W3C home > Mailing lists > Public > www-p3p-policy@w3.org > September 2002

RE: Single compact policy and diverse cookie usages - are we exposed?

From: Ravi Trivedi <trivedi@india.hp.com>
Date: Tue, 17 Sep 2002 14:20:48 +0530
To: "'charles watty'" <acwatty@hotmail.com>, <www-p3p-policy@w3.org>
Message-ID: <000b01c25e27$52cae7c0$e22a0a0f@india.hp.com>

My thoughts :
If you want you could associate specific policies per cookie. This way
you can specify exactly what information is being used by the cookie. How
this is done is mentioned in P3P 1.0 deployment guide at
http://www.w3.org/TR/2002/NOTE-p3pdeployment-20020211#Policies_Specific_Cook
ies

If you have a single compact policy, harmless cookies may also get blocked
if a user
is more restrictive in its privacy setting.

Articles probably recommend compact policies as IE6 blocks 3rd party
cookies, if they dont have a compact policy. It is not normative as per the
specification, to have compact policies though.


Regards,
Ravi
=>-----Original Message-----
=>From: www-p3p-policy-request@w3.org
=>[mailto:www-p3p-policy-request@w3.org]On Behalf Of charles watty
=>Sent: Tuesday, September 17, 2002 5:20 AM
=>To: www-p3p-policy@w3.org
=>Subject: Single compact policy and diverse cookie usages - are we
=>exposed?
=>
=>
=>
=>
=>
=>
=>Hello,
=>
=>I've read several documents that recommend that a single
=>compact policy be
=>used and served with outgoing files.
=>
=>My question is:
=>What is the risk to the issuing site if not all compact policies are
=>specific to the cooke to which they are attached. For
=>example, suppose I
=>have 16 cookies, and 10 relate to minor things like site
=>color preferences
=>while 6 are related to account information and contain
=>details such as
=>address, ship-to location, country of residence etc. Now, I
=>create a single
=>policy that describes all of these uses and send it out with
=>every file
=>(cookies incl. of course).
=>
=>The compact policy is not actually accurate in that it will
=>overstate how
=>each cookie uses personal information. It will err on the side of
=>thoroughness, but it will err nonetheless. Is this an issue,
=>or can we be
=>sure that it is a legally acceptable interpretation of P3P compliance?
=>
=>Thanks,
=>Charles
=>
=>_________________________________________________________________
=>Chat with friends online, try MSN Messenger: http://messenger.msn.com
=>
=>
Received on Tuesday, 17 September 2002 04:48:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT