W3C home > Mailing lists > Public > public-p3p-spec@w3.org > March 2004

Re: alternate domain relationships proposal

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Wed, 17 Mar 2004 10:57:16 -0500
Message-Id: <C3606C11-782B-11D8-BEA7-000A95DA3F5A@cs.cmu.edu>
Cc: 'Humphrey Jack' <JHumphrey@coremetrics.com>, 'public-p3p-spec' <public-p3p-spec@w3.org>
To: Giles Hogben <giles.hogben@jrc.it>

Yes, I'm sure that was the intention of the WG.... we spent many, many  
hours discussing this point. (And you would think we would have managed 
to come up with a non-ambiguous way of saying it...)

Lorrie


On Mar 17, 2004, at 10:53 AM, Giles Hogben wrote:

> Do you think this was the intention of the WG?
>
>> **-----Original Message-----
>> **From: public-p3p-spec-request@w3.org
>> **[mailto:public-p3p-spec-request@w3.org] On Behalf Of Lorrie Cranor
>> **Sent: 17 March 2004 16:41
>> **To: Giles Hogben
>> **Cc: 'Humphrey Jack'; 'public-p3p-spec'
>> **Subject: Re: alternate domain relationships proposal
>> **
>> **
>> **
>> **I think the problem is the ambiguity of the word "it" in the
>> **sentence:
>> **
>> **> A policy referenced in a policy reference file can be
>> **applied only to
>> **> URIs
>> **> on the DNS (Domain Name System) host that references it.
>> **
>> **We have been interpreting this sentence to mean:
>> **
>> **A policy referenced in a policy reference file can be
>> **applied only to
>> **URIs
>> **on the DNS (Domain Name System) host that references the policy
>> **reference file.
>> **
>> **Thus in Jack's example, if forinstance.com returns a P3P header, the
>> **policy reference file it references gets applied to
>> **forinstance.com. I
>> **am pretty sure that is how it has been implemented in IE6,
>> **Netscape7,
>> **and PrivacyBird.
>> **
>> **Lorrie
>> **
>> **
>> **
>> **On Mar 17, 2004, at 3:58 AM, Giles Hogben wrote:
>> **
>> **>
>> **> There seems to be something wrong with the initial argument:
>> **>
>> **> The existing P3P spec says:
>> **>
>> **> "A policy referenced in a policy reference file can be
>> **applied only to
>> **> URIs
>> **> on the DNS (Domain Name System) host that references it. Thus, for
>> **> example,
>> **> a policy reference file at the well-known location of host
>> **> www.example.com
>> **> can apply policies only to resources on www.example.com."
>> **>
>> **> So when you say
>> **>
>> **> "forinstance.com is configured to return the HTTP header
>> **>
>> **>     P3P: policyref="http://www.example.com/w3c/p3p.xml"
>> **>
>> **> This policyref can only apply to files on www.example.com
>> **>
>> **> Have I missed something in this discussion?
>> **>
>> **>
>> **>> **-----Original Message-----
>> **>> **From: public-p3p-spec-request@w3.org
>> **>> **[mailto:public-p3p-spec-request@w3.org] On Behalf Of
>> **Humphrey, Jack
>> **>> **Sent: 17 March 2004 07:48
>> **>> **To: 'public-p3p-spec'
>> **>> **Subject: alternate domain relationships proposal
>> **>> **
>> **>> **
>> **>> **Based on our discussion last week, here is a draft of an
>> **>> **alternate proposal for a new "our-host" extension element
>> **>> **(renamed to distinguish from the previous proposal's
>> **>> **"known-host") with a different semantic meaning. Also
>> ****included is
>> **>> an extension to the compact policy P3P header to
>> ****support the same
>> **>> mechanism for compact policies.
>> **>> **
>> **>> **Please review this new proposal and compare to the previous
>> **>> **proposal. Is it more straightforward? Might it be less
>> ****confusing
>> **>> for implementers and user agent developers?
>> **>> **
>> **>> **Thanks. I will probably be late to the call and may have **some
>> **>> trouble participating verbally, as I will be coming
>> ****from a dental
>> **>> appointment.
>> **>> **
>> **>> **++Jack++
>> **>> **
>> **>> **
>> **>
>> **
>> **
>
Received on Wednesday, 17 March 2004 11:00:58 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 17 March 2004 17:46:30 EST