Presentation on theme: "Automated Discovery of claims of party membership …the report."— Presentation transcript:
Automated Discovery of claims of party membership …the report
What problem(s) are we solving? 1 automated discoverability of the assertion of party relationships – discoverability by users, user-agents, researchers, enforcement…?? we need to decide which audiences we are trying to help 2 when a user grants an exception to 3rd- party A on 1st party B, they could be asked to grant an exception to all sites in the party that B is a member of?
Use Case(s) The discoverability would allow a user-agent to say "note that X (a site) is a part of Y (the master party), and if you allow X to track you, that data will be available to all of Y. The secondmight assist reducing the 'request noise' to users: do you want to grant an exception for these 3 rd parties on ALL properties related to current-1 st -party?
NOT on the table This NOT about 1st/3rd party distinction, merely about party membership.
Research Check Did POWDER already address this problem, and if so, how, and can we use or learn something?
Refined Strawman The following techniques enable a set of Sites that form a single Party to make their assertion of relationship status automatically discoverable. Each site in the set MAY maintain a re-direction pointer from the well-known URL /.well-known/dnt-sites to that same URL at their master site. At the master site, that URL MAY resolve to a text file that contains a list of site (domain) names, for validation. The file dnt-sites, if it exists, contains a list of domain names, one per line. (If the file does not exist at the master site, the user-agent might report, for example "site X claims to be part of party Y, but this cannot be verified".)
Example 1 bricks.com and mortar.com are both managed by building.com. The URL re-directs to known/dnt-sites (as does the URL at mortar.com) That file contains: mortar.com bricks.com building.com
Example 2 Scores.com maintains a set of embeddable widgets at soccer-scores.com, tennis-scores.com, etc. The user visits scores.com and says your widgets may track me (out of band opt-in) They then visit a site which embeds rowing- scores (3 rd party) and it claims to have an opt-in The user-agent verifies that rowing-scores seems to be part of scores.com, and it knows of the users scores.com opt-in.
Action Items Several people to – clarify the problem – and refine the solution