W3C home > Mailing lists > Public > public-p3p-spec@w3.org > March 2004

RE: alternate domain relationships proposal

From: Giles Hogben <giles.hogben@jrc.it>
Date: Wed, 17 Mar 2004 16:53:12 +0100
To: "'Lorrie Cranor'" <lorrie@cs.cmu.edu>
Cc: "'Humphrey Jack'" <JHumphrey@coremetrics.com>, "'public-p3p-spec'" <public-p3p-spec@w3.org>
Message-ID: <00b001c40c37$f408f9a0$362abf8b@cs.jrc.it>

Do you think this was the intention of the WG?

>**-----Original Message-----
>**From: public-p3p-spec-request@w3.org 
>**[mailto:public-p3p-spec-request@w3.org] On Behalf Of Lorrie Cranor
>**Sent: 17 March 2004 16:41
>**To: Giles Hogben
>**Cc: 'Humphrey Jack'; 'public-p3p-spec'
>**Subject: Re: alternate domain relationships proposal
>**
>**
>**
>**I think the problem is the ambiguity of the word "it" in the 
>**sentence:
>**
>**> A policy referenced in a policy reference file can be 
>**applied only to
>**> URIs
>**> on the DNS (Domain Name System) host that references it.
>**
>**We have been interpreting this sentence to mean:
>**
>**A policy referenced in a policy reference file can be 
>**applied only to 
>**URIs
>**on the DNS (Domain Name System) host that references the policy 
>**reference file.
>**
>**Thus in Jack's example, if forinstance.com returns a P3P header, the 
>**policy reference file it references gets applied to 
>**forinstance.com. I 
>**am pretty sure that is how it has been implemented in IE6, 
>**Netscape7, 
>**and PrivacyBird.
>**
>**Lorrie
>**
>**
>**
>**On Mar 17, 2004, at 3:58 AM, Giles Hogben wrote:
>**
>**>
>**> There seems to be something wrong with the initial argument:
>**>
>**> The existing P3P spec says:
>**>
>**> "A policy referenced in a policy reference file can be 
>**applied only to
>**> URIs
>**> on the DNS (Domain Name System) host that references it. Thus, for 
>**> example,
>**> a policy reference file at the well-known location of host 
>**> www.example.com
>**> can apply policies only to resources on www.example.com."
>**>
>**> So when you say
>**>
>**> "forinstance.com is configured to return the HTTP header
>**>
>**>     P3P: policyref="http://www.example.com/w3c/p3p.xml"
>**>
>**> This policyref can only apply to files on www.example.com
>**>
>**> Have I missed something in this discussion?
>**>
>**>
>**>> **-----Original Message-----
>**>> **From: public-p3p-spec-request@w3.org 
>**>> **[mailto:public-p3p-spec-request@w3.org] On Behalf Of 
>**Humphrey, Jack
>**>> **Sent: 17 March 2004 07:48
>**>> **To: 'public-p3p-spec'
>**>> **Subject: alternate domain relationships proposal
>**>> **
>**>> **
>**>> **Based on our discussion last week, here is a draft of an 
>**>> **alternate proposal for a new "our-host" extension element 
>**>> **(renamed to distinguish from the previous proposal's
>**>> **"known-host") with a different semantic meaning. Also 
>****included is 
>**>> an extension to the compact policy P3P header to 
>****support the same 
>**>> mechanism for compact policies.
>**>> **
>**>> **Please review this new proposal and compare to the previous 
>**>> **proposal. Is it more straightforward? Might it be less 
>****confusing 
>**>> for implementers and user agent developers?
>**>> **
>**>> **Thanks. I will probably be late to the call and may have **some 
>**>> trouble participating verbally, as I will be coming 
>****from a dental 
>**>> appointment.
>**>> **
>**>> **++Jack++
>**>> **
>**>> **
>**>
>**
>**
Received on Wednesday, 17 March 2004 10:55:06 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:30 EST