UA: comments on translation documents from Lorrie Cranor on 2003-04-14 (public-p3p-spec@w3.org from April 2003)

From: Lorrie Cranor <lorrie@research.att.com>
Date: Sun, 13 Apr 2003 20:39:20 -0400
To: public-p3p-spec@w3.org
Message-Id: <8830596F-6E11-11D7-AF19-000393DC889A@research.att.com>
I have reviewed the IE, Netscape, and PB translations and would like
to share my observations.

General Observations

- Overall I found most of the translations to be accurate
   representations of the P3P vocabulary. However, there were a small
   number of elements that have a translations in one or more UA that I
   would argue are misleading (I will list them below).

- I found the translations of some of the elements (especially the IE
   translations) to be rather verbose and in some cases written in
   language that I don't think will be all that clear to end
   users. For the most part I don't find these translations
   misleading and therefore I wouldn't really object to their
   continued use. However, I think they can be improved.

- I found the grammar used in some of the Netscape translations to be
   problematic. Many elements listed under the same heading lack
   parallel structure. Again, this is not misleading, but any
   guidelines we issue should have proper grammar and consistent
   structure.


Specific Observations

- IE: uniqueid - I would strike "by a Web site or service" as this is
   a restriction not included in the P3P definition. Furthermore this
   definition does not make it clear that government-issued
   identifiers are excluded from this category

- IE: demographic - I would strike "not tied to an identified person"
   as this is not a restriction included in the P3P definition.

- IE: pseudo-analysis - I found the example in this definition
   especially confusing.

- IE: ours - I found the this definition especially confusing.

- IE: retention - I liked most of these definitions

- IE: court - This is the only disputes that does not include a short
   description string... why?

- IE: disputes - does not display long description string or remedies

- IE: required attribute - not displayed... I would argue that this
   is fairly important

- IE: consequence - not displayed

- IE: data - only categories are displayed, not individual data
   elements... I would argue that it is important to display
   individual data elements or at the very least the categories they
   belong to rather than omitting them completely (unless all DATA is
   omitted)

- PB: retention - does not display retention

- PB: disputes - does not have translations -- displays short and
   long description... does not display remedies

- NS: access - nonident and none don't fit parallel structure

- NS: other-ident - I don't understand this definition at all

- NS: disputes:law - I don't understand this definition at all

- NS: correct - doesn't fit parallel structure

- NS: purpose heading - "that you have supplied" is too limiting --
   P3P policies also cover data the user may not have explicitly
   supplied

- NS: pseudo-decision - short version doesn't mention pseudonymity
   and is indistinguishable from individual-decision

- NS: other purpose / other category - I like the fact that NS flags
   other purposes that are missing the mandatory human-readable
   explanation -- this is a good alternative to refusing to process the
   whole P3P policy because of this

- NS: ours - I think this definition is confusing

- NS: uniqueid - not parallel structure

- NS: demographic - I don't think this really captures the full P3P
   definition


Some Questions for the TF to Consider

- Should we try to converge on a single set of translations? Should
   we come up with a long and short translation for each element,
   perhaps using the click through approach like NS uses? Should our
   guidelines list all acceptable translations they people submit
   rather than trying to converge or one or two?

- Should we recommend that P3P user agents be capable of displaying
   complete translations (all elements, including all human-readable
   elements)? If not, is there a minimum set of elements they should
   display? Or perhaps some guidelines on completeness that will
   prevent misleading users?

- Should we make any recommendations about displaying human-readable
   fields?

- Should we make any recommendations about displaying data elements
   and categories?

- What other types of guidelines should we consider?
   - recommendation that UAs have ability to save policies
   - recommendation that UAs have ability to print policies (if run on
     devices connected to printers)
   - recommendation that UAs refuse to process CPs for sites not
     "properly" P3P-enabled
   - recommendation for checking cookie policies (strengthen 2.3.2.7
     requirements)
Received on Sunday, 13 April 2003 20:38:37 UTC