RE: cookie-include element

Ahh... so the include and cookie-include have the same 
relationship to the host. Great, thanks for the 
clarification.

--Cliff

-----Original Message-----
From: Lorrie Cranor [mailto:lorrie@research.att.com]
Sent: Wednesday, October 03, 2001 9:55 PM
To: Clifford Lyon; www-p3p-public-comments@w3.org
Subject: Re: cookie-include element


I think you have it mostly right. The PRF only
applies to URIs on or cookies set by the host
that references it. You can have identical PRFs on 
each host in your domain (assuming they have
the same policy usage). Or you can have
one PRF that is referenced in the headers by
all the hosts in the domain. Unless you have
a good reason not to, we highly recommend
that you put a PRF in the well-known location
of every host, however.

Lorrie

----- Original Message ----- 
From: "Clifford Lyon" <Clifford.Lyon@cnet.com>
To: <www-p3p-public-comments@w3.org>
Sent: Wednesday, October 03, 2001 1:58 PM
Subject: RE: cookie-include element


> I noticed the text of the original message got cut off. 
> Here it is again.
> 
> -----Original Message-----
> 
> Hi,
> 
> In the prf, the include element's URI reference must be 
> relative. So, a prf at x.domain.com may only refer to 
> locations x.domain.com/*, and not y.domain.com/*. However, 
> the domain attr of the cookie indluce element allows 
> *.domain.com. So, do I have this right: for each 
> subdomain, a corresponding prf entry must be created for 
> locations w/in that subdomain. However, for each cookie 
> set in *.domain.com, only one prf entry need be created 
> and added to some prf file under the top level domain. 
> The location of that prf can be added to the http reponse 
> headers that set the cookie.
> 
> Thanks,
> 
> Cliff
> 

Received on Thursday, 4 October 2001 11:23:37 UTC