Re: [w3ctag/design-reviews] Distributed Tracing WG: Baggage specification TAG review (#650) from Daniel on 2021-06-29 (public-webapps-github@w3.org from June 2021)

From: Daniel <notifications@github.com>
Date: Tue, 29 Jun 2021 08:51:30 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/650/870716803@github.com>

Can you clarify what a user-agent is meant to do on receiving this header, if anything?

This issue came up during Chromium Security & Privacy review of this issue, and we were unclear whether the spec is meant to apply to browsers / user agents or not. The spec seems primarily concerned with "downstream services", but the last example in the explainer shows a web browser echoing a "W3C Trace ID" back to a server, which would make this functionality cookie-equivalent. However, the implications of being cookie-like (life time? origin bound? which permissions apply?) do not seem to be spelled out clearly.



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/650#issuecomment-870716803

Received on Tuesday, 29 June 2021 15:51:42 UTC