W3C home > Mailing lists > Public > public-p3p-spec@w3.org > March 2004

Re: proposal to add grouping mechanism to CP

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Wed, 24 Mar 2004 15:23:42 -0500
Message-Id: <24BCB186-7DD1-11D8-88CE-000A95DA3F5A@cs.cmu.edu>
To: 'public-p3p-spec' <public-p3p-spec@w3.org>

Here is my revised proposal based on today's call. Please send proposed 
changes to the mailing list BEFORE next week's call. I would like to 
finish this next week.

Lorrie



Section 4 of the latest p3p1.1 wd
http://www.w3.org/TR/2004/WD-P3P11-20040210/#compact_policies
describes compact policies.

The first paragraph of 4. currently states:

   Compact policies are summarized P3P policies that provide hints to
   user agents to enable the user agent to make quick, synchronous
   decisions about applying policy. Compact policies are a performance
   optimization that is OPTIONAL for either user agents or servers. User
   agents that are unable to obtain enough information from a compact
   policy to make a decision according to a user's preferences SHOULD
   fetch the full policy.

I propose changing it to say:

Compact policies are summarized P3P policies that provide hints to
user agents to enable the user agent to make quick, synchronous
decisions about applying policy to cookies. Compact policies are a
performance optimization that is OPTIONAL for both user agents and
servers. They represent only a summary of a site's full P3P policy for
a cookie; the full P3P policy is the authoritative statement of
policy. However, a site MUST make compact policy statements in good
faith. User agents that are unable to obtain enough information from
a compact policy to make a decision according to a user's preferences
SHOULD fetch the full policy.

User agents that use compact policies as part of their decision making
MUST include a mechanism that allows users to determine that a
particular decision was made based on a compact policy and to view
that compact policy. However, user agents that provide general
information about a site's P3P policies to users MUST use the full P3P
policy and MUST NOT use the compact policy for this purpose.

I propose adding a section 4.2.10 Compact STATEMENT

The STATEMENT element is represented in compact policies using the
curly brace { } symbols. The { represents the opening STATEMENT tag
and the } represents the closing statement tag.

The syntax of the compact statement corresponds to the syntax of the
full statement. Unless it surrounds a compact NON-IDENTIFIABLE
element, each pair of braces MUST surround one compact RETENTION
element and at least one of each of the following compact elements:
PURPOSE, RECIPIENT, and CATEGORIES. Alternatively, a pair of braces
may surround a compact NON-IDENTIFIABLE element; optionally any of the
PURPOSE, RECIPIENT, and CATEGORIES elements; and optionally a RETENTION
element.

A compact policy that has an improperly matching pair
of curly braces or is missing one of the required statement elements
MUST be treated as if no curly braces are present.

A compact policy may contain one or more statements. A compact policy
with no {} elements is considered to have a single implied statement
element.

[BNF]


Section 4.5, fourth paragraph, change MUST to MAY (as in "All of the
purposes, recipients, and categories that appear in multiple
statements in a full policy MAY be aggregated in a compact policy...."



Section 4.5 give two examples of valid translations. In addition to
the one currently given, add:

"NON DSP { ADM DEV PSD OUR IND PRE NAV } { IVDo OUR STP PHY PRE UNI }"



Section 4.6 Transforming a Compact Policy to a P3P Policy should be 
dropped.
Received on Wednesday, 24 March 2004 15:25:31 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 March 2004 15:25:34 EST