W3C home > Mailing lists > Public > public-p3p-spec@w3.org > July 2003

Re: [BH] The most generic binding

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 16 Jul 2003 19:18:02 +0200
To: public-p3p-spec <public-p3p-spec@w3.org>
Message-ID: <20030716171802.GR1359@rigo.w3.org>

On Wed, Jul 16, 2003 at 11:55:17AM -0400, Joseph M. Reagle Jr. wrote:
> Ah, ok, though it seems to be complicate things for reasons I don't quite 
> understand yet. Some questions/issues:

I don't know if it complicates things as it removes the whole overhead
of referencing and integrates into the natural way of writing down XML.

> 1. What is the benefit of splitting the policies out across these sections 
> over the existing mechanism of having different DATA elements in different 
> POLICY elements within a POLICIES?

See your mail to Lorrie: You seem to assume a binding between an
XPointer and a P3P Data-Element. This binding does not exist now. In
fact, that is the second solution Lorrie mentioned in the call today: 

Extending the PRF to allow XPointer - Statements and bind a specific
policy to a specific node-set in the XML-Document. This needs a second
document to be written. This adds overhead as you still need a binding
mechanism while an attribute would have an implicit binding of the
policy by the element it sits on.

E.g. your XForms engine would have to implement XPointer for that reason
while the direct attribute would only trigger the simple parsing of that
new attribute which is then delivered to the P3P engine.

So my arguments are:
It is easier to write
It is more intuitive
It is easier to implement

> 2. In your example, this means that the XML application schema will have to 
> permit these foreign P3P elements, which prexisting XML formats won't be 
> able to accomodate, and all such future ones would have to take this into 
> account for, which I think unlikely.

This is ignoring the fact that we are already mixing namespaces today,
if the mixing is well defined. So the XML application schema does not
have to accomodate, but the application must be aware of this generally
available attribute that we have specified in some specification. This
at least what Steven Pemberton suggested. Other Specifications, he said,
could just use this short specification and kind of 'import' it. 

So the scope of this is not only addressing P3P 1.0 and Web Services but
also all kinds of future dependencies of e.g. Device Independence
Specifications.

> 
> I do believe that in the future once we have the P3P data structures in 
> standard XML/schema, it will probably make sense to reconsider the design 
> of P3P with all of the stuff, but in the medium term P3P 1.0 gives you the 
> granularity in the policy, and the XForms proposal gives us a way to map a 
> form element with a DATA ref that one will find in the POLICY, right?

Giles has already written a XSLT-transform to transform P3P data schemas
into XML Schema. So this can be transformed already on the fly. But the
granularity you are claiming is simply not there, as the binding
mechanism is not there. So we have three possibilities:

1/ Stick with the existing binding and require a URI for everything, not
allowing to address sub-parts of a document (e.g. XForms form-fields)

2/ Add a complicated binding mechanism a la XPointer/XPAth to the Policy 
Reference File allowing to address a certain nodeset of an existing XML
Document (which still needs to have a URI)

3/ Have an elegant way of implicitly binding a P3P Policy to an
arbitrary XML Element as an addition to the things already under 
way in [1]. This attribute would carry it's own namespace. Applications
that are P3P - aware can just use it out of the box by implementing the
desired behaviour. (binding)

  1. http://www.w3.org/P3P/2003/p3p-beyond-http/Overview.html

Best,
-- 
Rigo Wenning            W3C/ERCIM
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis
Received on Wednesday, 16 July 2003 13:50:34 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:26 EST