W3C home > Mailing lists > Public > public-p3p-spec@w3.org > July 2003

Re: [BH] The most generic binding

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 16 Jul 2003 15:13:01 -0400
Cc: Rigo Wenning <rigo@w3.org>, public-p3p-spec <public-p3p-spec@w3.org>
To: Joseph Reagle <reagle@w3.org>
Message-Id: <8484726C-B7C1-11D7-B21F-000393DC889A@research.att.com>


>> b. When you want to bind a P3P policy to a particular XML element
>> within an XML document, but not to the entire document.
>
> Can't the Policy simply enumerate that particular element via
>   <DATA ref="#user.home-info.city"/>

The semantics of a P3P policy is that is applies to all data collection 
associated with a URI -- you cannot currently exclude data collected at 
that URI from your policy. If you only reference a particular element 
in your policy and do not reference the other elements at that policy, 
then your policy is wrong. This is especially problematic in the case 
of multiple policies applying to different elements on a page -- how 
would you explain that in the existing framework unless each element 
was submitted to a different action URI?

>
>> c. When you want to bind a P3P policy to an XML document and don't 
>> have
>> the ability to use the WKL or header methods for the PRF
>
> What is WKL? Is this addressed the same way as (a) above?

WKL is well known location

>> - An extension to the PRF syntax to allow binding to a particular XML
>> element at a URL rather than to the whole document at that URL (this 
>> is
>> another way to satisfy point b above)
>
> This is the bit I'm not understanding yet.
>
>

Imagine that the INCLUDE syntax in a PRF allowed you to say that the 
scope of a policy was a specific set of XML elements found at a URI 
rather than to all content found at that URI.

Lorrie
Received on Wednesday, 16 July 2003 15:10:36 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:26 EST