W3C home > Mailing lists > Public > www-p3p-policy@w3.org > April 2001

Re: locating policy reference files

From: Robert Thibadeau <rht@cs.cmu.edu>
Date: Tue, 24 Apr 2001 17:01:42 -0400
Message-ID: <3AE5E9B6.867EA05A@cs.cmu.edu>
To: Sebastian Kamp <kamp@ti.informatik.uni-kiel.de>
Sebastian,
  If you get a good idea here please let us know.  I have two graduate students
working
on this problem this week and next (accidently our timing appears to be
similar).  I think
it might be nice to have a succinct solution statement from somebody who knows
more than we
do about how this might be done or have this put on
the p3p 2 agenda as a highly desirable trait.  The previous answer was not
concrete enough
(or creative enough), but if that is all we have, we'll have to make do.
 regards, Bob



Sebastian Kamp wrote:

> Hello,
>
> I have got a question regarding the different mechanisms to locate a policy
> reference file.
>
> I would very much like to find a solution that relies on wellknow-location
> like mechanisms only; the p3p user agent could fetch the policy reference
> file (that covers a certain URI) *before* it sends the actual request to the
> webserver.
>
> This would avoid safe zone practices in the first place and
> - reduce software complexity of the user agent, and
> - make the implementation much faster,
> because the actual "p3p-logic" could be seperated from the entire connection
> technique. Otherwise p3p issues and http issues would get mixed, leading to
> mixed responsibilities of the different "parts" of the software - at least
> from an object oriented point of view.
>
> The typical scenario that explains why the wellknow-location mechanism is not
> enough is: one company hosts some content on its server that it is not
> responsible for, therefor excluding the subtree with the foreign content from
> the own policy reference file.
> Responses to requests to a URI refering to some part of this subtree would
> then contain a reference (http header or html link-element) to the covering
> policy reference file - unfortunately the request has to be send first.
>
> Now my question: why not oblige the foreign company to put a policy reference
> file in the root of "their" subtree? The foreign company is in charge of the
> subtree anyway.
> This would give us the possiblity to use a wellknow location like mechanism
> to fetch the apropriate policy reference file. The procedure for any request
> would than always begin as follows:
>
> extract host information from the URI, get the policy reference file from the
> wellknow location on this host, parse the file ... and maybe find out that
> the request's URI points to some subtree not covered by this policy reference
> file, get the policy reference file from the root of this subtree ....
>
> Do you think that a modification of the specification would make sense? I
> would appreciate any comments.
>
> Regards
> Sebastian Kamp
Received on Tuesday, 24 April 2001 17:08:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT