action-343, issue-112: changes to the draft necessary for sub-domains under the origin model

In November I summarized what I believed to be the current state of proposals to include sub-domains in expanding the breadth of first parties in site-wide exceptions and third parties in Web-wide exceptions [0]. I suggested, and believed us to have consensus on, the origin model, as opposed to using cookie-matching rules.

In addition, I proposed, in response to use cases described by Vinay, that there was a particular use for optionally allowing third parties to expand a Web-wide exception to their subdomains. I've drafted the changes necessary for an optional `includeSubdomains` parameter.

I subsequently volunteered to propose specifically what change would be necessary to the draft to implement this. As the draft already assumed the origin model, these were small changes; in fact, the draft already contains a block noting the proposed resolution to issue 112. I have attached a diff. I haven't included non-normative text that I'd suggested we could write around UAs providing a UI to expand the user-granted exception to other origins in the same-party; that text would depend on our resolution of the exception model.

Matthias has suggested that on the last call we agreed to pursue cookie-like subdomain handling [1]. I believe that is a misremembering of the call/current state; the minutes show that there are different views on the topic [2]. I took this action to provide clarity on what exactly would be needed for the origin model.



Received on Wednesday, 23 January 2013 06:19:37 UTC