- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Fri, 17 Mar 2000 00:10:08 -0500
- To: <www-p3p-public-comments@w3.org>, "Martin J. Duerst" <duerst@w3.org>
> A very basic question, for which I haven't seen > a hard-and-fast answer in the P3P spec: > > Assume I load a page http://www.xyz.org/a, > which points to a policy http://www.xyz.org/a.policy. > > Page 'a' also contains a form, with an 'action' URI > of http://www.xyz.org/b, with a policy http://www.xyz.org/b.policy. > > If I fill in the form 'a' and send it in to 'b', > which policy is my data submission covered by, > http://www.xyz.org/a.policy or http://www.xyz.org/b.policy? The data submission would be covered by b.policy. > This should be said very clear at the beginning of the > P3P specification, not just assumed to be somehow obvious. You've raised a good point. We are adding a brief section to explain this and provide a form example. > http://www.xyz.org/a.policy has the advantage that one > less rouund-trip is necessary. http://www.xyz.org/b.policy > has the advantage that it can deal with pages that contain > multiple forms that send data to different servers. > If http://www.xyz.org/b.policy is choosen, it may be > interesting to consider how to allow to indicate > the relevant policy in the html <form> element. See also the information in the spec about the prefix and exclude headers that allow sites to declare what policies apply to what resources in advance. Regards, Lorrie Cranor P3P Specification Working Group Chair
Received on Friday, 17 March 2000 00:09:42 UTC