W3C home > Mailing lists > Public > www-p3p-dev@w3.org > March 2001

proposed changes to P3P purposes

From: Lorrie Cranor <lorrie@research.att.com>
Date: Mon, 5 Mar 2001 17:55:46 -0500
Message-ID: <015301c0a5c7$caf06140$3a06cf87@research.att.com>
To: <www-p3p-dev@w3.org>, <www-p3p-policy@w3.org>
Cc: <w3c-p3p-specification@w3.org>
The P3P specification working group is considering
some minor changes to the P3P purposes element in
a P3P policy (described in section 3.3.4 of the P3P1.0
CR specification). Here are the proposed changes:

1. Remove the "required" attribute from <current/>. It
would still apply to all the other purposes. Opt-in and
opt-out usually do not make much sense for this purpose,
so we would like to remove the attribute.

2. Remove the <customization/> purpose. We believe that
affirmative customization can be described by the
tailoring (with a small change), pseudo-decision, and
individual-decision purposes if their required fields are
set to opt-in, so customization is not needed as a
separate purpose.

3. Change the definition of <tailoring/> to the following:
"One-time Tailoring: Information may be used to tailor or modify content or
design of the site where the information is used only for a single visit to
the site and not used for any kind of future customization. For example, an
online store that suggests other items a visitor may wish to purchase based
on the items he has already placed in his shopping basket."
(Note this removes the words "not affirmatively selected by
the particular individual" from the definition)

4. Add the following paragraph to the end of
section 3.3.4:

Note, three of the purposes can be used to describe
activities related to providing customized content or
services on web sites. <tailoring/> should be used when sites
perform a customization once based on information
collected during that session and do not store information
in a profile for use in future customizations. <pseudo-decision/>
should be used when sites perform a customization based
on information about a user that is stored in a record for
that individual that is not tied to personally-identifiable
information. <individual-decision/> should be used when sites
perform a customization based on information about a user that is
stored in a record for that individual that is tied to
personally-identifiable
information.

(The above paragraph may need minor tweaking after
we clarify our terminology for identifiable and non-identifiable
information... stay tuned)

Please respond with any comments about this  proposal
by March 14.
Received on Monday, 5 March 2001 18:03:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:46 GMT