W3C home > Mailing lists > Public > www-p3p-dev@w3.org > April 2006

Re: Help me!!!!

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 19 Apr 2006 12:55:18 +0200
To: "Nguyen Viet Ha" <HaNV@fsoft.com.vn>
Cc: www-p3p-dev@w3.org
Message-Id: <200604191255.19442@rigo>
Am Wednesday 19 April 2006 12:09, sprach Nguyen Viet Ha:
> Is there any chance that P3P compact policy headers could be added to
> the site as part of this work? It basically involves adding a single
> HTTP header to each page as it is served out which says something like:
>
> P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

As I said in my previous email. This is only the compact header. It can't 
stand alone and there MUST be a full policy for conformance with the P3P 
Specification. This can be done using the well-known location 
($DOCUMENTROOT/w3c/p3p.xml) or by adding the location of the Policy Reference 
File to the P3P Header:

P3P: policyref="http://www.w3.org/2001/05/P3P/p3p.xml" CP="...."

> I attempt to verify whether a simple line of code in a header would
> solve cookie issues.

It is dangerous to do "make IE happy" policies as this might engage your 
liability. In fact, if the real data handling practices differ from the 
policy announced, this might be considered lying and can trigger liability. 
>
> Can a compact policy statement code in a header stand alone as the
> privacy policy in an application, or it will need the other XML and text
> policies to reference to?

It needs the other info to display the policy correctly to the user. AND the 
server MUST have the XML policy to claim conformance to P3P. 

Best, 

-- 
Rigo Wenning            W3C/ERCIM
Staff Counsel           Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis


Received on Wednesday, 19 April 2006 10:57:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:48 GMT