1 / 9

Automated Discovery of claims of party membership

Automated Discovery of claims of party membership. …the report. What problem(s) are we solving?. 1  automated discoverability of the assertion of party relationships  discoverability by users, user-agents, researchers, enforcement…?? we need to decide which audiences we are trying to help

saber
Download Presentation

Automated Discovery of claims of party membership

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automated Discovery of claims of party membership …the report

  2. What problem(s) are we solving? • 1  automated discoverability of the assertion of party relationships •  discoverability by users, user-agents, researchers, enforcement…?? we need to decide which audiences we are trying to help • 2 when a user grants an exception to 3rd-party A on 1st party B, they could be asked to grant an exception to all sites in the party that B is a member of?

  3. Use Case(s) • The discoverability would allow a user-agent to say "note that X (a site) is a part of Y (the master party), and if you allow X to track you, that data will be available to all of Y”. • The secondmight assist reducing the 'request noise' to users: “do you want to grant an exception for these 3rd parties on ALL properties related to current-1st-party?”

  4. NOT on the table • This NOT about 1st/3rd party distinction, merely about party membership.

  5. Research Check • Did POWDER already address this problem, and if so, how, and can we use or learn something?

  6. Refined Strawman • The following techniques enable a set of Sites that form a single Party to make their assertion of relationship status automatically discoverable. • Each site in the set MAY maintain a re-direction pointer from the well-known URL /.well-known/dnt-sites to that same URL at their master site.  At the master site, that URL MAY resolve to a text file that contains a list of site (domain) names, for validation. • The file dnt-sites, if it exists, contains a list of domain names, one per line. • (If the file does not exist at the master site, the user-agent might report, for example "site X claims to be part of party Y, but this cannot be verified".)

  7. Example 1 • bricks.com and mortar.com are both managed by building.com.   • The URL http://bricks.com/.well-known/dnt-sites re-directs to http://building.com/.well-known/dnt-sites (as does the URL at mortar.com) • That file contains: mortar.com bricks.com building.com

  8. Example 2 • Scores.com maintains a set of embeddable widgets at soccer-scores.com, tennis-scores.com, etc. • The user visits scores.com and says “your widgets may track me” (out of band opt-in) • They then visit a site which embeds “rowing-scores” (3rd party) and it claims to have an opt-in • The user-agent verifies that rowing-scores seems to be part of scores.com, and it knows of the user’s scores.com opt-in.

  9. Action Items • Several people to • clarify the problem • and refine the solution

More Related