W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > March 2000

Re: What do policies apply to?

From: Lorrie Cranor <lorrie@research.att.com>
Date: Fri, 17 Mar 2000 00:10:08 -0500
Message-ID: <008f01bf8fcf$111d5340$3a06cf87@research.att.com>
To: <www-p3p-public-comments@w3.org>, "Martin J. Duerst" <duerst@w3.org>
> A very basic question, for which I haven't seen
> a hard-and-fast answer in the P3P spec:
> 
> Assume I load a page http://www.xyz.org/a,
> which points to a policy http://www.xyz.org/a.policy.
> 
> Page 'a' also contains a form, with an 'action' URI
> of http://www.xyz.org/b, with a policy http://www.xyz.org/b.policy.
> 
> If I fill in the form 'a' and send it in to 'b',
> which policy is my data submission covered by,
> http://www.xyz.org/a.policy or http://www.xyz.org/b.policy?

The data submission would be covered by b.policy.

> This should be said very clear at the beginning of the
> P3P specification, not just assumed to be somehow obvious.

You've raised a good point. We are adding a brief section to
explain this and provide a form example.

> http://www.xyz.org/a.policy has the advantage that one
> less rouund-trip is necessary. http://www.xyz.org/b.policy
> has the advantage that it can deal with pages that contain
> multiple forms that send data to different servers.
> If http://www.xyz.org/b.policy is choosen, it may be
> interesting to consider how to allow to indicate
> the relevant policy in the html <form> element.

See also the information in the spec about the prefix
and exclude headers that allow sites to declare what
policies apply to what resources in advance.

Regards,

Lorrie Cranor
P3P Specification Working Group Chair
Received on Friday, 17 March 2000 00:09:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.1 : Tuesday, 21 September 2004 12:14:16 GMT