W3C home > Mailing lists > Public > public-p3p-spec@w3.org > July 2003

Re: [BH] The most generic binding

From: Joseph Reagle <reagle@w3.org>
Date: Wed, 16 Jul 2003 09:53:52 -0400
To: Rigo Wenning <rigo@w3.org>, public-p3p-spec <public-p3p-spec@w3.org>
Cc: Steven Pemberton <steven@w3.org>
Message-Id: <200307160953.52390.reagle@w3.org>

On Wednesday 16 July 2003 08:12, Rigo Wenning wrote:
> I owe you this since a long time.

Yes, and now I expect to have little time for this issue.

> Steven Pemberton suggested a very simple binding that would allow to
> bind a P3P-Policy to arbitrary XML-Elements. He thought it would be a
> quick and short specification to do as it would define a generic
> attribute like xml lang=..[1] This could be done in a separate
> specification, but is also a possible candidate be included in the
> [beyond HTTP] stuff.
>
> So I suggest to specify an XML-attribute that can be generally used to
> point to a _Policy_ (not PRF). The binding is no issue as the attribute
> itself defines it's own binding by the element it is sitting on.

I don't completely understand. I note that in the CR [a] they have a 
mechanism for associating an input with a "p3ptype." (I'll also note that 
for historical purposes some privacy advocates *objected* to P3P 
controlling the exchange of information under a policy. For some reason, 
when we made the policy orthogonal to the actual auto-fill or control of 
the exchange, which permits someone to make misrepresentations in the 
policy and then solicit lots of unrelated information in a form, they felt 
*happier*. <shrug/>)

[a] http://www.w3.org/TR/xforms/slice6.html#model-prop-p3ptype

> In a past email, Steven Pemberton gave an example of how this could look
> like[2]

You seem to be suggesting that you'd associate an actual policy with an 
element (e.g., p3ppolicy), for example:
<model>
 <instance><root><yourname/><homeEmailAddress></root></instance>
 <bind "creditCardNumber" p3ppolicy="http://example.com/some-policy.xml"/>
</model>
but I don't think that's what Steven is discussing in [2]. I *think* they 
are using p3ptype and perhaps asking two questions:
1. How/when is the evaluation of a policy governing a form field 
corresponding to a p3ptype affect the auto-filling of the form. I think 
Steven is comfortable with the model there but I can't say I understand 
everything involved there.
2. Even if the P3P policy permits its release, should it be released if the 
form field is not displayed to the user via old CSS mechanisms, or XForms 
switch/case mechanism. I think it would be a good idea for the HTML family 
of specifications to recommend that fields should NOT be auto-filled if 
they are not presented to the user. (Of course, agents will not be able to 
figure this out in all cases as one could use various size,color, CSS 
tricks?)

[2] http://lists.w3.org/Archives/Member/w3c-forms/2003JanMar/0127.html
Received on Wednesday, 16 July 2003 09:53:55 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:26 EST