Lars asked: > Assume a user agent is retrieving an html entity by fetching a URI and that > a cookie is set by that html entity when it is returned by the server. > > I am curious about how many policies may potentially apply in this situation > and how a user agent must determine which policy, or policies, applies. > Reading the P3P1.0 spec, I have come to the conclusion that two separate > policies may apply in this situation - one policy for the URI itself, and > another policy for the cookie being set when the entity referenced by the > URI is returned. Is this correct? Yes, this is correct. > If my conclusion is correct, that two separate policies may apply, that > would then imply that two different policy reference files may apply. So my > second question is: must a user agent go through the same mechanisms twice > (as described in section 2.2) in order to locate the two policy reference > files? No. A single policy reference file can cover a URI and a cookie with seperate policies. -- Martin Martin Presler-Marshall - Program Manager, Privacy Technology E-mail: mpresler@us.ibm.com AIM: jhreingold Phone: (919) 254-7819 (tie-line 444-7819) Fax: (919) 254-6430 (tie-line 444-6430)Received on Tuesday, 18 September 2001 08:15:07 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.30 : Monday, 4 July 2005 12:06:45 GMT