- From: Almut Herzog <almhe@ida.liu.se>
- Date: Wed, 01 Nov 2006 09:46:30 +0000
- To: www-p3p-policy-request@w3.org
Lorrie Cranor wrote:
> Web sites can advertise their certifications using a disputes element.
> You can create an APPEL file that looks for sites with particular
> certifications.
So the web site states that they are BBB-certified in their policy:
>> From the P3P book, p.89:
...
<DISPUTES resolution-type="independent"
service="http://www.bbbonline.org" short-description="BBBOnline">
...
</DISPUTES>
...
And user Alice would have the following rule in her privacy policy,
allowing her to request content from web sites that are BBB-certified:
<appel:RULE behavior="request" description="Site is BBB-certified.">
<p3p:POLICY>
<p3p:STATEMENT>
<p3p:DISPUTES appel:connective="and">
<p3p:resolution-type="independent">
<p3p:service="http://www.bbbonline.org">
</p3p:DISPUTES>
</p3p:STATEMENT>
</p3p:POLICY>
</appel:RULE>
Is that correct?
> Payment info is not party of the P3P base data schema. The idea all
> along was that anyone could create a data schema to meet their needs.
> We were hoping the credit card industry would create one with the
> fields that make sense for credit card info, but that never happened.
> In the mean time, most sites are expressing their policies in terms of
> categories of information rather than explicit data fields.
Thanks for the explanation.
/Almut
Received on Sunday, 5 November 2006 20:56:37 UTC