W3C home > Mailing lists > Public > www-p3p-policy@w3.org > October 2000

Re: embedded include

From: Lorrie Cranor <lorrie@research.att.com>
Date: Mon, 2 Oct 2000 22:54:13 -0400
Message-ID: <008501c02ce5$4293f6a0$3a06cf87@research.att.com>
To: "Fiona Walsh" <Fiona.Walsh@avenuea.com>
Cc: <www-p3p-policy@w3.org>
Correct. A P3P user agent should check for a policy 
every time it gets  a redirect.

Lorrie

----- Original Message ----- 
From: Fiona Walsh <Fiona.Walsh@avenuea.com>
To: 'Lorrie Cranor' <lorrie@research.att.com>
Cc: <www-p3p-policy@w3.org>
Sent: Monday, October 02, 2000 9:28 PM
Subject: RE: embedded include


> Lorrie,
> When we work with an ad network like DoubleClick, their server gets an ad
> request from a publisher, they redirect the request to our server and then
> we serve the advertiser's ad. 
> I imagined that the user agent would check the privacy policy for each
> server that the request gets redirected to.
> Is this correct?
> Fiona
> 
> -----Original Message-----
> From: Lorrie Cranor [mailto:lorrie@research.att.com]
> Sent: Monday, October 02, 2000 5:02 PM
> To: Fiona Walsh; w3c-p3p-specification@w3.org
> Cc: www-p3p-policy@w3.org
> Subject: Re: embedded include
> 
> 
> Note, I'm CCing this to www-p3p-policy, as the questions raised
> here are the sorts of things we would like to have discussed on this
> list.
> 
> I don't know exactly how AvenueA works. If you have contracts
> directly with content publishers to put embedded images
> in their content to point to ads on your servers, then it would
> be appropriate for you to ask those content publishers to post
> a P3P policy reference file that uses embedded includes and
> points to a privacy policy on the AvenueA web site. You 
> could also have your own policy reference file in addition to this
> (which might be useful if not all your content publishers are
> ready to use P3P just yet). 
> 
> If you are supplying ads to DoubleClick and they are the ones 
> who actually serve the ads and have the contracts with the
> content publishers, then it would be up to DoubleClick to
> take care of posting a policy reference file and/or asking content
> publishers to use embedded includes. Depending on what your
> arrangement is with DoubleClick, whose privacy policy would
> be in effect here might vary. I could imagine scenarios where
> the appropriate privacy policy is one belonging to AvenueA,
> DoubleClick, or the content publisher. 
> 
> Lorrie
> 
> ----- Original Message ----- 
> From: Fiona Walsh <Fiona.Walsh@avenuea.com>
> To: <w3c-p3p-specification@w3.org>
> Sent: Monday, October 02, 2000 6:07 PM
> Subject: Re: embedded include
> 
> 
> > Thanks for your responses.
> > 
> > I've aggregated all your input and here's the conclusion.
> > Use embedded includes if;
> > 1 you have a complex url layout, so it would be impractical to have one
> > valid PRF on the server itself, 
> > 2 the PRF file at a well know location is going to be too large or have a
> > high rate of change or
> > 3 you want performance optimization by eliminating the round trip.
> > 
> > A 3rd party ad server like AvenueA serves ads a) direct into a publishers
> > site or b) into an ad network like DoubleClick.
> > Question: should a 3rd party ad server like AvenueA use "embedded
> includes"?
> > Mark Nottingham, Akamai stated that "embedded includes" are not intended
> to
> > address situations where there were multiple levels of embedding, like ad
> > services.
> > However in the P3P spec., scenario 7 in section 2.5 states that the
> > publisher (Bigsearch) can use a embedded include to point to the ad
> servers
> > P3P policy. 
> > Thoughts?
> > 
> > Cheers
> > 
> > 
> 
Received on Monday, 2 October 2000 22:58:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:07 UTC