W3C home > Mailing lists > Public > www-p3p-dev@w3.org > November 2005

Cleint P3P Problem

From: Scott Wagner <scottietrek@alltel.net>
Date: Wed, 30 Nov 2005 10:47:30 -0600
Message-Id: <9AE2D0E0-AAC5-4DB7-8165-334643BCD93B@alltel.net>
To: www-p3p-dev@w3.org


Ok I get it so what do you do when there is a set cookie in the P3P.  
How does the Client get the cookie from the server in P3P. I have  
read alot of info on this but your explanation was the best. I just  
would like to know what the Client does to get the cookie from the  
P3P portion of this. Yahoo is not just the example but the reason I  
am writing my software. P3P cookies are becoming more and more  
popular. With that in mind Software developers will need to know how  
to handle the P3P cookie. So if so one could let me know what in the  
code. How the client handles P3P that would be great.


Thank You
Scott Wagner

On Nov 30, 2005, at 8:04 AM, Rigo Wenning wrote:


> Scott,
>
> I still think you have some wrong expectations with respect to the P3P
> Protocol. This is all described in section 2 of the P3P 1.0
> Specification: http://www.w3.org/TR/P3P/
>
> So your first misunderstanding is that you seem to assume that you can
> tell yahoo how to use your information. This is not the paradigm of
> P3P. In P3P, it is on yahoo to tell you what they will do with the  
> data
> and it is on you to accept that or surf elsewhere. So you can base  
> your
> decision (go/block) on the P3P data that you received from yahoo or
> just continue the http GET interaction and disregard the whole P3P
> information given in the header.
>
> The P3P protocol is kind of passive (for privacy reasons). This means
> that the service (yahoo in your example) will announce its privacy
> practices using the P3P format. There are two formats (both  
> implemented
> by yahoo) one being the compact format. But if you analyze the header,
> you'll see that there is also a link to the Policy reference file
> indicating the policy for yahoo in full XML. In those files but  
> also in
> the tokens, yahoo tells you what they will do if you give them your
> name or email-address.
>
> Their policy is actually not very fine grained. They tell in this  
> policy
> that they collect everything and that they give it away to everybody
> and that they identify you.
>
> So next step in this exchange would be that you tell us what you  
> want to
> try to achieve. This way we can help you with the P3P part of it. Just
> to fetch a page, you won't need P3P. You need P3P if you want to base
> your decisions whether to accept cookies or continue surfing on the  
> P3P
> metadata given by a service. And no, you don't need to send any P3P
> information/strings back to the yahoo server
>
> Best,
>
> Rigo Wenning
> Privacy Activity Lead
>
> Am Wednesday 30 November 2005 05:25 verlautbarte Scott Wagner :
>
>
>> Ok Jeff was a help in the fact the he helped me get my problem in
>> order. I  am writing a program(That will Mimic IE 6) that will be P3P
>> compliant. problem Example:
>>
>> I go to http://www.yahoo.com/ before i get the page the yahoo server
>> asks me for my Privacy Policy in Compact Policies format. ie(Server
>> header: P3P=policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP
>> COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi
>> OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL
>> HEA PRE GOV") Now i need to know the header format for the return of
>> my privacy policy In CP format.
>>
>>
>
>
Received on Wednesday, 30 November 2005 16:47:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:48 GMT