- From: Lorrie Cranor <lorrie@cs.cmu.edu>
- Date: Wed, 17 Mar 2004 10:56:20 -0500
- To: "Humphrey, Jack" <JHumphrey@coremetrics.com>
- Cc: 'public-p3p-spec' <public-p3p-spec@w3.org>
I think in our discussion last week we talked about something even simpler. We suggested that there was not a need to have a two-way handshake. A site should be able to use our-host even if the host it is referring to does not point to its PRF. So... an our-host tag in a POLICY-REF would mean that for any URIs covered by this policy, any embedded content (anything that would be covered by a HINT element) that is served from a URI covered by the our-host tag should be considered as coming from the entity or its agents (or entities for whom it is acting as an agent). [not very well said, but hopefully, you can tell what I mean] And, an our-host token in a CP would mean that any cookies served with the current page that domain match the our-host tag should be considered as coming from the entity or its agents (or entities for whom it is acting as an agent). Lorrie On Mar 17, 2004, at 1:47 AM, Humphrey, Jack wrote: > Based on our discussion last week, here is a draft of an alternate > proposal > for a new "our-host" extension element (renamed to distinguish from the > previous proposal's "known-host") with a different semantic meaning. > Also > included is an extension to the compact policy P3P header to support > the > same mechanism for compact policies. > > Please review this new proposal and compare to the previous proposal. > Is it > more straightforward? Might it be less confusing for implementers and > user > agent developers? > > Thanks. I will probably be late to the call and may have some trouble > participating verbally, as I will be coming from a dental appointment. > > ++Jack++ > > <03-domain-relationships-alternate.html>
Received on Wednesday, 17 March 2004 10:56:33 UTC