- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 3 Feb 2012 09:40:16 -0800
- To: David Singer <singer@apple.com>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Feb 3, 2012, at 2:02 AM, David Singer wrote: > I think I explained in the introduction; > >>> (All these definitions etc. rely on being able to define "site" or "party", by the way. I don't see how to escape that, as many have pointed out, since it's within a 'party' that information flows, and so on.) > > It is a term to describe the envelope of the organization within which data flows. I assume you are not proposing that images.example.com and store.example.com should be required to keep separate data, as they are separate 'sites'. You seem to prefer 'service'; I don't mind what word is used: Yes, I prefer service now because I did not intend site == domain -- it was just short-hand for the group of same-branded sites that a user expects to be interacting with as a service. Service also matches EU policy. BTW, that's why I prefer the EU term of data processor rather than the "service provider" or "outsourced" that others have used. I am new to this stuff, but the terminology makes sense once you know what is being protected, and I don't think we should waste time reinventing it, though I do think we'll have to explain it better than the policy docs. I am more interested in figuring out if we all agree to protect the same things. I.e., is there something that someone in the WG wants to protect by DNT that is not protected by this model and would be protected by the 1st/3rd party corporate distinctions with multitudes of exceptions? ....Roy
Received on Friday, 3 February 2012 17:40:45 UTC