[Agent/Domain] same-entity domain relationship proposal comments from Humphrey, Jack on 2003-09-03 (public-p3p-spec@w3.org from September 2003)

From: Humphrey, Jack <JHumphrey@coremetrics.com>
Date: Wed, 3 Sep 2003 10:52:23 -0500
To: public-p3p-spec@w3.org
Message-ID: <85063BBE668FD411944400D0B744267A025187EE@ausmail.core.coremetrics.com>

Attached is the proposal I sent out in July for domain relationships. In the
July 16 working group conference call (which I missed), this proposal was
discussed by the attendees (Lorrie Cranor, Rigo Wenning, Brooks Dobbs, Rob
Horn, Patrick Hung, Joseph Reagle). Here are the notes from the minutes
(taken by Lorrie, I believe) with some belated responses/questions from me:

> There were some questions about the goals of this proposal. People 
> thought it was useful for companies to be able to declare that all of 
> their multiple domains are owned by a single company and comply with 
> the same policy, but there was less interest in being able to declare 
> that companies belong to an ad network. The reason browsers are 
> treating these as third party cookies is that is how consumers seem to 
> want to see them treated.

I see this point. This proposal actually only addresses declaring that
multiple domains belong to the same company. It does not attempt to address
the agent/ad network type of relationships. I will make that clear in my
upcoming proposed specification changes.

> People saw some potential uses for the idea of the KNOWN-HOSTS element 
> (although it needs to be expressed using the extension mechanism). 

I'm glad this idea went over well. Does anyone remember what uses (other
than those outlined in the proposal) were discussed?

> There was less enthusiasm for allowing INCLUDE and EXCLUDE to include 
> host name. That substantially complicates parsing and caching issues 
> without bringing obvious advantages. 

I suppose that I was trying to create an optimization for site developers
and user agents. In my example on page 3, the idea is that, while loading a
page from example.com, the user agent wouldn't have to fetch/evaluate the
policy reference file and policy for forinstance.com if the context of the
forinstance request matched "*.forinstance.com/customer/*". I can see how
that might add too much complexity, so unless anyone feels strongly that the
optimization might be worthwhile, I'll remove it.

> There was a recognition that the CP aspect of this proposal was most
> important for practical reasons, and yet it seemed not to scale well
> in the third-party  ad network context.

Again, this proposal does not try to address agents/ad networks. In thinking
about how to potentially apply the same approach to those situations, I will
consider scalability concerns. 

I actually think that scalability can be addressed by implementations only
including the relevant headers based on the context of the request. This
approach would be recommended and will be elaborated upon in the agent
relationship proposal.

Thanks!

Jack Humphrey
Coremetrics

Attachments

application/octet-stream attachment: domrelprop1.pdf

Received on Wednesday, 3 September 2003 11:52:37 UTC