- From: <Patrick.Hung@csiro.au>
- Date: Thu, 16 Oct 2003 03:21:59 +1000
- To: public-p3p-spec@w3.org
I am trying to summarize the comments/suggestions to the current version of
working group:
(1) Apply a different privacy restriction on different level of data in
WSDL. The Privacy element
applies to the transaction from the Web services consumer to the Web
service and cannot
be restrictied to a particular set of data. Two possible solutions are:
XML Schema annotations
and XML extensions.
(2) Remove the rel='p3pv1' attribute at all because of using namespaces for
versioning.
(3) Require defining an element included in the WSDL to indicate the WSDL
processor must follow
the rules of P3P: <my:Privacy wsdl:required=true'/>
(4) Define the privacy policy by both reference and inclusion.
(5) Bi-lateral privacy privacy and preferences: The current version only
indicates that the statements
are only applicable to the information received by the service, and not
the client interacting with
the service.
(6) The extensibility model of WSDL allows to put P3P elements and
attributes in all sections of the
description. It should include P3P POLICY elements in the WSDL at the
interface, operation, or
service level.
(7) Apply/reference more than one policy in a WSDL. In the first cut, there
should have a logical AND
in privacy policies described in different levels.
(8) WSDL, per decision on 20030703, dropped its extensibility using XML
Schema. This includes the
wsdl:globalExt definition. Remove the
substitutionGroup='wsdl:globalExt' declaration from the
definition of the privacy element.
(9) Have a mandatory soap extension containing a policy; the semantics of
the extension is: either
your policy is compatible with this one, or you must not process the
message. Section 4.5 needs
to be clarified
Special thanks to the contributors: Rigo, Hugo and Philippe!
I am looking froward to hear from WSDL and SOAP working group.
Thanks,
Patrick
Received on Wednesday, 15 October 2003 13:24:26 UTC