- From: Vinay Goel <vigoel@adobe.com>
- Date: Fri, 16 Mar 2012 06:14:33 -0700
- To: Tracking Protection Working Group WG <public-tracking@w3.org>
Hi Jonathan, This is a normative statement (and not a non-normative statement as you've labeled it) and is inappropriate for inclusion in the spec. It belongs within a Best Practices document separate from the Compliance/Preferences Specs that is best published by someone other than the WG. -Vinay ___________________________________________________________________________ ________ Vinay Goel | Privacy Product Manager | Adobe Systems | Office: 917.934.0867 On 3/14/12 8:08 PM, "Jonathan Mayer" <jmayer@stanford.edu> wrote: >Here's some non-normative text on best practices for outsourcing. > >-------------------------------------------------- > >I. Technical Precautions > >A. Siloing in the Browser > >Outsourcing services should use browser access control features so that >stored data specific to one first party is never accessed or collected >when the user visits another first party. > >i. Same-Origin Policy > >The same-origin policy silos stored data by domain name. An outsourcing >service can use a different domain name for each first party. > >Example: Example Analytics provides an outsourced analytics service to >Example News and Example Sports, two unrelated websites. Example >Analytics stores its cookies for Example News at >examplenews.exampleanalytics.com, and it stores its cookies for Example >Sports at examplesports.exampleanalytics.com. > >An outsourcing service could also use the first party's domain. > >Example: Example Analytics stores its cookies for Example News at >examplenews.com, and it stores its cookies for Example Sports at >examplesports.com. > >ii. Cookie Path Attribute > >The HTTP cookie path can be used to silo data to a first party. > >Example: Example Analytics stores its cookies for Example News with >"Path=/examplenews", and it stores its cookies for Example Sports with >"Path=/examplesports". > >iii. Storage Key > >For key/value storage APIs, such as Web Storage and Indexed Database, an >outsourcing service can use a different key or key prefix for each first >party. > >Example: Example Analytics stores data for Example News at >window.localStorage["examplenews"] and data for Example Sports at >window.localStorage["examplesports"]. > >B. Siloing in the Backend > >i. Encryption Keys > >An outsourcing service should encrypt each first party's data with a >different set of keys. > >ii. Access Controls > >An outsourcing service should deploy access controls so that only >authorized personnel are able to access siloed data, and only for >authorized purposes. > >iii. Access Monitoring > >An outsourcing service should deploy access monitoring mechanisms to >detect improper use of siloed data. > >C. Retention in the Backend > >An outsourcing service should retain information only so long as >necessary to provide necessary functionality to a first party. If a >service creates periodic reports, for example, it should delete the data >used for a report once it is generated. An outsourcing service should be >particularly sensitive to retaining protocol logs, since they may allow >correlating user activity across multiple first parties. > >II. Business Precautions > >i. Policy > >An outsourcing service should establish a clear internal policy that >gives guidance on how to collect, retain, and use outsourced data in >compliance with this standard. > >ii. Training > >Personnel that interact with outsourced data should be familiarized with >internal policy on compliance with this standard. > >iii. Supervision and Reporting > >An outsourcing service should establish a supervision and reporting >structure for detecting improper access. > >iv. Auditing > >External auditors should periodically examine an outsourcing service to >assess whether it is in compliance with this standard and has adopted >best practices. Auditor reports should be made available to the public. > > Confidentiality Notice: The contents of this e-mail (including any attachments) may be confidential to the intended recipient, and may contain information that is privileged and/or exempt from disclosure under applicable law. If you are not the intended recipient, please immediately notify the sender and destroy the original e-mail and any attachments (and any copies that may have been made) from your system or otherwise. Any unauthorized use, copying, disclosure or distribution of this information is strictly prohibited. <ACL>
Received on Friday, 16 March 2012 13:15:26 UTC