Re: alternate domain relationships proposal from Lorrie Cranor on 2004-03-17 (public-p3p-spec@w3.org from March 2004)

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Wed, 17 Mar 2004 10:40:39 -0500
To: Giles Hogben <giles.hogben@jrc.it>
Cc: 'Humphrey Jack' <JHumphrey@coremetrics.com>, 'public-p3p-spec' <public-p3p-spec@w3.org>
Message-Id: <715B8722-7829-11D8-BEA7-000A95DA3F5A@cs.cmu.edu>

I think the problem is the ambiguity of the word "it" in the sentence:

> A policy referenced in a policy reference file can be applied only to 
> URIs
> on the DNS (Domain Name System) host that references it.

We have been interpreting this sentence to mean:

A policy referenced in a policy reference file can be applied only to 
URIs
on the DNS (Domain Name System) host that references the policy 
reference file.

Thus in Jack's example, if forinstance.com returns a P3P header, the 
policy reference file it references gets applied to forinstance.com. I 
am pretty sure that is how it has been implemented in IE6, Netscape7, 
and PrivacyBird.

Lorrie



On Mar 17, 2004, at 3:58 AM, Giles Hogben wrote:

>
> There seems to be something wrong with the initial argument:
>
> The existing P3P spec says:
>
> "A policy referenced in a policy reference file can be applied only to 
> URIs
> on the DNS (Domain Name System) host that references it. Thus, for 
> example,
> a policy reference file at the well-known location of host 
> www.example.com
> can apply policies only to resources on www.example.com."
>
> So when you say
>
> "forinstance.com is configured to return the HTTP header
>
>     P3P: policyref="http://www.example.com/w3c/p3p.xml"
>
> This policyref can only apply to files on www.example.com
>
> Have I missed something in this discussion?
>
>
>> **-----Original Message-----
>> **From: public-p3p-spec-request@w3.org
>> **[mailto:public-p3p-spec-request@w3.org] On Behalf Of Humphrey, Jack
>> **Sent: 17 March 2004 07:48
>> **To: 'public-p3p-spec'
>> **Subject: alternate domain relationships proposal
>> **
>> **
>> **Based on our discussion last week, here is a draft of an
>> **alternate proposal for a new "our-host" extension element
>> **(renamed to distinguish from the previous proposal's
>> **"known-host") with a different semantic meaning. Also
>> **included is an extension to the compact policy P3P header to
>> **support the same mechanism for compact policies.
>> **
>> **Please review this new proposal and compare to the previous
>> **proposal. Is it more straightforward? Might it be less
>> **confusing for implementers and user agent developers?
>> **
>> **Thanks. I will probably be late to the call and may have
>> **some trouble participating verbally, as I will be coming
>> **from a dental appointment.
>> **
>> **++Jack++
>> **
>> **
>

Received on Wednesday, 17 March 2004 10:40:36 UTC