- From: Lorrie Cranor <lorrie@cs.cmu.edu>
- Date: Wed, 17 Mar 2004 10:57:16 -0500
- To: Giles Hogben <giles.hogben@jrc.it>
- Cc: 'Humphrey Jack' <JHumphrey@coremetrics.com>, 'public-p3p-spec' <public-p3p-spec@w3.org>
Yes, I'm sure that was the intention of the WG.... we spent many, many hours discussing this point. (And you would think we would have managed to come up with a non-ambiguous way of saying it...) Lorrie On Mar 17, 2004, at 10:53 AM, Giles Hogben wrote: > Do you think this was the intention of the WG? > >> **-----Original Message----- >> **From: public-p3p-spec-request@w3.org >> **[mailto:public-p3p-spec-request@w3.org] On Behalf Of Lorrie Cranor >> **Sent: 17 March 2004 16:41 >> **To: Giles Hogben >> **Cc: 'Humphrey Jack'; 'public-p3p-spec' >> **Subject: Re: alternate domain relationships proposal >> ** >> ** >> ** >> **I think the problem is the ambiguity of the word "it" in the >> **sentence: >> ** >> **> A policy referenced in a policy reference file can be >> **applied only to >> **> URIs >> **> on the DNS (Domain Name System) host that references it. >> ** >> **We have been interpreting this sentence to mean: >> ** >> **A policy referenced in a policy reference file can be >> **applied only to >> **URIs >> **on the DNS (Domain Name System) host that references the policy >> **reference file. >> ** >> **Thus in Jack's example, if forinstance.com returns a P3P header, the >> **policy reference file it references gets applied to >> **forinstance.com. I >> **am pretty sure that is how it has been implemented in IE6, >> **Netscape7, >> **and PrivacyBird. >> ** >> **Lorrie >> ** >> ** >> ** >> **On Mar 17, 2004, at 3:58 AM, Giles Hogben wrote: >> ** >> **> >> **> There seems to be something wrong with the initial argument: >> **> >> **> The existing P3P spec says: >> **> >> **> "A policy referenced in a policy reference file can be >> **applied only to >> **> URIs >> **> on the DNS (Domain Name System) host that references it. Thus, for >> **> example, >> **> a policy reference file at the well-known location of host >> **> www.example.com >> **> can apply policies only to resources on www.example.com." >> **> >> **> So when you say >> **> >> **> "forinstance.com is configured to return the HTTP header >> **> >> **> P3P: policyref="http://www.example.com/w3c/p3p.xml" >> **> >> **> This policyref can only apply to files on www.example.com >> **> >> **> Have I missed something in this discussion? >> **> >> **> >> **>> **-----Original Message----- >> **>> **From: public-p3p-spec-request@w3.org >> **>> **[mailto:public-p3p-spec-request@w3.org] On Behalf Of >> **Humphrey, Jack >> **>> **Sent: 17 March 2004 07:48 >> **>> **To: 'public-p3p-spec' >> **>> **Subject: alternate domain relationships proposal >> **>> ** >> **>> ** >> **>> **Based on our discussion last week, here is a draft of an >> **>> **alternate proposal for a new "our-host" extension element >> **>> **(renamed to distinguish from the previous proposal's >> **>> **"known-host") with a different semantic meaning. Also >> ****included is >> **>> an extension to the compact policy P3P header to >> ****support the same >> **>> mechanism for compact policies. >> **>> ** >> **>> **Please review this new proposal and compare to the previous >> **>> **proposal. Is it more straightforward? Might it be less >> ****confusing >> **>> for implementers and user agent developers? >> **>> ** >> **>> **Thanks. I will probably be late to the call and may have **some >> **>> trouble participating verbally, as I will be coming >> ****from a dental >> **>> appointment. >> **>> ** >> **>> **++Jack++ >> **>> ** >> **>> ** >> **> >> ** >> ** >
Received on Wednesday, 17 March 2004 11:00:58 UTC