W3C home > Mailing lists > Public > public-p3p-spec@w3.org > May 2003

Re: [BH] First (Very Rought) Outline of Beyond HTTP

From: Joseph Reagle <reagle@w3.org>
Date: Thu, 15 May 2003 17:22:02 -0400
To: Patrick.Hung@csiro.au, public-p3p-spec@w3.org
Message-Id: <200305151722.02921.reagle@w3.org>

On Thursday 15 May 2003 03:20, Patrick.Hung@csiro.au wrote:
> Hi Joseph, Based on the Registrar2Registry example discussed so far, I
> simply create the SOAP messages as follows:

Ok! Various tweaks to those files are now included in 
  http://www.w3.org/P3P/2003/p3p-beyond-http/Overview.html
  new revision: 1.12
I've also done some re-org, and make sure that all XML is well-formed, and 
most all of it is valid as well -- just haven't check the SOAP messages.

> Again we are trying to introduce an extensible element for SOAP header,
> or you have any other idea.

Not sure, in your message I would read that header as the registrar 
(service) representing the policy associated with data (*transfer* along 
the SOAP exchange) to the registry (recipient service). (There's also a 
question of how the registrar knows the registry's policy which I want to 
explore a little further -- it can be out of band, I just want to document 
the issue)  But in order.xml I included the Privacy element as a child of 
the OrderInfo element, so it's like a "tag" associated with the data (at 
the application layer) for clarity. What does it mean when such a tag is 
provided in a SOAP header versus the actual application data? (We need to 
dig into the semantics of a SOAP envelope.)

> Once we have all these protocols, we can start to discuss about the
> issues of intermediaries and
> ltimate SOAP receiver for the section "Transferring to a third party."

From the reorg perhaps you can see that I wasn't planning on introducing 
another party... Granted, the present scenario isn't a proper "SOAP 3-way 
intermediary" because our first leg was mediated by XForms/HTTP, but I 
think that's ok. The important thing for me is to explore the three 
questions:
1. The Scope of the P3P Service Provider and Recipients (given their P3P 1.0 
definitions.
2. The Scope of Layers and Bindings (HTTP and SOAP) -- I'm pretty confident 
we've ruled WSDL and UDDI as orthogonal/optional.
3. This question of should a privacy "taggit" be in the SOAP header, or with 
the application data, or both? (I don't think "taggit" is a word, but a 
while ago I heard that gunpowder has little identifying particles in it 
that can be used with forensics, and I remembered someone proposing that 
the policy should also "follow" the solicited data. I just can't remember 
the name."

How's that sound? And yes, we've made great progress, we're approaching the 
point where it'd be good to explore the scenario with a web service guru 
who could tell us how confused we are. <smile/>
Received on Thursday, 15 May 2003 17:23:33 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:24 EST