W3C home > Mailing lists > Public > public-p3p-spec@w3.org > May 2004

Re: P3P Generic Attribute for XML Applications

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 4 May 2004 18:45:17 +0200
To: public-p3p-spec@w3.org
Cc: Lorrie Cranor <lorrie@cs.cmu.edu>, Mark Nottingham <mark.nottingham@bea.com>
Message-Id: <200405041845.17273.rigo@w3.org>
Am Monday 03 May 2004 20:34 verlautbarte Lorrie Cranor :
> >
> >> P3P 1.0 was designed to associate XML-encoded privacy policies with 
> >> URIs,  sets of URIs, or cookies. P3P 1.0 it well suited for use with 
> >> HTML  and XHTML content transmitted over [HTTP] .
> >
> > I think this would be better stated as:
> >
> >> P3P 1.0 was designed to associate XML-encoded privacy policies with 
> >> data submitted to Web resources, which are identified by URIs or 
> >> bound to cookies.
> 
> I think the word "submitted" is too limiting, as P3P also covers log 
> data that is created as a result of a transaction but might not really 

we associate some URI with a certain privacy behavior, NOT with data. 
As Lorrie said, some of the data is generated directly over there:

P3P 1.0 was designed to associate XML-encoded privacy 
policies with URI's describing the privacy impact of the Web 
resources behind those URI's.

Talking about "data" is too dangerous IMHO as people will 
mix that up with the data schemata in the policy.. This is NOT 
what we mean. We can describe the data in the POST, as 
we have a data schema for that. The violation of attaching 
a P3P Policy to a set of data happens on the protocol level.

"I send a policy over the wire to force someone to apply it" is
is what we want to avoid.

Best, 

Rigo

Received on Tuesday, 4 May 2004 13:14:03 EDT

This archive was generated by hypermail pre-2.1.9 : Tuesday, 4 May 2004 13:14:04 EDT