- From: David (Standards) Singer <singer@apple.com>
- Date: Thu, 09 Oct 2014 13:55:47 -0700
- To: Mike O'Neill <michael.oneill@baycloud.com>
- Cc: Anne van Kesteren <annevk@annevk.nl>, Sid Stamm <sstamm@mozilla.com>, Tracking Protection Working Group <public-tracking@w3.org>
On Oct 9, 2014, at 12:30 , Mike O'Neill <michael.oneill@baycloud.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It only needs to be accessed when the exception is granted. alas, that’s not what we heard when designing it. A site (whoohoo) wants to get an exception, and then later have it apply to hotnew.whoohoo.com. > There would have to be an internal array of grant objects anyway (indexed by origin) which can be assembled when the UGE API is processed. > > If using same-property is a step too far, we could ditch the cookie domain rule anyway because it only lets you declare subdomains. It is the least restrictive way we could find. It has the huge downside of sitting on public suffices, yes. We discussed that, as well, and felt that *if* we had to sit on it, we’d better sit the same way as before. > > Mike > >> -----Original Message----- >> From: David (Standards) Singer [mailto:singer@apple.com] >> Sent: 09 October 2014 20:06 >> To: Mike O'Neill >> Cc: Anne van Kesteren; Sid Stamm; Tracking Protection Working Group >> Subject: Re: TPE last-call issues on my plate, summary >> >> >> On Oct 9, 2014, at 12:03 , Mike O'Neill <michael.oneill@baycloud.com> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> If the problem is enumeration we do have the same-party property in the TSR >> (where a controller/site can declare its other domains). If we used that then we >> would not be restricted to subdomains. >> >> we had long discussions over enumerated lists, as I recall, and we were not able >> to get consensus. the same-property list in the TSR is informative etc., rather >> than driving API operation. we also can’t fetch it at every moment we want to >> send a DNT header; that decision needs to be fast. >> >>> A JavaScript aficionado might object to the dash but that’s easy to get round >> and fix if needs be. >>> >>> >>>> -----Original Message----- >>>> From: annevankesteren@gmail.com [mailto:annevankesteren@gmail.com] >> On >>>> Behalf Of Anne van Kesteren >>>> Sent: 09 October 2014 18:26 >>>> To: David (Standards) Singer >>>> Cc: Sid Stamm; Tracking Protection Working Group >>>> Subject: Re: TPE last-call issues on my plate, summary >>>> >>>> On Thu, Oct 9, 2014 at 7:17 PM, David (Standards) Singer >>>> <singer@apple.com> wrote: >>>>> The obvious problem: roughly, you need to be able to set an exception for a >>>> group of properties (hosts) from one of them (e.g. from dnt- >> center.yahoo.com, >>>> for all yahoo.com hosts), but obviously not see/set/cancel exceptions for >>>> properties that are not ‘yours’. The API operation, and the decision on >> whether >>>> a recorded exception applies in this case (i.e. the decision on what DNT >> header >>>> to send), both need to have a model that achieves this. >>>> >>>> Unless you enumerate the hosts somehow, but that still does not allow >>>> you to get around a publicsuffix.org dependency... I'm surprised we >>>> even want such an API. >>>> >>>> >>>> -- >>>> https://annevankesteren.nl/ >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.13 (MingW32) >>> Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ >>> Charset: utf-8 >>> >>> >> iQEcBAEBAgAGBQJUNtwTAAoJEHMxUy4uXm2JfXYH/31hEj+ZsXbhO+1nxCkVQE >> WV >>> >> SGSz0vJOySCDpUglx+tTPa99uM6oZwHttuX97nZ8bhd3SavQSNgq8Zc6H9RFU1Ul >>> >> 9JpGUk77NLgPeZnOMFi+9/O73gowlIqa0qBx4IndwPuQn21EdWIMCa9pEW3VwS >> G+ >>> >> bBQo8S8HkjbuUM9FZM8P1u7YlQOj3wB3NxPIvPF/YOpGYOtgjeKYFW3E5kq3/Kca >>> >> yYNcNBEmHh6MrB43Q+Sxo0IHeho3Yl3N9tvgYZ3LvN8O/M6gi4bmhugDYWtyt79 >> r >>> >> 0/WkI6+N38c9FeM2syVAmNxMKpHKq91we+gJizSxencEL0SADIWexCdgfynAaiA= >>> =vdIk >>> -----END PGP SIGNATURE----- >>> >> >> David Singer >> Manager, Software Standards, Apple Inc. >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.13 (MingW32) > Comment: Using gpg4o v3.3.26.5094 - http://www.gpg4o.com/ > Charset: utf-8 > > iQEcBAEBAgAGBQJUNuJrAAoJEHMxUy4uXm2J9ecH/0mywWEv6F/mIW1nv6Ea8LS2 > wYOUNwG2hbmaRDUxF4/PqdpLUi06XtmtIozL+GopteSahpZbbL21C9mTjBdW1A88 > XsF1bbzP3B6w5RJU54qRxTplS87hf2bE31yGtSKNCDkyKjI0XJV/MHh+ryhjDLyH > V13CzZhCLoPzTrL6L+8Xf7aYYEJ9G1eh5ZeXxjibN82/z+4+8k7WFsA/eIQxAZSU > W6l6Rb5egRWOeLeW/ekJf5DHioVel4k1caNKuLHpz97WKWIuld/ibU+BId5+YXZX > HGBoxFGVg7JhBqKhGOAZkwgibTGsWWypCr6U1+S+iapOd3kX5HIkMnecpf2oe1U= > =9Erq > -----END PGP SIGNATURE----- > David Singer Manager, Software Standards, Apple Inc.
Received on Thursday, 9 October 2014 20:56:24 UTC