- From: Rigo Wenning <rigo@w3.org>
- Date: Mon, 5 Nov 2001 11:53:20 +0100
- To: www-p3p-policy@w3.org
- Cc: "Tyson, Wayne" <wayne.tyson@eds.com>
Dear Tyson,
for reasons of SPAM protection, the mailing-list is only
accepting postings from those people subscribed to that
mailing-list.
If you want to subscribe, please send an email to
www-p3p-policy-request@w3.org with "subscribe" in the
subject-line.
On your question:
In full P3P Policies, your scenario is perfectly implementable.
Every server has to carry a Policy Reference File (PRF). In this
PRF you can reference the one and only Policy applicable to all
of your hosts. It doesn't matter, on which the Policy is sitting,
as you can use full URI to reference the applicable policy.
So an example policy would look like this:
<META xmlns="http://www.w3.org/2001/09/P3Pv1">
<POLICY-REFERENCES>
<EXPIRY max-age="172800"/>
<POLICY-REF about="http://policy.example.org/P3P/Policies.xml#first">
<INCLUDE>/*</INCLUDE>
<EXCLUDE>/catalog/*</EXCLUDE>
<EXCLUDE>/cgi-bin/*</EXCLUDE>
<EXCLUDE>/servlet/*</EXCLUDE>
</POLICY-REF>
<POLICY-REF about="http://policy.example.org/P3P/Policies.xml#second">
<INCLUDE>/catalog/*</INCLUDE>
</POLICY-REF>
<POLICY-REF about="http://policy.example.org/P3P/Policies.xml#third">
<INCLUDE>/cgi-bin/*</INCLUDE>
<INCLUDE>/servlet/*</INCLUDE>
<EXCLUDE>/servlet/unknown</EXCLUDE>
</POLICY-REF>
</POLICY-REFERENCES>
</META>
This kind of PRF MUST reside on every P3P enabled server. We
suggest, that you use the well-known-location /w3c/p3p.xml for
the PRF.
For compact policies, this doesn't work. Compact policies are
transported in the P3P-header. So every server has to carry his
own policy in the P3P-header. So you have to re-configure every
web-server.
If there are remaining questions, don't hesitate to ask.
Best,
Rigo Wenning W3C/INRIA
Policy Analyst Privacy Activity Lead
mail:rigo@w3.org 2004, Routes des Lucioles
+33 (0)6 73 84 87 31 F-06902 Sophia Antipolis
http://www.w3.org/
----- Forwarded message from "Tyson, Wayne" <wayne.tyson@eds.com> -----
From: "Tyson, Wayne" <wayne.tyson@eds.com>
To: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org>
Date: Fri, 2 Nov 2001 11:15:56 -0500 (EST)
Subject: [Moderator Action] Common Policy reference
Old-Date: Fri, 2 Nov 2001 11:15:34 -0500
X-Mailer: Internet Mail Service (5.5.2654.52)
I browsed through some of the other threads to see if this had been
addressed. I was unable to find any reference. We have a situation where
we have multiple websites that may have slightly different data gathering
requirements, cookie requirements, etc. All of these have different domain
names. There is one website that we would like to be the "parent" website
and contain the 1 and only P3P policy. Can the reference file created for
the other websites contain the url of a P3P policy from a different domain?
We've tried this in our development environment unsuccessfully, but wanted
to make sure we weren't missing something.
Wayne Tyson PG 248.873.1413
EDS E Solutions
Global Interactive Solutions PH 313.665.9738 DT
26533 Evergreen Rd FX 313.665.0648 DT
Southfield MI 48086
PH 248.386.6655 SF
FX 248.386.6670 SF
Email wayne.tyson@eds.com
Text PG Mark your email urgent!
Yahoo Pager WTysonICE
AOL IM AWTyson
----- End forwarded message -----
Received on Monday, 5 November 2001 06:37:31 UTC