- From: Lorrie Cranor <lorrie+@cs.cmu.edu>
- Date: Tue, 31 Oct 2006 20:21:10 -0500
- To: almhe@ida.liu.se
- Cc: www-p3p-policy@w3.org
Web sites can advertise their certifications using a disputes element. You can create an APPEL file that looks for sites with particular certifications. Payment info is not party of the P3P base data schema. The idea all along was that anyone could create a data schema to meet their needs. We were hoping the credit card industry would create one with the fields that make sense for credit card info, but that never happened. In the mean time, most sites are expressing their policies in terms of categories of information rather than explicit data fields. Lorrie -- Lorrie Faith Cranor <http://lorrie.cranor.org/> * Associate Research Professor, Computer Science and Engineering & Public Policy Carnegie Mellon University * P3P Specification Working Group Chair <http://www.w3.org/p3p/> * Book: Web Privacy with P3P <http://p3pbook.com/> On Oct 31, 2006, at 11:39 AM, Almut Herzog wrote: > > Hi, > > I wonder if it is possible/sensible to express the following > policies in > P3P/APPEL: > > User Alice will only submit her credit card information to sites that > have the XYZ credential. > > User Alice only does business with web sites that are ABC-certified (= > have the ABC credential). > > If someone could create these rules, e.g. using the JRC editor, I > would > be most grateful. If it is not sensible to have such rules, please > give > me a comment. > > And a general question: Why is payment information such as credit card > number, expiry date, bearer name etc. not part of the P3P user data > structures? > > Cheers, > /Almut > > >
Received on Wednesday, 1 November 2006 01:21:41 UTC