Re: Comments on "[P3P]: Beyond HTTP" from Joseph Reagle on 2003-06-18 (public-p3p-spec@w3.org from June 2003)

From: Joseph Reagle <reagle@w3.org>
Date: Wed, 18 Jun 2003 17:38:17 -0400
To: Hugo Haas <hugo@w3.org>, Patrick.Hung@csiro.au
Cc: public-p3p-spec@w3.org
Message-Id: <200306181738.17755.reagle@w3.org>

On Wednesday 18 June 2003 10:34, Hugo Haas wrote:
> Note that this feature could be provided by a protocol binding. For
> example, HTTP has responses and therefore the HTTP binding would
> support this simple feature.

I don't think we would want to use the HTTP binding though for our main case 
of the user and the registry. In that clase it's closer to end-to-end.

| The former [Processing Model] describes the behavior of a single 
| SOAP node with respect to the processing of an individual message. 

BTW: Does that mean that header can only be relevant to a single node? I 
don't think so because it laters says, "Such header blocks can be intended 
for any SOAP node or nodes along a SOAP message path", so perhaps that 
"single SOAP node" is innapproriate?

Regardless, of augmented our section on the Scope of Layers and Bindings 
(HTTP and SOAP) to cite the Features text from the SOAP spec since it 
coincides with our ealier recommendations:

|    Adopting applications MUST specify where relevant P3P
|    statements can be found. We RECOMMEND that normative
|    association (not including WSDL or UDDI) be limited to the
|    higher/application layer. We RECOMMEND that a
|    higher/abstract layer MAY include the privacy policy of
|    layers it is dependent upon, but that lower layers SHOULD
|    NOT represent the policies of higher layers. For example, an
|    application that transfers data with SOAP over HTTP and uses
|    cookies, SHOULD specify:
|     1. the P3P policy associated with SOAP is normative and
|        includes the HTTP cookie usage, or
|     2. there are distinct P3P policies associated with the SOAP
|        and HTTP layers.
|
|    Again, the Non-ambiguity requirement of ([P3P], section
|    2.4.1) MUST be respected, "Sites MUST be cautious in their
|    practices when they declare multiple policies for a given
|    URI, and ensure that they can actually honor all policies
|    simultaneously." Furthermore, SOAP Features ([SOAP], secion
|    1.3) states that:
|
|      The processing of SOAP envelopes in accordance with the
|      SOAP Processing Model (see 2. SOAP Processing Model) MUST
|      NOT be overridden by binding specifications. It is
|      recommended that, where practical, end-to-end features be
|      expressed as SOAP header blocks, so that the rules
|      defined by the SOAP Processing Model can be employed.

Received on Wednesday, 18 June 2003 17:38:32 UTC