- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 25 Jul 2001 07:51:58 -0400
- To: "Sebastian Kamp" <kamp@ti.informatik.uni-kiel.de>, <www-p3p-dev@w3.org>
- Cc: <www-p3p-policy@w3.org>
Sebastian Kamp wrote: > The specification says an EXPIRY element can be used in a policy. I don't see > any case in which this EXPIRY element is actually used though. We are making some other changes to the expiry stuff in the spec. I'll see if we can add an example while we're at it. > Section 2.3.2.3.1 states "The lifetime of a PRF tells user agents how long > they can rely on the claims made in the reference file.[...] All of the > policy references made in a single PRF will receive the same lifetime." > > This implies that a policy inherits its expiry date by the PRF (that > references it) anyway. So when is an EXPIRY element in a *policy* actually > read? Note that there are two lifetimes being discussed here. The life time of the *policy* and the lifetime of the *policy reference*. The lifetime of the policy reference is the legnth of time that a site is willing to commit to applying a policy that lives at a given URI to resources retrieved from a URI (or to a cookie). The lifetime of a policy is the legnth of time that a site is willing to commit to making available that policy. In practice, both of these lifetimes are used mostly to provide guidance to user agents on how long they can cache policy and policy reference files. So for example, a user agent might fetch a policy reference file with a lifetime of two days, and it in turn may reference a policy with a lifetime of two weeks. What this tells the user agent is that for the next two days if the user goes back to that same web site, the user agent need not refetch the policy reference file or the policy file. After two days is up, if the user returns to the site, the user agent will have to refetch the policy reference file. If the file fetched after two days contains a reference to the same policy as the original file, the user agent need not refetch the policy until two weeks have passed. The statement you quote in 2.3.2.3.1 is just meant to indicate that all of the <POLICY-REF> elements in a policy reference file have the same lifetime associated with them. The policies they reference could possibly all have different life times. > P.S. I sent the following message to www-p3p-policy on May 21st. Since I > didn't get any answer I would like to post it on this list once again. It is > probably just a typo-matter: > > Hello, > > I am a little confused by the following sentence in section 2.3.2.3.4: > > "1. When a policy reference file contains an EXPIRY element, and it is served > with one of the HTTP headers listed in the previous subsection 2.3.2.3.3., > the EXPIRY header takes precedence for determining the lifetime of the policy > reference file." > > I guess "EXPIRY header" is a typo, but what is actually meant then: does the > Expires header take precedence over the EXPIRY Element or the other way > around? We have decided to remove the use of HTTP headers for determining expiry, so this part of the spec is changing. In addition, we are adding the ability to put an EXPIRY element as a child of a <POLICIES> element. We hope to have a new section2.3.2.3 to send out later this week. Lorrie
Received on Wednesday, 25 July 2001 08:59:31 UTC