- From: Rigo Wenning <rigo@w3.org>
- Date: Tue, 04 Jun 2013 16:59:45 +0200
- To: public-tracking@w3.org, "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
Hi Matthias, I think SHOULD and MUST are off the table AFAIK. But I still would like to include the non-normative text below. (English native speakers please correct or shorten) --Rigo On Tuesday 04 June 2013 15:04:47 Matthias Schunter wrote: > ISSUE-164: To what extent should the "same-party" attribute of > tracking status resource be required > http://www.w3.org/2011/tracking-protection/track/issues/164 > (A) Current draft: Resource is optional > (B) Alternative proposal 1: If multiple domains on a page belong to > the same party, then this fact /SHOULD/ be declared using the > same-party attribute > (C) Alternative proposal 2: State that user agents /MAY/ assume that > additional elements that are hosted under a different URL and occur on > a page and declare "intended for 1st party use" are malicious unless > this URL is listed in the "same-party" attribute > => Concrete text is needed to issue a call Suggested Text for option C: A user experience on the web can be composed of elements from a variety of resources that are assembled into one user experience by the user agent. Many of those resources, even under different domain names, may belong to the same data controller or to service providers that act as data processors for the controller. A user agent fetching elements from different resources may want to check whether a claim from a resource to be under control by the same party is backed by the first party the service claims to cater to. This is especially the case if elements from a different origin have to be mashed up. The user agent can check whether such claims are backed by the first party of the top origin by verifying the <code>same- party</code> declaration of that origin. In case the service provider's claim is not backed by the first party of the initial origin, a user agent may decide to block such elements or resources.
Received on Tuesday, 4 June 2013 15:00:18 UTC