- From: Humphrey, Jack <JHumphrey@coremetrics.com>
- Date: Wed, 3 Sep 2003 10:52:23 -0500
- To: public-p3p-spec@w3.org
- Message-ID: <85063BBE668FD411944400D0B744267A025187EE@ausmail.core.coremetrics.com>
Attached is the proposal I sent out in July for domain relationships. In the July 16 working group conference call (which I missed), this proposal was discussed by the attendees (Lorrie Cranor, Rigo Wenning, Brooks Dobbs, Rob Horn, Patrick Hung, Joseph Reagle). Here are the notes from the minutes (taken by Lorrie, I believe) with some belated responses/questions from me: > There were some questions about the goals of this proposal. People > thought it was useful for companies to be able to declare that all of > their multiple domains are owned by a single company and comply with > the same policy, but there was less interest in being able to declare > that companies belong to an ad network. The reason browsers are > treating these as third party cookies is that is how consumers seem to > want to see them treated. I see this point. This proposal actually only addresses declaring that multiple domains belong to the same company. It does not attempt to address the agent/ad network type of relationships. I will make that clear in my upcoming proposed specification changes. > People saw some potential uses for the idea of the KNOWN-HOSTS element > (although it needs to be expressed using the extension mechanism). I'm glad this idea went over well. Does anyone remember what uses (other than those outlined in the proposal) were discussed? > There was less enthusiasm for allowing INCLUDE and EXCLUDE to include > host name. That substantially complicates parsing and caching issues > without bringing obvious advantages. I suppose that I was trying to create an optimization for site developers and user agents. In my example on page 3, the idea is that, while loading a page from example.com, the user agent wouldn't have to fetch/evaluate the policy reference file and policy for forinstance.com if the context of the forinstance request matched "*.forinstance.com/customer/*". I can see how that might add too much complexity, so unless anyone feels strongly that the optimization might be worthwhile, I'll remove it. > There was a recognition that the CP aspect of this proposal was most > important for practical reasons, and yet it seemed not to scale well > in the third-party ad network context. Again, this proposal does not try to address agents/ad networks. In thinking about how to potentially apply the same approach to those situations, I will consider scalability concerns. I actually think that scalability can be addressed by implementations only including the relevant headers based on the context of the request. This approach would be recommended and will be elaborated upon in the agent relationship proposal. Thanks! Jack Humphrey Coremetrics
Attachments
- application/octet-stream attachment: domrelprop1.pdf
Received on Wednesday, 3 September 2003 11:52:37 UTC