Re: P3P - Feedback on Access Control

The heart of the issue is how policy is discovered; the current ED  
uses a per-resource OPTIONS, while almost every other solution in this  
space uses a well-known-location.

The decision to Recommend a new mechanism for discovering policy  
shouldn't be taken lightly. I've pointed out several problems with the  
current proposal, and haven't received satisfactory responses to many  
of them.

As far as a proposal, take a look at P3P, site maps and robots.txt;  
they all reflect a fair amount of work in this area. I'm not inclined  
to spend more time working up a detailed proposal until I'm satisfied  
that it'll be taken seriously.

Regards,


On 24/01/2008, at 8:48 AM, Anne van Kesteren wrote:

> On Wed, 23 Jan 2008 08:16:12 +0100, Mark Nottingham <mnot@yahoo-inc.com 
> > wrote:
>> While the web architectural implications of a "magic" well-known  
>> location are known, it's also an eminently practical solution, one  
>> that's been used not only for P3P, but also robots.txt and site  
>> maps (which leverages robots). Why is this problem so different  
>> that it requires people to learn a whole new way to associate  
>> policy with resources?
>
> The WAF Working Group would like to know what problem you're trying  
> to solve and would also like some more details on this "like-P3P"  
> proposal. We would be most grateful if you could provide those.
>
> (This is ACTION-156.)
>
>
> -- 
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>

--
Mark Nottingham       mnot@yahoo-inc.com

Received on Wednesday, 23 January 2008 23:43:35 UTC