W3C home > Mailing lists > Public > www-p3p-policy@w3.org > August 2001


From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 22 Aug 2001 21:24:25 -0400
Message-ID: <003a01c12b72$59043a80$3a06cf87@research.att.com>
To: <www-p3p-dev@w3.org>, <www-p3p-policy@w3.org>
Cc: <w3c-p3p-specification@w3.org>
The P3P Specification working group decided to remove
the EMBEDDED-INCLUDE mechanism from the specification
and replace it with the following "hints" mechanism. Implementers
reported that EMBEDDED-INCLUDE was proving problematic
due to difficulties in identifying embedded content reliably.
The definition required that this determination be based on
the HTTP Referer header. But this was a major problem for proxy
implementations, and difficult for other user agent implementations.
The group believes the hints mechanism will be significantly
easier to implement than EMBEDDED-INCLUDE, while still
providing a performance optimization. Policy Reference Hints

Policy reference hints are a performance optimization that can be used under
certain conditions.  A DNS host may declare a policy reference for itself
the well-known location, P3P response header, or P3P LINK tag.  The host
MAY further provide a hint to additional policy references, such as those
by other hosts.  For example,
an HTML page might hint at policy references for its hyperlinks,
embedded content, and form submission URIs.  User agents MAY use the
hint mechanism to discover policy references before requesting the affected
when the policy references are not available from the well-known location.

Any policy reference file MAY contain zero or more policy reference hints.
Each hint
consists of single host or domain of hosts to which the hinted policy
will be applied.  When using a hint applicable to multiple hosts, the
policy reference is expected in the same relative location on each host, but
the content may vary according to the host.  Therefore, a user agent
that finds a policy reference on a particular host via the hint mechanism
NOT apply it to another host.

The collection of policy reference hints appears after the POLICY-REFERENCES
element but before any POLICIES element.

Here is an example of a POLICY-REFERENCE-HINTS element that hints at
the location of policy reference files on the host a.com and on any host in
domain x.y.com:

  <POLICY-REF-HINT domain="a.com" path=/mypolicy/p2.xml" />
  <POLICY-REF-HINT domain=".x.y.com" path="/w3c/prf.xml" />

The domain attribute follows the HN syntax in RFC 2965.  The path
attribute specifies the location of the hinted policy reference files
relative to the
applicable host rather than the policy reference file containing the hint.

If a hinted policy reference file is not found, expired, or otherwise
invalid, the user
agent MUST ignore the hint.  Before using a hinted policy reference, the
agent MUST check the well-known location and give precedence to any
policy references directly declared by the
host, with the well-known location taking the highest precedence.  If a
hinted policy reference is not directly declared by the host as expected,
user agent MAY ignore it.

Received on Wednesday, 22 August 2001 21:24:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:07 UTC