W3C home > Mailing lists > Public > www-p3p-dev@w3.org > March 2004

Re: Implementing P3P policy for on-line surveys.

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Wed, 31 Mar 2004 10:36:40 -0500
Message-Id: <343FB288-8329-11D8-8624-000A95DA3F5A@cs.cmu.edu>
Cc: www-p3p-dev@w3.org
To: Olga Veksler <Olga.Veksler@foreseeresults.com>

Is there some section of this URL that could be used to identify the  
client and therefore which privacy policy applies? You can use  
wildcards in your PRF to identify the relevant set of URLS
(for example: survey/StandardTemplate5.jsp?*TESTDmfDolv*)

If there is not currently something in the URL already that would  
identify the policy, you could add a field to the URL for that purpose,  
for example add at the end P3PID=0001

Also, you may be able to put your policy reference file at the  
well-known location and using the embedded link tag may not be  
necessary.

Lorrie


On Mar 31, 2004, at 10:20 AM, Olga Veksler wrote:

> The problem is that the surveys are not stored as files but are  
> dynamically generated.  There are practically thousands of different  
> URLs which look something like this:
> http://www.foreseeresults.com/survey/StandardTemplate5.jsp? 
> pid=TESTEQrABfBtH9A7GnYHqZ4h0A%3D%3D&mid=TESTDmfDolvf024OKsDeocA%3D%3D& 
> width=420&height=500&alt_width=580&alt_height=500&omb=1505-0186
>
> The urls are being build on the fly.  Apache server does not know the  
> URL so it won't be able to capture it.
>
>
> _______________
>
> Olga Veksler
> Developer
>
> ForeSee Results
> 2929 Plymouth Rd. Suite 220
> Ann Arbor, MI  48105
> Olga.Veksler@ForeSeeResults.com
> www.ForeSeeResults.com
>
> phone:   734-205-2578
> fax:       734-205-2601
>
>
>
> -----Original Message-----
> From: Lorrie Cranor [mailto:lorrie@cs.cmu.edu]
> Sent: Tuesday, March 30, 2004 10:21 PM
> To: Olga Veksler
> Cc: www-p3p-dev@w3.org
> Subject: Re: Implementing P3P policy for on-line surveys.
>
>
> You can have a single policy reference file that includes multiple
> POLICY-REF elements. Each POLICY-REF element associates a specific URL
> (or sets of URLs) with a policy. So, assuming your surveys each have a
> unique URL, you should be able to apply a separate policy to each one.
>
> Lorrie
>
> On Mar 22, 2004, at 4:14 PM, Olga Veksler wrote:
>
>>
>> Hello,
>>
>> Our company is conducting surveys for different web sites.  Our
>> surveys are usually presented on our clients' web sites as pop-up
>> windows.   Surveys are dynamically generated and are not stored as
>> files.  We are trying to make the surveys p3p compliant.  We think
>> that we can implement p3p policy by placing an embedded link tag on
>> our surveys.  The problem is that we collect different types of
>> information depending on the customer.  So for different customers we
>> would like to implement different policies.  I understand that we can
>> create as many policies as we want, but should there be only one
>> reference file?  In the embedded link we are supposed to reference our
>> policy reference file then how would I specify which policy to use.
>>
>> Please advise on how to implement p3p for our on-line surveys.
>>
>> Thank you,
>>
>> Olga Veksler
>>
>>
>>
>>
>> _______________
>>
>> Olga Veksler
>> Developer
>>
>> ForeSee Results
>> 2929 Plymouth Rd. Suite 220
>> Ann Arbor, MI  48105
>> Olga.Veksler@ForeSeeResults.com
>> www.ForeSeeResults.com
>>
>> phone:   734-205-2578
>> fax:       734-205-2601
>>
>>
>>
> --
> Lorrie Faith Cranor <http://lorrie.cranor.org/>
> (Note, as of Dec 2003 I'm at Carnegie Mellon University)
> P3P Specification Working Group Chair <http://www.w3.org/p3p/>
> Book: Web Privacy with P3P <http://p3pbook.com/>
>
Received on Wednesday, 31 March 2004 10:38:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:47 GMT