W3C home > Mailing lists > Public > public-p3p-spec@w3.org > April 2003

Re: [ietf-provreg] [BH] P3P and Extensible Provisioning Protocol

From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date: Mon, 14 Apr 2003 18:11:53 -0400
Message-Id: <200304142211.h3EMBrZj095014@nic-naa.net>
To: Joseph Reagle <reagle@w3.org>
cc: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>, "Hollenbeck, Scott" <shollenbeck@verisign.com>, Edward Lewis <edlewis@arin.net>, public-p3p-spec@w3.org, ietf-provreg@cafax.se, brunner@nic-naa.net

> > > If the initial data collection had a particular policy (P3P)
> >
> > This may be a theory-of-foo bump, or it may be a slow moving armidillo,
> > but data originates at a registrar.
> > We (epp-hat==1) aren't designing the registrar's UI.
> 
> So is the information covered is not my data (my contact info I've placed 
> with the registrar) but the registrars information? I continue to fail to 
> understand exactly what information the practice applies to and governs. I 
> suspect a step-by-step scenario would be immensely useful.

We have some rules, things like delete-object-before-create-object returns
an error.

What we don't have rule about are where registrars go to get "data", they
could just be making it up.

There is no in-band mechanism to distinguish "registrar-generated-data"
from "entity-other-than-registrar-generated-data".

There is a data collection policy announcement from a data collector, which
is indifferent as to the originator of the data which it collects, and it is
possible that a registrar might use non-fictive data.

Did the registrar use P3P when collecting the data? I've no idea. I don't
even know if the registrar was the initial data collector, or if the initial
data collector was a reseller and the registrar engaged in onward-transport.
I don't know how the data got to the registrar.

What the <dcp> covers is _everything_ in a session. Since sessions exhaust,
for the time being, the semantics of state exchange between registrars and
registries, everything collected by a registry is policied. Note that any
registry may have a number other than one of applicable <dcp> statements,
with non-overlapping session-scope.

Eric
Received on Monday, 14 April 2003 18:20:11 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:23 EST