- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 22 Aug 2001 21:24:25 -0400
- To: <www-p3p-dev@w3.org>, <www-p3p-policy@w3.org>
- Cc: <w3c-p3p-specification@w3.org>
The P3P Specification working group decided to remove the EMBEDDED-INCLUDE mechanism from the specification and replace it with the following "hints" mechanism. Implementers reported that EMBEDDED-INCLUDE was proving problematic due to difficulties in identifying embedded content reliably. The definition required that this determination be based on the HTTP Referer header. But this was a major problem for proxy implementations, and difficult for other user agent implementations. The group believes the hints mechanism will be significantly easier to implement than EMBEDDED-INCLUDE, while still providing a performance optimization. 2.3.2.6 Policy Reference Hints Policy reference hints are a performance optimization that can be used under certain conditions. A DNS host may declare a policy reference for itself using the well-known location, P3P response header, or P3P LINK tag. The host MAY further provide a hint to additional policy references, such as those declared by other hosts. For example, an HTML page might hint at policy references for its hyperlinks, embedded content, and form submission URIs. User agents MAY use the hint mechanism to discover policy references before requesting the affected URIs when the policy references are not available from the well-known location. Any policy reference file MAY contain zero or more policy reference hints. Each hint consists of single host or domain of hosts to which the hinted policy reference will be applied. When using a hint applicable to multiple hosts, the policy reference is expected in the same relative location on each host, but the content may vary according to the host. Therefore, a user agent that finds a policy reference on a particular host via the hint mechanism MUST NOT apply it to another host. The collection of policy reference hints appears after the POLICY-REFERENCES element but before any POLICIES element. Here is an example of a POLICY-REFERENCE-HINTS element that hints at the location of policy reference files on the host a.com and on any host in the domain x.y.com: <POLICY-REFERENCE-HINTS> <POLICY-REF-HINT domain="a.com" path=/mypolicy/p2.xml" /> <POLICY-REF-HINT domain=".x.y.com" path="/w3c/prf.xml" /> </POLICY-REFERENCE-HINTS> The domain attribute follows the HN syntax in RFC 2965. The path attribute specifies the location of the hinted policy reference files relative to the applicable host rather than the policy reference file containing the hint. If a hinted policy reference file is not found, expired, or otherwise invalid, the user agent MUST ignore the hint. Before using a hinted policy reference, the user agent MUST check the well-known location and give precedence to any policy references directly declared by the host, with the well-known location taking the highest precedence. If a hinted policy reference is not directly declared by the host as expected, the user agent MAY ignore it. [ADD BNF]
Received on Wednesday, 22 August 2001 21:24:08 UTC