W3C home > Mailing lists > Public > public-p3p-spec@w3.org > February 2004

Re: WSDL and P3P attribute..

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Tue, 24 Feb 2004 16:33:55 -0500
Message-Id: <25E1FE32-6711-11D8-A0EC-000A95DA3F5A@cs.cmu.edu>
Cc: 'public-p3p-spec' <public-p3p-spec@w3.org>, Massimo Marchiori <massimo@w3.org>, plh@w3.org, Hugo Haas <hugo@w3.org>, W3t-Archive@W3., w3t-archive@w3.org
To: Rigo Wenning <rigo@w3.org>

I hope you are able to discuss this at the technical plenary and then 
fill the rest of us in on what conclusions you come to, if any.

I understand Rigo's perspective that the XML writer that uses the P3P 
tag should understand all possible ways this chunk of XML will be 
processed and make sure the P3P policy applies to all of them. But, if 
I were a lawyer (and I'm not, but Rigo is, so he can comment as to how 
good a lawyer I would be), I might advise my clients not to use this 
generic P3P XML tag, because in reality I cannot anticipate how this 
chunk of XML might be processed (see my example in 
I would like to have some way of saying "P3P policy X applies to chunk 
of XML Y only when Y is processed under condition Z."  I think this is 
feasible if we include an attribute that is a URI that can be used to 
specify condition Z. Then each XML application that wants to use P3P 
could establish their own URI that explains the assumptions that are 
made about what it means to process XML in that context (and presumably 
similar applications might find they could use the same assumptions).


On Feb 20, 2004, at 10:35 AM, Rigo Wenning wrote:

> We defer so many things to the policy-writer. If someone creates
> an arbitrary XML which can be processed by three different agents, he
> MUST mention all _intended_ data collection. He knows best how to deal
> with it.
> For the most common W3C-Specs, I imagine a separate Note using this
> binding and adding restrictions and some guidance -like this was done
> in the WSDL-P3P-Note[1] will help.
> Perhaps the problem is also language, as I used legal language that
> covers all of your concerns by saying 'all data collection'. We know
> exactly what 'data collection' means. The creator of XML and the 
> creator
> of agents should know what that means in terms of processing and they
> can tell the user agent via the well defined P3P policy. I don't have 
> to
> give them more details (at least not from a legal point of view, as I
> can give you an _exact_ scope out of my definitions by the usual
> hermeneutics.)
>   1. http://www.w3.org/TeamSubmission/2004/SUBM-p3p-wsdl-20040213/
> Best,
> Rigo
> On Thu, Feb 19, 2004 at 06:53:21PM -0500, Massimo Marchiori wrote:
>> Interestingly enough, just noted today's
>> "AGENDA: MONDAY 23 February P3P Spec Call"
>> http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0052.html 
>> :
>> <quote>
>> 5. P3P Generic attribute for XML applications
>> http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0019.html
>> </quote>
>> which points to a message by Lorrie Cranor (the chair, ahem...)
>> that seems to have rediscovered one of the points against the
>> "generic attribute" that I had mentioned to Philippe in our phonecall
>> chat.
>> With this, I'll silently await the next voodoo... ;)
>> Apart from jokes, we can better chat about this at the plenary too.
>> Of course, if I find the time these days I might as well reproduce
>> in email the exec summary problem analysis I gave to Philippe (if.... 
>> :( ).
>> -M
Received on Tuesday, 24 February 2004 16:33:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:02:18 UTC