W3C home > Mailing lists > Public > www-p3p-policy@w3.org > November 2001

Common Policy reference

From: Rigo Wenning <rigo@w3.org>
Date: Mon, 5 Nov 2001 11:53:20 +0100
To: www-p3p-policy@w3.org
Cc: "Tyson, Wayne" <wayne.tyson@eds.com>
Message-ID: <20011105115320.D975@localhost>
Dear Tyson, 

for reasons of SPAM protection, the mailing-list is only
accepting postings from those people subscribed to that
mailing-list. 

If you want to subscribe, please send an email to
www-p3p-policy-request@w3.org with "subscribe" in the
subject-line. 

On your question:

In full P3P Policies, your scenario is perfectly implementable.
Every server has to carry a Policy Reference File (PRF). In this
PRF you can reference the one and only Policy applicable to all
of your hosts. It doesn't matter, on which the Policy is sitting,
as you can use full URI to reference the applicable policy. 

So an example policy would look like this:

<META xmlns="http://www.w3.org/2001/09/P3Pv1">
 <POLICY-REFERENCES>
  <EXPIRY max-age="172800"/>   
  <POLICY-REF about="http://policy.example.org/P3P/Policies.xml#first">
      <INCLUDE>/*</INCLUDE>
      <EXCLUDE>/catalog/*</EXCLUDE>
      <EXCLUDE>/cgi-bin/*</EXCLUDE>
      <EXCLUDE>/servlet/*</EXCLUDE>
  </POLICY-REF>   
  <POLICY-REF about="http://policy.example.org/P3P/Policies.xml#second">
      <INCLUDE>/catalog/*</INCLUDE>
  </POLICY-REF>   
  <POLICY-REF about="http://policy.example.org/P3P/Policies.xml#third">
      <INCLUDE>/cgi-bin/*</INCLUDE>
      <INCLUDE>/servlet/*</INCLUDE>
      <EXCLUDE>/servlet/unknown</EXCLUDE>
  </POLICY-REF>  
 </POLICY-REFERENCES>
</META>

This kind of PRF MUST reside on every P3P enabled server. We
suggest, that you use the well-known-location /w3c/p3p.xml for
the PRF. 

For compact policies, this doesn't work. Compact policies are
transported in the P3P-header. So every server has to carry his
own policy in the P3P-header. So you have to re-configure every
web-server.

If there are remaining questions, don't hesitate to ask.

Best, 


Rigo Wenning            W3C/INRIA
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
+33 (0)6 73 84 87 31    F-06902 Sophia Antipolis
http://www.w3.org/


----- Forwarded message from "Tyson, Wayne" <wayne.tyson@eds.com> -----

From: "Tyson, Wayne" <wayne.tyson@eds.com>
To: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org>
Date: Fri, 2 Nov 2001 11:15:56 -0500 (EST)
Subject: [Moderator Action] Common Policy reference
Old-Date: Fri, 2 Nov 2001 11:15:34 -0500 
X-Mailer: Internet Mail Service (5.5.2654.52)

I browsed through some of the other threads to see if this had been
addressed.  I was unable to find any reference.  We have a situation where
we have multiple websites that may have slightly different data gathering
requirements, cookie requirements, etc.  All of these have different domain
names.  There is one website that we would like to be the "parent" website
and contain the 1 and only P3P policy.  Can the reference file created for
the other websites contain the url of a P3P policy from a different domain?
We've tried this in our development environment unsuccessfully, but wanted
to make sure we weren't missing something.  

Wayne Tyson			PG	248.873.1413
EDS E Solutions
Global Interactive Solutions	PH	313.665.9738 DT
26533 Evergreen Rd		FX	313.665.0648 DT
Southfield MI 48086
				PH	248.386.6655 SF
				FX	248.386.6670 SF

Email		wayne.tyson@eds.com
Text PG	Mark your email urgent!
Yahoo Pager	WTysonICE
AOL IM		AWTyson

----- End forwarded message -----
Received on Monday, 5 November 2001 06:37:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT