- From: Lorrie Cranor <lorrie@cs.cmu.edu>
- Date: Tue, 24 Feb 2004 16:33:55 -0500
- To: Rigo Wenning <rigo@w3.org>
- Cc: 'public-p3p-spec' <public-p3p-spec@w3.org>, Massimo Marchiori <massimo@w3.org>, plh@w3.org, Hugo Haas <hugo@w3.org>, W3t-Archive@W3., w3t-archive@w3.org
I hope you are able to discuss this at the technical plenary and then fill the rest of us in on what conclusions you come to, if any. I understand Rigo's perspective that the XML writer that uses the P3P tag should understand all possible ways this chunk of XML will be processed and make sure the P3P policy applies to all of them. But, if I were a lawyer (and I'm not, but Rigo is, so he can comment as to how good a lawyer I would be), I might advise my clients not to use this generic P3P XML tag, because in reality I cannot anticipate how this chunk of XML might be processed (see my example in http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0019.html). I would like to have some way of saying "P3P policy X applies to chunk of XML Y only when Y is processed under condition Z." I think this is feasible if we include an attribute that is a URI that can be used to specify condition Z. Then each XML application that wants to use P3P could establish their own URI that explains the assumptions that are made about what it means to process XML in that context (and presumably similar applications might find they could use the same assumptions). Lorrie On Feb 20, 2004, at 10:35 AM, Rigo Wenning wrote: > We defer so many things to the policy-writer. If someone creates > an arbitrary XML which can be processed by three different agents, he > MUST mention all _intended_ data collection. He knows best how to deal > with it. > > For the most common W3C-Specs, I imagine a separate Note using this > binding and adding restrictions and some guidance -like this was done > in the WSDL-P3P-Note[1] will help. > > Perhaps the problem is also language, as I used legal language that > covers all of your concerns by saying 'all data collection'. We know > exactly what 'data collection' means. The creator of XML and the > creator > of agents should know what that means in terms of processing and they > can tell the user agent via the well defined P3P policy. I don't have > to > give them more details (at least not from a legal point of view, as I > can give you an _exact_ scope out of my definitions by the usual > hermeneutics.) > > 1. http://www.w3.org/TeamSubmission/2004/SUBM-p3p-wsdl-20040213/ > > Best, > > Rigo > > On Thu, Feb 19, 2004 at 06:53:21PM -0500, Massimo Marchiori wrote: >> Interestingly enough, just noted today's >> "AGENDA: MONDAY 23 February P3P Spec Call" >> http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0052.html >> : >> <quote> >> 5. P3P Generic attribute for XML applications >> http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0019.html >> </quote> >> which points to a message by Lorrie Cranor (the chair, ahem...) >> that seems to have rediscovered one of the points against the >> "generic attribute" that I had mentioned to Philippe in our phonecall >> chat. >> >> With this, I'll silently await the next voodoo... ;) >> Apart from jokes, we can better chat about this at the plenary too. >> Of course, if I find the time these days I might as well reproduce >> in email the exec summary problem analysis I gave to Philippe (if.... >> :( ). >> -M >
Received on Tuesday, 24 February 2004 16:33:15 UTC