Mike,
I believe going this route still requires an over abundance of work on the Server side - all in the attempt to stop bad actors who would not likely submit a traceable exception for domains they don't own (already a violation of the draft standard to do this as they are not "affiliated"). So would again ask for making this easier for those that want to implement the standard and not create arbitrary walls or huddles in the failed attempt to thwart bad actors.
- Shane
From: Mike O'Neill [mailto:michael.oneill@baycloud.com]
Sent: Wednesday, November 28, 2012 2:13 PM
To: Shane Wiley
Cc: public-tracking@w3.org; Nicholas Doty
Subject: RE: action-334, issue-112, a summary on sub-domains for exceptions
Hi Shane,
Allowing wildcards in the TLD suffix is not a good idea. There are many domains where sites run by completely different entities only differ by the TLD. Only subdomains can be guaranteed to be operated by entities who are the main domain owner, or have a contractual relationship with them.
A list of domains in the tracking resource, like same-party (or another name if we don't want to overload the meaning), could handle this use case, and could apply to any domain (like yahoo-inc.com). It could also work for web-wide exceptions.
If we wanted to handle cases where there was no tracking resource URI, or where the same-party list needed to be dynamically calculated, we could have a new optional parameter to the API that references an object with attributes mirroring the relevant elements in the tracking resource.
Mike