- From: Rigo Wenning <rigo@w3.org>
- Date: Fri, 22 Mar 2013 12:22:26 +0100
- To: public-tracking@w3.org
- Cc: David Singer <singer@apple.com>
David, the proposed solution only works if the browser implements TSR. Nobody does that so far. So this is the condition under which it could work. No TSR, no possibility to solve this issue unless you store something into the exception store which has an entire different set of problems. more in line On Friday 15 March 2013 16:29:00 David Singer wrote: > So, proposed changes, including two minor changes: > > A] 5.2, definition of '1' tracking status value, says > > > 1 First party: The designated resource is designed for use > within a first-party context and conforms to the requirements on a > first party. fine.. > If the designated resource is operated by an outsourced > service provider, the service provider claims that it conforms to the > requirements on a third party acting as a first party. If the value of '1' is played back by a service outside the domain of the origin first identified as a first party, this resource claims to belong to the first party or to a service serving the party with no own rights to further processing data outside the permitted uses. > > perhaps it would be better if the last few words said "acting FOR a > first party"? "no own rights for processing outside the permitted uses" is the idea I wanted to capture above.. "acting for" is an imprecise equivalent that sounds nicer. > > > B] In 5.5.3 we find > > An origin server may send a member named first-party that has an array > value containing a list of URI references that indirectly identify > the first party (or set of parties) that claims to be the responsible > data controller for personal data collected via the designated > resource. An origin server that does not send first-party is implying > that its domain owner is the sole first party and that information > about its policies ought to be found on this site's root page, or by > way of a clearly indicated link from that page (i.e., no first-party > member is equivalent to:"first-party":["/"]). > > > > I suspect we need a (s) after data controller, here "that indirectly > identify the first party (or set of parties) that claims to be the > responsible data controller(s) for personal data" > > > > C] And the change from above, changing the WKR first-party member to > data-controller, or a similar term which allow its use for providing > service to a 3rd party (who in turn may have consent). Fine by me --Rigo
Received on Friday, 22 March 2013 11:22:49 UTC