W3C home > Mailing lists > Public > www-p3p-dev@w3.org > November 2005

Re: User Agent Header Problem

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 30 Nov 2005 15:04:31 +0100
To: Scott Wagner <scottietrek@alltel.net>
Cc: www-p3p-dev@w3.org
Message-Id: <200511301504.32731.rigo@w3.org>
Scott, 

I still think you have some wrong expectations with respect to the P3P 
Protocol. This is all described in section 2 of the P3P 1.0 
Specification: http://www.w3.org/TR/P3P/

So your first misunderstanding is that you seem to assume that you can 
tell yahoo how to use your information. This is not the paradigm of 
P3P. In P3P, it is on yahoo to tell you what they will do with the data 
and it is on you to accept that or surf elsewhere. So you can base your 
decision (go/block) on the P3P data that you received from yahoo or 
just continue the http GET interaction and disregard the whole P3P 
information given in the header. 

The P3P protocol is kind of passive (for privacy reasons). This means 
that the service (yahoo in your example) will announce its privacy 
practices using the P3P format. There are two formats (both implemented 
by yahoo) one being the compact format. But if you analyze the header, 
you'll see that there is also a link to the Policy reference file 
indicating the policy for yahoo in full XML. In those files but also in 
the tokens, yahoo tells you what they will do if you give them your 
name or email-address. 

Their policy is actually not very fine grained. They tell in this policy 
that they collect everything and that they give it away to everybody 
and that they identify you. 

So next step in this exchange would be that you tell us what you want to 
try to achieve. This way we can help you with the P3P part of it. Just 
to fetch a page, you won't need P3P. You need P3P if you want to base 
your decisions whether to accept cookies or continue surfing on the P3P 
metadata given by a service. And no, you don't need to send any P3P 
information/strings back to the yahoo server

Best, 

Rigo Wenning
Privacy Activity Lead

Am Wednesday 30 November 2005 05:25 verlautbarte Scott Wagner :
> Ok Jeff was a help in the fact the he helped me get my problem in
> order. I  am writing a program(That will Mimic IE 6) that will be P3P
> compliant. problem Example:
>
> I go to http://www.yahoo.com/ before i get the page the yahoo server
> asks me for my Privacy Policy in Compact Policies format. ie(Server
> header: P3P=policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP
> COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi
> OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL
> HEA PRE GOV") Now i need to know the header format for the return of
> my privacy policy In CP format.
>

Received on Wednesday, 30 November 2005 14:05:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:48 GMT