Problems with the P3P Schema from Giles Hogben on 2004-09-21 (public-p3p-spec@w3.org from September 2004)

From: Giles Hogben <giles.hogben@jrc.it>
Date: Tue, 21 Sep 2004 17:20:34 +0200
To: <public-p3p-spec@w3.org>
Message-ID: <000101c49fee$8a483f80$362abf8b@cs.jrc.it>

Hi,
A couple of important points arising from trying to finalize the Data Schema
Stuff

1. I would like to propose that we make the Base Data Schema Definition a
self contained section of the spec - i.e. that we move sections 3.3.7 and
3.4 to within the new Data Schema definition.

2. In attempting to finalise the Base Data Schema using XML Schema, Rigo and
I have discovered that the P3P XML Schema (Normative :)) **appears to be
broken**.

In particular:

<!-- *********** STATEMENT ************ -->
 <element name='STATEMENT'>
  <complexType>
   <sequence>
    <element ref='p3p:EXTENSION' minOccurs='0' maxOccurs='unbounded'/>
    <element name='CONSEQUENCE' minOccurs='0' type='string'/>
    <choice>
     <sequence>
      <element ref='p3p:PURPOSE'/>
      <element ref='p3p:RECIPIENT'/>
      <element ref='p3p:RETENTION'/>
   ***   <element name='DATA-GROUP' type='p3p:data-group-type'
maxOccurs='unbounded'/>  ****
     </sequence>
     <sequence>
      <element name='NON-IDENTIFIABLE'/>
      <element ref='p3p:PURPOSE' minOccurs='0'/>
      <element ref='p3p:RECIPIENT' minOccurs='0'/>
      <element ref='p3p:RETENTION' minOccurs='0'/>
      <element name='DATA-GROUP' type='p3p:data-group-type' minOccurs='0'
maxOccurs='unbounded'/>
     </sequence>
    </choice>
    <element ref='p3p:EXTENSION' minOccurs='0' maxOccurs='unbounded'/>
   </sequence>
  </complexType>
 </element>

Data Group is defined "locally" (i.e. not globally). In doing so, it
A. Does not define its allowed  children, and in particular no extension
element.
B. Does not define any semantic equivalence with the data-group element used
under entity (which is also locally defined).

This is a problem not only for the XML BDS but as far as I can see, it
should mean that no real P3P policy would validate against the schema. IMHO
- it should be fixed before 1.1. esp if the schema is THE normative
definition. We should also rationalize this with our backward compatibility
requirements.

There may be other errors. We need to take a real policy and make sure it
really does validate with a schema validator (has someone already tried
this?).

Giles

Received on Tuesday, 21 September 2004 15:20:33 UTC