- From: Tamir Israel <tisrael@cippic.ca>
- Date: Wed, 13 Jun 2012 10:24:58 -0400
- To: ifette@google.com
- CC: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Hi Ian, I'm not certain this is as clear as you imply. The entire concept of a federated identity system, for example, is to segregate the identity provider from any processing tasks beyond identity authentication. I would not expect an OpenID identity provider, for example, to suddenly become a 1st party simply because I used it to sign in). The role of that provider should be completed once my identity has been authenticated. Best, Tamir On 6/13/2012 10:13 AM, Ian Fette (イアンフェッティ) wrote: > This email is intended to satisfy ACTION-187 and ISSUE-99 > > I propose adding to the compliance spec the following: > > "If a site offers users the choice to log in with an identity > provider, via means such as OpenID, OAuth, or other conceptually > similar mechanisms, the identity provider is considered a first party > for the current transactions and subsequent transactions for which the > user remains authenticated to the site via the identity provider." > > Clearly when the user is logging in, there is a meaningful interaction > with what was previously a third party widget, thus promoting it to a > first party. If all that's being provided is a userid, then the > interaction is basically over at that point. If more info is being > provided from the user's account (such as a friend list, a chat > widget, or whatever), I think one could still assume that the user > made a meaningful interaction with that party and thus the party is > still a first party. > > -Ian
Received on Wednesday, 13 June 2012 14:25:43 UTC