W3C home > Mailing lists > Public > public-tracking@w3.org > October 2014

Re: TPE last-call issues on my plate, summary

From: David (Standards) Singer <singer@apple.com>
Date: Thu, 09 Oct 2014 10:17:01 -0700
Cc: Sid Stamm <sstamm@mozilla.com>, Tracking Protection Working Group <public-tracking@w3.org>
Message-id: <5274027A-C993-4525-8650-E45A67AD854F@apple.com>
To: Anne van Kesteren <annevk@annevk.nl>

On Oct 9, 2014, at 10:05 , Anne van Kesteren <annevk@annevk.nl> wrote:

> On Thu, Oct 9, 2014 at 7:00 PM, David (Standards) Singer
> <singer@apple.com> wrote:
>> Given that, the group tried to minimize difference from existing techniques, notably cookie and script cross-origin, so as to re-use as much as possible (concept and code).  I get the sense that you’d prefer a more modern design that represents an improvement on cookies, cors, and the like. I am not sure the group agrees; simple/compatible to implement is actually desirable.  (That’s why I hesitate about promise returns, for example, and I am pushing back gently on expiration parameters).
> To be clear, cookies and document.domain and friends depend on
> publicsuffix.org. That is bad. We don't want to increase the amount of
> things that depend on that unless there's a very compelling reason.
> Anything new we've done for the last decade or so has been based on
> origins.

Do you have the time to sketch out what it would look like using origins?  I think the WG would be happy to look.

The obvious problem: roughly, you need to be able to set an exception for a group of properties (hosts) from one of them (e.g. from dnt-center.yahoo.com, for all yahoo.com hosts), but obviously not see/set/cancel exceptions for properties that are not ‘yours’. The API operation, and the decision on whether a recorded exception applies in this case (i.e. the decision on what DNT header to send), both need to have a model that achieves this.

David Singer
Manager, Software Standards, Apple Inc.
Received on Thursday, 9 October 2014 17:17:38 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:24 UTC