W3C home > Mailing lists > Public > www-p3p-policy@w3.org > November 2006

Re: User side policy & handling of credentials

From: Almut Herzog <almhe@ida.liu.se>
Date: Thu, 02 Nov 2006 10:11:07 +0100
Message-ID: <4549B62B.2040902@ida.liu.se>
To: www-p3p-policy@w3.org

Lorrie Cranor wrote:

>> Web sites can advertise their certifications using a disputes  element.
>> You can create an APPEL file that looks for sites with  particular
>> certifications.


So the web site states that they are BBB-certified in their policy:

>>>> From the P3P book, p.89:
...
<DISPUTES resolution-type="independent"
  service="http://www.bbbonline.org" short-description="BBBOnline">
  ...
</DISPUTES>
...

And user Alice would have the following rule in her privacy policy,
allowing her to request content from web sites that are BBB-certified:

<appel:RULE behavior="request" description="Site is BBB-certified.">
  <p3p:POLICY>
    <p3p:STATEMENT>
      <p3p:DISPUTES appel:connective="and">
        <p3p:resolution-type="independent">
        <p3p:service="http://www.bbbonline.org">
      </p3p:DISPUTES>
    </p3p:STATEMENT>
  </p3p:POLICY>
</appel:RULE>

Is that correct?


>> Payment info is not party of the P3P base data schema. The idea all
>> along was that anyone could create a data schema to meet their needs.
>> We were hoping the credit card industry would create one with the
>> fields that make sense for credit card info, but that never happened.
>> In the mean time, most sites are expressing their policies in terms  of
>> categories of information rather than explicit data fields.


Thanks for the explanation.

/Almut
Received on Thursday, 2 November 2006 09:11:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:11 GMT