RE: P3P and WSDL from Philippe Le Hegaret on 2003-10-07 (public-p3p-spec@w3.org from October 2003)

From: Philippe Le Hegaret <plh@w3.org>
Date: Tue, 07 Oct 2003 14:22:50 -0400
To: Patrick.Hung@csiro.au
Cc: Rigo Wenning <rigo@w3.org>, Hugo Haas <hugo@w3.org>, w3t-archive@w3.org, public-p3p-spec@w3.org
Message-Id: <1065550969.7937.13.camel@jfouffa.w3.org>

On Tue, 2003-10-07 at 06:18, Patrick.Hung@csiro.au wrote:
> Hi Philippe,
> 
> Thank you very much for your message. My response is contained in
> <patrick/>.
> 
> May I ask whether you have any suggestion for this task force? How should
> this
> task force work with the WSDL and SOAP working groups?

How about sending a note inviting them to provide feedback and even
participate if they wish? I would certainly be happy to help the P3P WG.

> 1- By reference
> 
> This is your example. The privacy element links to a P3P file. However,
> the section fails - to indicate what happens if the P3P file make
> statements on a set of URIs (using the INCLUDE element) that happens to
> differ from the location of the service (in the soap:address or
> http:address elements).
> <patrick>Would you please further explain it? It is expected to have a
> revised P3P language for describing privacy policies in the context of 
> Web services. Thus, I am not very sure what do you mean.</patrick>

Actually, I realized that section 4.3 explicitly mentions that a WSDL
description directly references a policy, not a policy reference.
Therefore, since the policy doesn't contain any reference,  it does
exclude the case I was trying to address.

> - to indicate that the statements are only applicable to the information
> going from the registrant to the registry. What happen to the
> information going from the registry to the registrant? Can't the
> registry indicates its preferences to the registry? If yes, should the
>                                  <patrick>^^^^^^^^ registrant?</patrick>

 correct s/registry/registrant/

> registry indicate its preferences using a SOAP header in the output
> messages or in the WSDL as well?
> <patrick>This is a very interesting point. At this minute, we only 
> consider uni-directional scenario. We will explore this point in the working
> draft for next version.</patrick>

please, make sure this item is not dropped when defining the
requirements for the next version. In any case, the current version
should indicate that the statements are only applicable to the
information received by the service, and not the client interacting with
the service. What is the schedule regarding the first version of the
document btw?

Philippe

Received on Tuesday, 7 October 2003 14:22:56 UTC