RE: ISSUE-112 - was Agenda


Wildcards for subdomains could not handle origins with different top-level
domains like * , etc. Even if we had a more general regex
way of doing it would not handle different language same party site names,
and there would be dangers of misuse i.e. rogue script could give a UGE for
Anyway, if the UGE API is UA UI-less then sites could handle it by
out-of-band recognition i.e. this customer has agreed to on site (both using the same privacy policy)  so when they visit the UGE API (with implicit origin is called
silently (because they have already given their informed consent) . 

So if the UI-less API gets agreed then we do not need to do this.


-----Original Message-----
From: Rigo Wenning [] 
Sent: 27 November 2012 19:45
Cc: David Wainberg; Matthias Schunter (Intel Corporation)
Subject: ISSUE-112 - was Agenda

Hi all, 

ISSUE-113 was closed and continued as ISSUE-130. Both relate to ISSUE-112.
After remark from David, I would suggest to create a new issue on wild cards
for explicit statements on sub-domains with concrete text as suggestion. 

The big question is whether we take full regex or some stripped version. 


On Sunday 25 November 2012 12:45:09 David Wainberg wrote:
> > ISSUE-113: How to handle sub-domains (ISSUE-112)?
> >
> > 
> > On these issues IMHO the status is as follows:
> > - If a site-wide exception is requested, all subdomains are 
> > automatically included
> > - This issue is only relevant for explicit/explicit lists of domains  
> > (if the site uses them)
> > - An original proposal (from Ian) used cookie-like handling
> > - The current approach requires explicit listing of all sub-domains 
> > - Is this current approach OK or do we need to text alternatives?
> My understanding of current status is that although some are not 
> thrilled with the wild-card (cookie-like) approach, there has not been  
> strong opposition, and that several participants have expressed a 
> strong need for that approach. Therefore, at this point we are no 
> longer debating wild-cards vs explicit, and should be narrowing down 
> to the exact implementation of wild-cards.

Received on Tuesday, 27 November 2012 23:07:27 UTC