W3C home > Mailing lists > Public > www-p3p-dev@w3.org > July 2001

Re: expiry date in policy / section 2.3.2.3.4

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 25 Jul 2001 07:51:58 -0400
Message-ID: <03b001c11500$3648ab80$3a06cf87@research.att.com>
To: "Sebastian Kamp" <kamp@ti.informatik.uni-kiel.de>, <www-p3p-dev@w3.org>
Cc: <www-p3p-policy@w3.org>
Sebastian Kamp wrote:

> The specification says an EXPIRY element can be used in a policy. I don't
see
> any case in which this EXPIRY element is actually used though.

We are making some other changes to the expiry stuff in the spec. I'll
see if we can add an example while we're at it.

> Section 2.3.2.3.1 states "The lifetime of a PRF tells user agents how long
> they can rely on the claims made in the reference file.[...] All of the
> policy references made in a single PRF will receive the same lifetime."
>
> This implies that  a policy inherits its expiry date by the PRF (that
> references it) anyway. So when is an EXPIRY element in a *policy* actually
> read?

Note that there are two lifetimes being discussed here. The life time
of the *policy* and the lifetime of the *policy reference*.
The lifetime of the policy reference is the legnth of time that
a site is willing to commit to applying a policy that lives at a given
URI to resources retrieved from a URI (or to a cookie). The lifetime
of a policy is the legnth of time that a site is willing to commit to
making available that policy. In practice, both of these lifetimes
are used mostly to provide guidance to user agents on how long
they can cache policy and policy reference files. So for example,
a user agent might fetch a policy reference file with a lifetime of two
days,
and it in turn may reference a policy with a lifetime of two weeks. What
this tells the user agent is that for the next two days if the user goes
back to that same web site, the user agent need not refetch the
policy reference file or the policy file. After two days is up, if the user
returns to the site, the user agent will have to refetch the policy
reference file. If the file fetched after two days contains a reference
to the same policy as the original file, the user agent need not refetch
the policy until two weeks have passed.

The statement you quote in 2.3.2.3.1 is just meant to indicate that
all of the <POLICY-REF> elements in a policy reference file have
the same lifetime associated with them. The policies they reference
could possibly all have different life times.

> P.S. I sent the following message to www-p3p-policy on May 21st. Since I
> didn't get any answer I would like to post it on this list once again. It
is
> probably just a typo-matter:
>
> Hello,
>
> I am a little confused by the following sentence in section 2.3.2.3.4:
>
> "1. When a policy reference file contains an EXPIRY element, and it is
served
> with one of the HTTP headers listed in the previous subsection 2.3.2.3.3.,
> the EXPIRY header takes precedence for determining the lifetime of the
policy
> reference file."
>
> I guess "EXPIRY header" is a typo, but what is actually meant then: does
the
> Expires header take precedence over the EXPIRY Element or the other way
> around?

We have decided to remove the use of HTTP headers for determining
expiry, so this part of the spec is changing. In addition, we are adding
the ability to put an EXPIRY element as a child of a <POLICIES> element.
We hope to have a new section2.3.2.3 to send out later this week.

Lorrie
Received on Wednesday, 25 July 2001 08:59:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:47 GMT