- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Wed, 3 Sep 1997 09:32:11 PDT
- To: Koen Holtman <koen@win.tue.nl>
- Cc: DJaye@engagetech.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> Larry, would you be happy with a spec which defines > > a) an extensible Pics-Label header for conveying information about > privacy policies > b) the specific cookie-related instance of this extensible header? > > Or are you saying that this is to weak, and that we need a complete, > comprehensive scheme which handles cookies, passwords, business cards, > and so on, under a single unified unterface? > > I would be with you on calling for an extensible header, but a call > for the development of a comprehensive scheme goes too far for me. In > my opinion, a call for completeness will guarantee that there will > never be any convergence (because too many people with advertising > business models will be opposed to it), and I want to see convergence > on something which improves on the current cookie situation, even if it > does nothing more than that. I'm just not at all certain that this kind of policy issue belongs in HTTP at all. What if, for example, there were an HTML HEAD element that could contain a site's policies or links to them, and that before actually storing any cookie to disk, the policy could be determined? Putting this kind of information in the protocol seems like it violates the boundary between protocol and application in a way that doesn't feel right to me. I could imagine a kind of option where a client could ask a server for the LINK to its policies for a given realm, which might be an OPTION request or some other such thing, but I'm not sure that it is a protocol extension to HTTP. Larry -- http://www.parc.xerox.com/masinter
Received on Wednesday, 3 September 1997 09:35:51 UTC