RE: Text for ISSUE-164

Hi Rigo,

Thanks for the text. Unless I receive other statements, I see this as a 
way forward towards an agreement. In this case, we should discuss the 
proposed text during this call (or one of the subsequent calls).

> -----Original Message-----
> From: Rigo Wenning []
> Sent: Tuesday, June 04, 2013 5:00 PM
> To:; Matthias Schunter (Intel Corporation)
> Subject: Text for ISSUE-164
> Hi Matthias,
> I think SHOULD and MUST are off the table AFAIK. But I still would like to
> include the non-normative text below. (English native speakers please
> correct or shorten)
>  --Rigo
> On Tuesday 04 June 2013 15:04:47 Matthias Schunter wrote:
> > ISSUE-164: To what extent should the "same-party" attribute of
> > tracking  status resource be required
> >
> > (A) Current draft: Resource is optional
> > (B) Alternative proposal 1: If multiple domains on a page belong to
> > the  same party, then this fact /SHOULD/ be declared using the
> > same-party attribute
> > (C) Alternative proposal 2: State that user agents /MAY/ assume that
> > additional elements that are hosted under a different URL and occur on
> > a  page and declare "intended for 1st party use" are malicious unless
> > this URL is listed in the "same-party" attribute
> >   => Concrete text is needed to issue a call
> Suggested Text for option C:
> A user experience on the web can be composed of elements from a variety
> of resources that are assembled into one user experience by the user agent.
> Many of those resources, even under different domain names, may belong
> to the same data controller or to service providers that act as data
> processors for the controller.
> A user agent fetching elements from different resources may want to check
> whether a claim from a resource to be under control by the same party is
> backed by the first party the service claims to cater to. This is especially the
> case if elements from a different origin have to be mashed up. The user
> agent can check whether such claims are backed by the first party of the top
> origin by verifying the <code>same- party</code> declaration of that origin.
> In case the service provider's claim is not backed by the first party of the
> initial origin, a user agent may decide to block such elements or resources.

Intel GmbH
Dornacher Strasse 1
85622 Feldkirchen/Muenchen, Deutschland
Sitz der Gesellschaft: Feldkirchen bei Muenchen
Geschaeftsfuehrer: Christian Lamprechter, Hannes Schwaderer, Douglas Lusk
Registergericht: Muenchen HRB 47456
Ust.-IdNr./VAT Registration No.: DE129385895
Citibank Frankfurt a.M. (BLZ 502 109 00) 600119052

Received on Thursday, 6 June 2013 06:42:15 UTC