- From: Michael Kleber <kleber@google.com>
- Date: Mon, 19 Aug 2019 20:49:25 -0400
- To: Andrew Knox <ajknox@fb.com>
- Cc: "public-web-adv@w3.org" <public-web-adv@w3.org>
- Message-ID: <CAA6DcCfhudTjSE4_tB1jFUpbJE6LJch3XL2JBU6k8YB8d0FZDg@mail.gmail.com>
Regarding Andrew's point on the mismatch between first-party-vs-third-party domains and real-world entities, please take a look at Mike West's https://github.com/mikewest/first-party-sets. I hope something like this will be the future of how everything beyond the Same-Origin Policy works. I'm not sure this offers everything Wendell wants, but it's a good place to start. --Michael On Mon, Aug 19, 2019 at 4:59 PM Andrew Knox <ajknox@fb.com> wrote: > Hi All, > > I wanted to thank Charlie, Brad, and Michael for putting the proposals > forward yesterday and explaining them. The token proposal especially is the > type of proposal and approach we're most interested in - a tool that can be > used in service of solving the difficult problems required to have a > healthy web ecosystem and economy. > > There were a few other issues we've dropped a bit along the way though > that I'd like to hear more about in a future meeting. > > One is the Webkit tracking policy announcement last week - this takes a > pretty bold stance on some important principles and lists out some of the > side effects. I would really appreciate it if Jason or someone else from > Apple is willing to talk more about it next meeting - how they arrived at > the principles and how they are thinking about testing and applying them. > > Another issue Wendell has brought up in a few contexts that I would love > to explore more concretely is the mismatch between the online understanding > of 1st and 3rd party (same origin, CORS, etc.) which is a crucial security > concept, and the offline reality of that interfering with legitimate use > and enterprise (company owns many websites, ostensibly 3rd party > relationship is actually a key part of first party experience, etc.) which > more closely matches offline consumer-to-business relationships. I'd be > really interested to see a writeup or proposal on this topic, for example > how to maintain security and transparency in a world where a DNS is not the > arbiter of degree of relationship. > > Cheers, > Andrew > > -- Forewarned is worth an octopus in the bush.
Received on Tuesday, 20 August 2019 00:50:04 UTC