Rewritten Section 2.4.1 Non-ambiguity from Rigo Wenning on 2001-07-27 (www-p3p-dev@w3.org from July 2001)

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 27 Jul 2001 16:35:11 +0200
To: P3P Developer <www-p3p-dev@w3.org>, P3P Policy <www-p3p-policy@w3.org>
Message-ID: <20010727163511.A1999@rigo.inria.fr>

Dear all, 

We had repeated questions about section 2.4.1 Non-ambiguity.
Implementers found the section unclear and not verbose enough.
The Working Group has decided to rewrite this section:

2.4.1 Non-ambiguity

User agents need to be able to determine unambiguously what
policy applies to a given URI or cookie. Therefore, sites SHOULD
avoid declaring more than one non-expired policy for a given URI
or cookie. In some rare case sites MAY declare more than one
non-expired policy for a given URI or cookie, for example, during
a transition period when the site is changing its policy. In
those cases, the site will probably not be able to determine
reliably which policy any given user has seen, and thus it MUST
honor all policies. Sites MUST be cautious in their practices
when they declare multiple policies for a given URI or cookie,
and ensure that they can actually honor all policies
simultaneously. Because a cookie may be shared between multiple
hosts in a domain, sites should be careful to honor all policies
declared by any host that might have set the cookie.

If a policy reference file at the well-known location declares a
non-expired policy for a given URI or cookie, this policy
applies, regardless of any conflicting policy reference files
referenced through HTTP headers or HTML link tags.

If an HTTP response includes references to more than one policy
reference file, P3P user agents MUST ignore all references after
the first one.

If an HTML file includes HTML LINK tag references to more than
one policy reference file, P3P user agents MUST ignore all
references after the first one.

If a user agent discovers more than one non-expired P3P policy
for a given URI or cookie (for example because a page has both a
P3P header and a LINK tag that reference different policy
reference files, or because P3P headers for two pages on the site
reference different policy reference files that declare different
policies for the same URI), the user agent MAY assume any (or
all) of these policies apply as the site MUST honor all of them.

The updates-page[1] was updated accordingly

Best, 


Rigo Wenning            W3C/INRIA
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
+33 (0)6 73 84 87 31    F-06902 Sophia Antipolis
http://www.w3.org/


  1. http://www.w3.org/P3P/updates.html

Received on Friday, 27 July 2001 10:41:28 UTC