90 likes | 187 Views
Automated Discovery of claims of party membership. …the report. What problem(s) are we solving?. 1 automated discoverability of the assertion of party relationships discoverability by users, user-agents, researchers, enforcement…?? we need to decide which audiences we are trying to help
E N D
Automated Discovery of claims of party membership …the report
What problem(s) are we solving? • 1 automated discoverability of the assertion of party relationships • discoverability by users, user-agents, researchers, enforcement…?? we need to decide which audiences we are trying to help • 2 when a user grants an exception to 3rd-party A on 1st party B, they could be asked to grant an exception to all sites in the party that B is a member of?
Use Case(s) • The discoverability would allow a user-agent to say "note that X (a site) is a part of Y (the master party), and if you allow X to track you, that data will be available to all of Y”. • The secondmight assist reducing the 'request noise' to users: “do you want to grant an exception for these 3rd parties on ALL properties related to current-1st-party?”
NOT on the table • This NOT about 1st/3rd party distinction, merely about party membership.
Research Check • Did POWDER already address this problem, and if so, how, and can we use or learn something?
Refined Strawman • The following techniques enable a set of Sites that form a single Party to make their assertion of relationship status automatically discoverable. • Each site in the set MAY maintain a re-direction pointer from the well-known URL /.well-known/dnt-sites to that same URL at their master site. At the master site, that URL MAY resolve to a text file that contains a list of site (domain) names, for validation. • The file dnt-sites, if it exists, contains a list of domain names, one per line. • (If the file does not exist at the master site, the user-agent might report, for example "site X claims to be part of party Y, but this cannot be verified".)
Example 1 • bricks.com and mortar.com are both managed by building.com. • The URL http://bricks.com/.well-known/dnt-sites re-directs to http://building.com/.well-known/dnt-sites (as does the URL at mortar.com) • That file contains: mortar.com bricks.com building.com
Example 2 • Scores.com maintains a set of embeddable widgets at soccer-scores.com, tennis-scores.com, etc. • The user visits scores.com and says “your widgets may track me” (out of band opt-in) • They then visit a site which embeds “rowing-scores” (3rd party) and it claims to have an opt-in • The user-agent verifies that rowing-scores seems to be part of scores.com, and it knows of the user’s scores.com opt-in.
Action Items • Several people to • clarify the problem • and refine the solution