W3C home > Mailing lists > Public > public-p3p-spec@w3.org > March 2004

proposal to add grouping mechanism to CP

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Fri, 19 Mar 2004 22:45:20 -0500
Message-Id: <028580F4-7A21-11D8-B694-000A95DA3F5A@cs.cmu.edu>
To: 'public-p3p-spec' <public-p3p-spec@w3.org>

Based on our discussion on the last call, here is my proposal to add a 
grouping mechanism to CPs and to clarify that CPs are to be used only 
as hints.


Section 4 of the latest p3p1.1 wd
http://www.w3.org/TR/2004/WD-P3P11-20040210/#compact_policies
describes compact policies.

The first paragraph of 4. currently states:

   Compact policies are summarized P3P policies that provide hints to
   user agents to enable the user agent to make quick, synchronous
   decisions about applying policy. Compact policies are a performance
   optimization that is OPTIONAL for either user agents or servers. User
   agents that are unable to obtain enough information from a compact
   policy to make a decision according to a user's preferences SHOULD
   fetch the full policy.

I propose changing it to say:

Compact policies are summarized P3P policies that provide hints to
user agents to enable the user agent to make quick, synchronous
decisions about applying policy to cookies. Compact policies are a
performance optimization that is OPTIONAL for both user agents and
servers. They represent only a summary of a site's full P3P policy for
a cookie; the full P3P policy is the authoritative statement of
policy. However, a site MUST honor the commitments made in a compact
policy. User agents that are unable to obtain enough information from
a compact policy to make a decision according to a user's preferences
SHOULD fetch the full policy. In addition, user agents that display
information about a site's P3P policies to users SHOULD use the full
P3P policy as the source of this information.

I propose adding a section 4.2.10 Compact STATEMENT

The STATEMENT element is represented in compact policies using the
curly brace { } symbols. The { represents the opening STATEMENT tag
and the } represents the closing statement tag.

The syntax of the compact statement corresponds to the syntax of the
full statement. Unless it surrounds a compact NON-IDENTIFIABLE
element, each pair of braces MUST surround one compact RETENTION
element and at least one of each of the following compact elements:
PURPOSE, RECIPIENT, and CATEGORIES. Alternatively, a pair of braces
may surround a compact NON-IDENTIFIABLE element; optionally any of the
PURPOSE, RECIPIENT, and CATEGORIES elements; and optional a RETENTION
element.

A compact policy that has an improperly matching pair
of curly braces or is missing one of the required statement elements
MUST be treated as if no curly braces are present.

A compact policy may contain one or more statements. A compact policy
with no {} elements is considered to have a single implied statement
element.

[BNF]


Section 4.5, fourth paragraph, change MUST to MAY (as in "All of the
purposes, recipients, and categories that appear in multiple
statements in a full policy MAY be aggregated in a compact policy...."



Section 4.5 give two examples of valid translations. In addition to
the one currently given, add:

"NON DSP { ADM DEV PSD OUR IND PRE NAV } { IVDo OUR STP PHY PRE UNI }"



Section 4.6 Transforming a Compact Policy to a P3P Policy should be 
dropped.
Received on Friday, 19 March 2004 22:44:29 EST

This archive was generated by hypermail pre-2.1.9 : Friday, 19 March 2004 22:44:32 EST