W3C home > Mailing lists > Public > public-tracking@w3.org > March 2013

Re: technical issues with multiple first parties

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 22 Mar 2013 12:03:27 +0100
To: public-tracking@w3.org
Cc: David Singer <singer@apple.com>
Message-ID: <2728930.GbhFbtZ6Sg@hegel.sophia.w3.org>
On Monday 18 March 2013 18:02:01 David Singer wrote:
> So, where you say "an assumption we would be undoing is the assumption
> that the User Agent (UA) knows who the first party is before it sends
> an HTTP request".  No, we don't assume that;  the user-agent has to
> work on machine-testable questions, and it knows the address in the
> address bar.  We kinda assume that that maps fairly well to the first
> party most of the time.

There are many many cases where domain names do not match parties. There 
are two ways to address the issue: 

1/ only work on domain names and ignore the rest (Roy and Adrian 
stating: no known implementation implements the TSR) => it becomes the 
responsibility of the browser to determine the party. But they can't, 
they can only look at domains. This then creates developer nightmare 
resulting in "make browser happy" implementations so that the site 
works. Confronted with cheating or site not working, people will go for 
cheating and will find understanding in courts. 

2/ look into what the service tells you => responsibility of the 
service. If the response to a GET request on example.org is Tk:1 you 
treat them as a first party. As nobody is implementing this.... => the 
browser remains responsible. 

There is a feedback loop from the service to the browser for a reason. 
And this reason is not only to have pre-flight conditions or having one 
researcher holding up the entire industry for doing some obscure 
measurements. It is also for the service to be able to give context to 
the browser. If the browser ignores the context, it acquires the 
problem. 

 --Rigo
Received on Friday, 22 March 2013 11:03:51 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:07 UTC