Difference between revisions of "FirstThirdPartyDetection"

From W3C Wiki
Jump to: navigation, search
(Contributors)
(Goals: adding information about issues.)
 
Line 12: Line 12:
 
=== Goals ===
 
=== Goals ===
  
* How can a site tell in what category it is (wrt a request).
+
How can a site tell in what category it is (wrt a request). Identifying a group of sites belonging to the same commercial entity is hard. There are many cases:
  
 +
* '''bigco.example.com has another company sisterco.example.net'''. They could contain an additional HTTP header pointing to a BigCo sitemap containing a list of all subcompanies. ISSUE: This format doesn't exist and it is very unlikely to have a consensus about it in a short time. It would be very hard to maintain. Specifically with companies having hundred of Web sites across the world (different TLDs), promotional Web sites (for example movie site which lasts usually a couple of years and dies), etc.
 +
* '''example.com/littleCo and example.com/tinyCo sharing the same example.com'''. There are plenty of small businesses out there sharing the same domain name. The domain name in this case is not anymore a good metaphor for exposing the commercial entity. There can be thousands of commercial entities under the same domain name but having different paths.
 +
 +
Because of at least these two cases, any associated sites should always be considered third party with regards to the first one. Note that it doesn't solve the second case of businesses sharing the same domain name.
  
 
=== Criteria ===
 
=== Criteria ===

Latest revision as of 22:19, 21 October 2011

W3C DNT Scratchpad for ISSUE-60

2011-10-13 M. Schunter (IBM, Editor) ISSUE-60

Working Definitions

  • 1st party: The site that the user visits directly (e.g. by typing the URL, bookmarks, following a link, etc)
  • associated parties: Other sites (with different URLs) that may be exempted. E.g. co-branded sites such as lotus.com that belongings to IBM (and may be run on same or different infrastructure)
  • 3rd parties: All other sites

Goals

How can a site tell in what category it is (wrt a request). Identifying a group of sites belonging to the same commercial entity is hard. There are many cases:

  • bigco.example.com has another company sisterco.example.net. They could contain an additional HTTP header pointing to a BigCo sitemap containing a list of all subcompanies. ISSUE: This format doesn't exist and it is very unlikely to have a consensus about it in a short time. It would be very hard to maintain. Specifically with companies having hundred of Web sites across the world (different TLDs), promotional Web sites (for example movie site which lasts usually a couple of years and dies), etc.
  • example.com/littleCo and example.com/tinyCo sharing the same example.com. There are plenty of small businesses out there sharing the same domain name. The domain name in this case is not anymore a good metaphor for exposing the commercial entity. There can be thousands of commercial entities under the same domain name but having different paths.

Because of at least these two cases, any associated sites should always be considered third party with regards to the first one. Note that it doesn't solve the second case of businesses sharing the same domain name.

Criteria

  • Simplicity
  • Ease to implement
  • General applicability

Options / Alternative Solutions

  • Referrer?