W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > October 2001

Re: cookie-include element

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 3 Oct 2001 21:54:48 -0400
Message-ID: <008701c14c77$f77a6f60$5604cf87@research.att.com>
To: "Clifford Lyon" <Clifford.Lyon@cnet.com>, <www-p3p-public-comments@w3.org>
I think you have it mostly right. The PRF only
applies to URIs on or cookies set by the host
that references it. You can have identical PRFs on 
each host in your domain (assuming they have
the same policy usage). Or you can have
one PRF that is referenced in the headers by
all the hosts in the domain. Unless you have
a good reason not to, we highly recommend
that you put a PRF in the well-known location
of every host, however.

Lorrie

----- Original Message ----- 
From: "Clifford Lyon" <Clifford.Lyon@cnet.com>
To: <www-p3p-public-comments@w3.org>
Sent: Wednesday, October 03, 2001 1:58 PM
Subject: RE: cookie-include element


> I noticed the text of the original message got cut off. 
> Here it is again.
> 
> -----Original Message-----
> 
> Hi,
> 
> In the prf, the include element's URI reference must be 
> relative. So, a prf at x.domain.com may only refer to 
> locations x.domain.com/*, and not y.domain.com/*. However, 
> the domain attr of the cookie indluce element allows 
> *.domain.com. So, do I have this right: for each 
> subdomain, a corresponding prf entry must be created for 
> locations w/in that subdomain. However, for each cookie 
> set in *.domain.com, only one prf entry need be created 
> and added to some prf file under the top level domain. 
> The location of that prf can be added to the http reponse 
> headers that set the cookie.
> 
> Thanks,
> 
> Cliff
> 
Received on Wednesday, 3 October 2001 21:57:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.1 : Tuesday, 21 September 2004 12:14:17 GMT