- From: Giles Hogben <giles.hogben@jrc.it>
- Date: Wed, 17 Mar 2004 16:53:12 +0100
- To: "'Lorrie Cranor'" <lorrie@cs.cmu.edu>
- Cc: "'Humphrey Jack'" <JHumphrey@coremetrics.com>, "'public-p3p-spec'" <public-p3p-spec@w3.org>
Do you think this was the intention of the WG? >**-----Original Message----- >**From: public-p3p-spec-request@w3.org >**[mailto:public-p3p-spec-request@w3.org] On Behalf Of Lorrie Cranor >**Sent: 17 March 2004 16:41 >**To: Giles Hogben >**Cc: 'Humphrey Jack'; 'public-p3p-spec' >**Subject: Re: alternate domain relationships proposal >** >** >** >**I think the problem is the ambiguity of the word "it" in the >**sentence: >** >**> A policy referenced in a policy reference file can be >**applied only to >**> URIs >**> on the DNS (Domain Name System) host that references it. >** >**We have been interpreting this sentence to mean: >** >**A policy referenced in a policy reference file can be >**applied only to >**URIs >**on the DNS (Domain Name System) host that references the policy >**reference file. >** >**Thus in Jack's example, if forinstance.com returns a P3P header, the >**policy reference file it references gets applied to >**forinstance.com. I >**am pretty sure that is how it has been implemented in IE6, >**Netscape7, >**and PrivacyBird. >** >**Lorrie >** >** >** >**On Mar 17, 2004, at 3:58 AM, Giles Hogben wrote: >** >**> >**> There seems to be something wrong with the initial argument: >**> >**> The existing P3P spec says: >**> >**> "A policy referenced in a policy reference file can be >**applied only to >**> URIs >**> on the DNS (Domain Name System) host that references it. Thus, for >**> example, >**> a policy reference file at the well-known location of host >**> www.example.com >**> can apply policies only to resources on www.example.com." >**> >**> So when you say >**> >**> "forinstance.com is configured to return the HTTP header >**> >**> P3P: policyref="http://www.example.com/w3c/p3p.xml" >**> >**> This policyref can only apply to files on www.example.com >**> >**> Have I missed something in this discussion? >**> >**> >**>> **-----Original Message----- >**>> **From: public-p3p-spec-request@w3.org >**>> **[mailto:public-p3p-spec-request@w3.org] On Behalf Of >**Humphrey, Jack >**>> **Sent: 17 March 2004 07:48 >**>> **To: 'public-p3p-spec' >**>> **Subject: alternate domain relationships proposal >**>> ** >**>> ** >**>> **Based on our discussion last week, here is a draft of an >**>> **alternate proposal for a new "our-host" extension element >**>> **(renamed to distinguish from the previous proposal's >**>> **"known-host") with a different semantic meaning. Also >****included is >**>> an extension to the compact policy P3P header to >****support the same >**>> mechanism for compact policies. >**>> ** >**>> **Please review this new proposal and compare to the previous >**>> **proposal. Is it more straightforward? Might it be less >****confusing >**>> for implementers and user agent developers? >**>> ** >**>> **Thanks. I will probably be late to the call and may have **some >**>> trouble participating verbally, as I will be coming >****from a dental >**>> appointment. >**>> ** >**>> **++Jack++ >**>> ** >**>> ** >**> >** >**
Received on Wednesday, 17 March 2004 10:55:06 UTC