- From: Giles Hogben <giles.hogben@jrc.it>
- Date: Tue, 6 May 2003 18:11:29 +0200
- To: "Public-P3p-Spec" <public-p3p-spec@w3.org>
Here's a short justification for XML Dig Sigs. Any comments? ------------------------------------ Rationale for XML Digital Signature. ------------------------------------ It offers a "visible" sign of commitment to the privacy policy. Transparency is all very well but many people see P3P policies as empty statements which are simply posted "to make Internet Explorer work". A digitally signed seal of approval offers users a more watertight legal route in the case of dispute and perhaps more importantly, gives companies an opportunity to "put their money where their mouth is" and thereby to differentiate themselves from other organisations. The impact of including this possibility in the specification would not be too great. The only necessary elements would be a simple url type attribute in a policy and a specification for policies which we almost have already. It could therefore be included to see what uptake there might be. In a sense this has been done already, but I think that people cannot be able to take up this suggestion without it being made a bit clearer with examples or a perhaps a java toolkit/web service for XML signing a policy and prf. Giles
Received on Tuesday, 6 May 2003 12:08:41 UTC