Re: Issue maintenance for the TPE spec

On Apr 15, 2013, at 0:17 , Shane Wiley <wileys@yahoo-inc.com> wrote:

> Roy,
>  
> With respect to ISSUE-167, I still desire an API approach to the problem but in deeper discussion with Adrian he felt a solution here (other than multiple iFrames) would either be too open to exploitation or to properly construct validation the cost would be too high on the UA.  Unless someone can think of a middle path, it appears we only have the multi-iFrame approach to deal with this issue.

Yes.  I think a number of us are sympathetic to the problem, but (like you and Adrian) currently unable to find a middle path.  Sorry…

>  
> - Shane
>  
> From: Roy T. Fielding [mailto:fielding@gbiv.com] 
> Sent: Saturday, April 13, 2013 3:18 PM
> To: Matthias Schunter
> Cc: public-tracking@w3.org (public-tracking@w3.org)
> Subject: Re: Issue maintenance for the TPE spec
>  
>  
> On Apr 12, 2013, at 5:39 AM, Matthias Schunter (Intel Corporation) wrote:
> 
> 
> Hi Folks,
> 
> 
> in order to ensure that the issues documented in the next working draft of TPE reflect our actual status,
> I conducted some issue maintenance (Note: The list below does NOT close any issues) that I document in this email.
> 
> Feel free to drop me a line if you believe that any of the proposed changes do not reflect the current state of our discussion.
> 
> ISSUE-112<stock_edit2.png>
> How are sub-domains handled for site-specific exceptions?
> http://www.w3.org/2011/tracking-protection/track/issues/112
> CHANGE:  OPEN to Pending Review
> Reason:  We agreed to use cookie-like rules; this is reflected in the updated TPE spec and needs further review.
>  
> I was going to update the status in TPE, but I don't see any evidence
> that cookie-like rules have been introduced for UGE comparisons.
> There is something vaguely like wildcards for storage, but that
> isn't useful if the process for determining what to send in DNT
> only checks for origin matches.
>  
> ISSUE-167<stock_edit2.png>
> Multiple site exceptions
> http://www.w3.org/2011/tracking-protection/track/issues/167
> CHANGE:  OPEN to Pending Review
> Reason:  It seems as if everyone can live without special support for multi-site exceptions (i.e., using iframes as a workaround); 
> this is reflected in the updated TPE spec and needs further review.
>  
> As far as I can tell, the TPE does not support exceptions that
> apply across multiple first party sites due to the origin policy
> and there is little interest in pursuing yet another API.
> Hence, the proposed status change should be to CLOSED.
>  
> Cheers,
>  
> ....Roy

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Monday, 15 April 2013 09:10:18 UTC