hlflanagan
commented
2 years ago Would this scenario require the use of 3p cookies?
Open kdeqc opened 2 years ago
hlflanagan
commented
2 years ago Would this scenario require the use of 3p cookies?
hlflanagan
commented
2 years ago Discussed on 2021-12-10 fedidcg call
User story
I've purchased multiple services to help me run my web site (say content management, ecommerce, email management,, web analytics, and chat services). To administer the services, I go to a login page to a portal site where I login with my own credentials for the portal. Each service has its own credential system, so the portal is using identity federation instead of a simple single-credential SSO setup.
Context of the story
This is an enterprise authentication flow.
Should this be considered sanctioned or unsanctioned tracking?
TBD
Explicit list of parties involved
Complicating characteristics
Whether or not all of the services are owned by the same organization or not. In this case, let's assume all of the services are owned by the same organization.
Additional information
We agreed that the technical implementation details matter - so in this use case, let's assume this is a standard OAuth setup like:
For the purpose of this use case, let's also assume that this is using a global identifier for the organization as a whole as well.