W3C home > Mailing lists > Public > www-p3p-policy@w3.org > October 2000

RE: embedded include

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 3 Oct 2000 11:22:59 +0200
To: www-p3p-policy@w3.org
Message-ID: <20001003112259.B1770@rigo.inria.fr>
----- Forwarded message from Fiona Walsh <Fiona.Walsh@avenuea.com> -----

Date: Mon, 2 Oct 2000 21:29:27 -0400 (EDT)
From: Fiona Walsh <Fiona.Walsh@avenuea.com>
To: "'Lorrie Cranor'" <lorrie@research.att.com>
Cc: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org>
Old-Date: Mon, 2 Oct 2000 18:28:35 -0700 
Subject: [Moderator Action] RE: embedded include

When we work with an ad network like DoubleClick, their server gets an ad
request from a publisher, they redirect the request to our server and then
we serve the advertiser's ad. 
I imagined that the user agent would check the privacy policy for each
server that the request gets redirected to.
Is this correct?

-----Original Message-----
From: Lorrie Cranor [mailto:lorrie@research.att.com]
Sent: Monday, October 02, 2000 5:02 PM
To: Fiona Walsh; w3c-p3p-specification@w3.org
Cc: www-p3p-policy@w3.org
Subject: Re: embedded include

Note, I'm CCing this to www-p3p-policy, as the questions raised
here are the sorts of things we would like to have discussed on this

I don't know exactly how AvenueA works. If you have contracts
directly with content publishers to put embedded images
in their content to point to ads on your servers, then it would
be appropriate for you to ask those content publishers to post
a P3P policy reference file that uses embedded includes and
points to a privacy policy on the AvenueA web site. You 
could also have your own policy reference file in addition to this
(which might be useful if not all your content publishers are
ready to use P3P just yet). 

If you are supplying ads to DoubleClick and they are the ones 
who actually serve the ads and have the contracts with the
content publishers, then it would be up to DoubleClick to
take care of posting a policy reference file and/or asking content
publishers to use embedded includes. Depending on what your
arrangement is with DoubleClick, whose privacy policy would
be in effect here might vary. I could imagine scenarios where
the appropriate privacy policy is one belonging to AvenueA,
DoubleClick, or the content publisher. 


----- Original Message ----- 
From: Fiona Walsh <Fiona.Walsh@avenuea.com>
To: <w3c-p3p-specification@w3.org>
Sent: Monday, October 02, 2000 6:07 PM
Subject: Re: embedded include

> Thanks for your responses.
> I've aggregated all your input and here's the conclusion.
> Use embedded includes if;
> 1 you have a complex url layout, so it would be impractical to have one
> valid PRF on the server itself, 
> 2 the PRF file at a well know location is going to be too large or have a
> high rate of change or
> 3 you want performance optimization by eliminating the round trip.
> A 3rd party ad server like AvenueA serves ads a) direct into a publishers
> site or b) into an ad network like DoubleClick.
> Question: should a 3rd party ad server like AvenueA use "embedded
> Mark Nottingham, Akamai stated that "embedded includes" are not intended
> address situations where there were multiple levels of embedding, like ad
> services.
> However in the P3P spec., scenario 7 in section 2.5 states that the
> publisher (Bigsearch) can use a embedded include to point to the ad
> P3P policy. 
> Thoughts?
> Cheers

----- End forwarded message -----
Received on Tuesday, 3 October 2000 05:23:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:42:53 UTC