needs?  What does (for example) a 'branding' requirement add?




David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 27 March 2012 23:44:36 UTC