W3C home > Mailing lists > Public > public-p3p-spec@w3.org > March 2003

Re: BH: Introducing the Beyond HTTP (BH) Task Force

From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date: Fri, 21 Mar 2003 05:48:47 -0500
Message-Id: <200303211048.h2LAmlGL034219@nic-naa.net>
To: Joseph Reagle <reagle@w3.org>
cc: public-p3p-spec@w3.org, brunner@nic-naa.net

Hi Joseph,

Here are a couple of things where I've attempted to take policies that
are { similar to | derived from | stolen and wrecked | ... } P3P's and
make mechanisms other than some set of HTTP methods transport apply.

In cronological order:

	1. CPExchange, a customer profile exchange application-layer
	   protocol, with no transport binding. The DTD for this and
	   the pre-bubble bumpf are still available at

	   While no substantive work has taken place in this area since
	   late '00, aside from the obvious "bits cribbed from P3P, why
	   and how?" set of questions, there is the notion of both j19n
	   ("jurisdictionalization") and record-route.

	2. HTTP WG, an IETF WG (concluded). During the last year of the
	   WG, Dan Jaye contributed a draft that extended the Kristol,
	   Montulli draft on the state management mechanism, RFC 2965.
	   This draft has expired, but I have it (co-author). The IESG
	   published a note written by Moore and Freed (RFC 2964), on
	   the problem domain, observing that some uses of the mechanism
	   were harmful, and depricated policied cookies.

	   Parts of this draft were not adopted by anyone, e.g., use of
	   x.509 certs, but some parts were, e.g., some sort of policy
	   mark-up, in cookie headers, initially by Microsoft, circa IE
	   5.5, and simultaniously by the P3P Spec WG.

	   The draft is available via anonymous ftp from nic-naa.net.
	   The file name is draft-jaye-http-trust-state-mgt-01.txt

	3. PROVREG WG, an IETF WG (current). The problem domain defined
	   by Verisign's RRP protocol, using EBNF as the formal syntax,
	   is slightly restated in EPP, using XML as the formal syntax.

	   Neither multi-hop "onward transport", nor data collection by
	   other means, sort of between the two prior problems and their
	   solutions. Server-announced policied sessions with clients,
	   transport over TCP.

	   There is a counter-proposal to simply mark fields with a bit
	   to policy publication by WHOIS servers, and ignore any other
	   data collection policy issues. This is advanced by the IESG.

All brain-damange is the responsibility of the author, which is mostly me.

Not shown, because neither I nor anyone else wrote anything up, are any
"demark crossing" notes, inspired by attending the W3C/WAPF meeting in
Munich in late '00, and re-inspired by the webi/dci/opes (rewrite at the
edge) IETF bofs and the IRTF digital rights activity (concluded). Both
are transitive proof of correctness with intermediary rewrite rules.

Received on Friday, 21 March 2003 05:50:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:02:16 UTC