Re: technical issues with multiple first parties


I think you are highlighting a tension we have had for a while.

The compliance document talks about first and third parties, and defines them in terms of user intentions (which are, alas, invisible to the browser).

The TPE talks about the top-level context, and other contexts (which are visible to the browser).

So, where you say "an assumption we would be undoing is the assumption that the User Agent (UA) knows who the first party is before it sends an HTTP request".  No, we don't assume that;  the user-agent has to work on machine-testable questions, and it knows the address in the address bar.  We kinda assume that that maps fairly well to the first party most of the time.

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Tuesday, 19 March 2013 01:02:33 UTC