In the Microsoft Windows XP article Understanding cookies the description is:
A first-party cookie either originates on or is sent to the Web site you are currently viewing. These cookies are commonly used to store information, such as your preferences when visiting that site.
The definition for first-party is the Web site you are currently viewing, and reading it like this it seems that there is just one first-party and the rest i third-party. But that's not true, well that depends on how you interpret it, because the most precise definition that I've found is in Privacy in Internet Explorer 6 in the section First and Third-Party Context:
Internet Explorer 6 defines first-party content as content associated with the host domain. Third-party content originates from any other domain. For example, suppose a user visits www.wideworldimporters.com by typing this URL in the address bar, and www.wingtiptoys.com has a banner ad on this page. If these two sites set cookies, the cookies from www.wideworldimporters.com are in a first-party context while the cookies from www.wingtiptoys.com are in a third-party context.
Often commercial Web pages are an amalgamation of first- and third-party content. The Internet Explorer 6 privacy features distinguish between first- and third-party content. The underlying assumption is that users have a different relationship with first parties than with third parties. In fact, users might not be aware of the third party or be given a choice of whether to have a relationship with it. For this reason, default privacy settings for third parties are more stringent than for first parties.
but it's in the associated note it's written crystal clear:
toys.wideworldimporters.comboth contain the same minimal domain,
wideworldimporters.com. Content that shares the same minimal domain as the host domain is considered first-party content. Likewise, cookies set from these domains are considered first-party cookies. Minimal domains must have the same top-level domain (TLD). Some common examples of TLDs are
I haven't heard the term minimal domain before but it's ituitive to understand. It matches (sort of) the definition of a domain cookie as defined in RFC 2965 - HTTP State Management Mechanism:
Host names can be specified either as an IP address or a HDN string. Sometimes we compare one host name with another. (Such comparisons SHALL be case-insensitive.) Host A's name domain-matches host B's if
- their host name strings string-compare equal; or
- A is a HDN string and has the form NB, where N is a non-empty name string, B has the form .B', and B' is a HDN string. (So, x.y.com domain-matches .Y.com but not Y.com.)
Next I'll have a quick look at P3P.