W3C home > Mailing lists > Public > public-tracking@w3.org > June 2013

RE: Text for ISSUE-164

From: Matthias Schunter (Intel Corporation) <mts-std@schunter.org>
Date: Tue, 04 Jun 2013 19:06:55 +0200
Message-ID: <51AE1EAF.1030508@schunter.org>
To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
Hi Rigo,

Thanks for the text. Unless I receive other statements, I see this as a 
way forward towards an agreement. In this case, we should discuss the 
proposed text during this call (or one of the subsequent calls).

Matthias
> -----Original Message-----
> From: Rigo Wenning [mailto:rigo@w3.org]
> Sent: Tuesday, June 04, 2013 5:00 PM
> To: public-tracking@w3.org; Matthias Schunter (Intel Corporation)
> Subject: Text for ISSUE-164
>
> Hi Matthias,
>
> I think SHOULD and MUST are off the table AFAIK. But I still would like to
> include the non-normative text below. (English native speakers please
> correct or shorten)
>
>  --Rigo
>
> On Tuesday 04 June 2013 15:04:47 Matthias Schunter wrote:
> > ISSUE-164: To what extent should the "same-party" attribute of
> > tracking  status resource be required
> > http://www.w3.org/2011/tracking-protection/track/issues/164
> > (A) Current draft: Resource is optional
> > (B) Alternative proposal 1: If multiple domains on a page belong to
> > the  same party, then this fact /SHOULD/ be declared using the
> > same-party attribute
> > (C) Alternative proposal 2: State that user agents /MAY/ assume that
> > additional elements that are hosted under a different URL and occur on
> > a  page and declare "intended for 1st party use" are malicious unless
> > this URL is listed in the "same-party" attribute
> >   => Concrete text is needed to issue a call
>
> Suggested Text for option C:
>
> A user experience on the web can be composed of elements from a variety
> of resources that are assembled into one user experience by the user agent.
> Many of those resources, even under different domain names, may belong
> to the same data controller or to service providers that act as data
> processors for the controller.
>
> A user agent fetching elements from different resources may want to check
> whether a claim from a resource to be under control by the same party is
> backed by the first party the service claims to cater to. This is especially the
> case if elements from a different origin have to be mashed up. The user
> agent can check whether such claims are backed by the first party of the top
> origin by verifying the <code>same- party</code> declaration of that origin.
> In case the service provider's claim is not backed by the first party of the
> initial origin, a user agent may decide to block such elements or resources.
>
>
>

Intel GmbH
Dornacher Strasse 1
85622 Feldkirchen/Muenchen, Deutschland
Sitz der Gesellschaft: Feldkirchen bei Muenchen
Geschaeftsfuehrer: Christian Lamprechter, Hannes Schwaderer, Douglas Lusk
Registergericht: Muenchen HRB 47456
Ust.-IdNr./VAT Registration No.: DE129385895
Citibank Frankfurt a.M. (BLZ 502 109 00) 600119052
Received on Thursday, 6 June 2013 06:42:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:39:41 UTC