W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

RE: ACTION-258: Propose 'should' for same-party and why

From: Adrian Bateman <adrianba@microsoft.com>
Date: Wed, 20 Mar 2013 04:24:51 +0000
To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org Working Group" <public-tracking@w3.org>
Message-ID: <219588db025b4bb8bf048de95c1275ef@BL2PR03MB604.namprd03.prod.outlook.com>
On Tuesday, January 22, 2013 12:33 PM, Rigo Wenning wrote:
> Roy Fielding as best explained this issue in
> http://lists.w3.org/Archives/Public/public-tracking/2013Jan/0083.html
> 
>  At the end, in possibilities (y) and (z), Roy's email perfectly
> describes the issue and the benefit of having a first origin describing
> other first parties or service providers in the Tracking Status Report
> as "same party".
>  It is therefore suggested to use the following wording:
>  Old wording:
>  An optional member named same-party may be provided with an array value
> containing a list of domain names that the origin server claims are the
> same party, to the extent they are referenced by the designated
> resource, since all data collected via those references share the same
> data controller as the designated resource.
> 
>  New wording:
>  An optional member named same-party SHOULD be provided with an array
> value containing a list of domain names that the origin server claims
> are the same party, to the extent they are referenced by the designated
> resource, since all data collected via those references share the same
> data controller as the designated resource.

Something cannot be both optional and required to "SHOULD", which as we've
discussed many times before means "MUST unless you have a very good reason".
Being expensive isn't usually a good reason.

The compliance spec already provides a definition that allows people to
determine same party status.
http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#def-party

If sites want to voluntarily also provide concrete information in the TSR then
they are welcome to but they should not be required to do this. This may be
complex and costly for parties that have a large number of domains but which
otherwise easily meet the same party definition (commonly owned, easy
discoverability, etc.)

As I've said before, I think the old text is better.

Cheers,

Adrian.
Received on Wednesday, 20 March 2013 04:26:06 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC