W3C home > Mailing lists > Public > www-p3p-policy@w3.org > October 2000

RE: embedded include

From: Fiona Walsh <Fiona.Walsh@avenuea.com>
Date: Tue, 3 Oct 2000 12:11:33 -0700
Message-ID: <55449838504DD411A7A300508BDC963F349C97@SEAEXCH03>
To: "'Lorrie Cranor'" <lorrie@research.att.com>
Cc: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org>
Thanks for your response.

One more question on redirects:
Akamai acts as an agent for AVEA by serving content on our behalf.

When AVEA serves content directly into a publisher's site, the user agent
checks the AVEA privacy policy for that piece of content. 
Then the AVEA server sends a 304 redirect (to the Akamai server) to the user
agent, then Akamai serves the content to the user agent.
What privacy policies apply to the content hosted by Akamai? AVEAs, Akamais,
none as the user agent has already checked the AVEA policy that applies to
the content, and Akamai is covered by this as they are AVEA's agent.

Thanks again

-----Original Message-----
From: Lorrie Cranor [mailto:lorrie@research.att.com]
Sent: Monday, October 02, 2000 7:54 PM
To: Fiona Walsh
Cc: www-p3p-policy@w3.org
Subject: Re: embedded include

Correct. A P3P user agent should check for a policy 
every time it gets  a redirect.


----- Original Message ----- 
From: Fiona Walsh <Fiona.Walsh@avenuea.com>
To: 'Lorrie Cranor' <lorrie@research.att.com>
Cc: <www-p3p-policy@w3.org>
Sent: Monday, October 02, 2000 9:28 PM
Subject: RE: embedded include

> Lorrie,
> When we work with an ad network like DoubleClick, their server gets an ad
> request from a publisher, they redirect the request to our server and then
> we serve the advertiser's ad. 
> I imagined that the user agent would check the privacy policy for each
> server that the request gets redirected to.
> Is this correct?
> Fiona
> -----Original Message-----
> From: Lorrie Cranor [mailto:lorrie@research.att.com]
> Sent: Monday, October 02, 2000 5:02 PM
> To: Fiona Walsh; w3c-p3p-specification@w3.org
> Cc: www-p3p-policy@w3.org
> Subject: Re: embedded include
> Note, I'm CCing this to www-p3p-policy, as the questions raised
> here are the sorts of things we would like to have discussed on this
> list.
> I don't know exactly how AvenueA works. If you have contracts
> directly with content publishers to put embedded images
> in their content to point to ads on your servers, then it would
> be appropriate for you to ask those content publishers to post
> a P3P policy reference file that uses embedded includes and
> points to a privacy policy on the AvenueA web site. You 
> could also have your own policy reference file in addition to this
> (which might be useful if not all your content publishers are
> ready to use P3P just yet). 
> If you are supplying ads to DoubleClick and they are the ones 
> who actually serve the ads and have the contracts with the
> content publishers, then it would be up to DoubleClick to
> take care of posting a policy reference file and/or asking content
> publishers to use embedded includes. Depending on what your
> arrangement is with DoubleClick, whose privacy policy would
> be in effect here might vary. I could imagine scenarios where
> the appropriate privacy policy is one belonging to AvenueA,
> DoubleClick, or the content publisher. 
> Lorrie
> ----- Original Message ----- 
> From: Fiona Walsh <Fiona.Walsh@avenuea.com>
> To: <w3c-p3p-specification@w3.org>
> Sent: Monday, October 02, 2000 6:07 PM
> Subject: Re: embedded include
> > Thanks for your responses.
> > 
> > I've aggregated all your input and here's the conclusion.
> > Use embedded includes if;
> > 1 you have a complex url layout, so it would be impractical to have one
> > valid PRF on the server itself, 
> > 2 the PRF file at a well know location is going to be too large or have
> > high rate of change or
> > 3 you want performance optimization by eliminating the round trip.
> > 
> > A 3rd party ad server like AvenueA serves ads a) direct into a
> > site or b) into an ad network like DoubleClick.
> > Question: should a 3rd party ad server like AvenueA use "embedded
> includes"?
> > Mark Nottingham, Akamai stated that "embedded includes" are not intended
> to
> > address situations where there were multiple levels of embedding, like
> > services.
> > However in the P3P spec., scenario 7 in section 2.5 states that the
> > publisher (Bigsearch) can use a embedded include to point to the ad
> servers
> > P3P policy. 
> > Thoughts?
> > 
> > Cheers
> > 
> > 
Received on Tuesday, 3 October 2000 15:12:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:42:53 UTC