- From: Lorrie Cranor <lorrie@cs.cmu.edu>
- Date: Wed, 24 Mar 2004 15:23:42 -0500
- To: 'public-p3p-spec' <public-p3p-spec@w3.org>
Here is my revised proposal based on today's call. Please send proposed
changes to the mailing list BEFORE next week's call. I would like to
finish this next week.
Lorrie
Section 4 of the latest p3p1.1 wd
http://www.w3.org/TR/2004/WD-P3P11-20040210/#compact_policies
describes compact policies.
The first paragraph of 4. currently states:
Compact policies are summarized P3P policies that provide hints to
user agents to enable the user agent to make quick, synchronous
decisions about applying policy. Compact policies are a performance
optimization that is OPTIONAL for either user agents or servers. User
agents that are unable to obtain enough information from a compact
policy to make a decision according to a user's preferences SHOULD
fetch the full policy.
I propose changing it to say:
Compact policies are summarized P3P policies that provide hints to
user agents to enable the user agent to make quick, synchronous
decisions about applying policy to cookies. Compact policies are a
performance optimization that is OPTIONAL for both user agents and
servers. They represent only a summary of a site's full P3P policy for
a cookie; the full P3P policy is the authoritative statement of
policy. However, a site MUST make compact policy statements in good
faith. User agents that are unable to obtain enough information from
a compact policy to make a decision according to a user's preferences
SHOULD fetch the full policy.
User agents that use compact policies as part of their decision making
MUST include a mechanism that allows users to determine that a
particular decision was made based on a compact policy and to view
that compact policy. However, user agents that provide general
information about a site's P3P policies to users MUST use the full P3P
policy and MUST NOT use the compact policy for this purpose.
I propose adding a section 4.2.10 Compact STATEMENT
The STATEMENT element is represented in compact policies using the
curly brace { } symbols. The { represents the opening STATEMENT tag
and the } represents the closing statement tag.
The syntax of the compact statement corresponds to the syntax of the
full statement. Unless it surrounds a compact NON-IDENTIFIABLE
element, each pair of braces MUST surround one compact RETENTION
element and at least one of each of the following compact elements:
PURPOSE, RECIPIENT, and CATEGORIES. Alternatively, a pair of braces
may surround a compact NON-IDENTIFIABLE element; optionally any of the
PURPOSE, RECIPIENT, and CATEGORIES elements; and optionally a RETENTION
element.
A compact policy that has an improperly matching pair
of curly braces or is missing one of the required statement elements
MUST be treated as if no curly braces are present.
A compact policy may contain one or more statements. A compact policy
with no {} elements is considered to have a single implied statement
element.
[BNF]
Section 4.5, fourth paragraph, change MUST to MAY (as in "All of the
purposes, recipients, and categories that appear in multiple
statements in a full policy MAY be aggregated in a compact policy...."
Section 4.5 give two examples of valid translations. In addition to
the one currently given, add:
"NON DSP { ADM DEV PSD OUR IND PRE NAV } { IVDo OUR STP PHY PRE UNI }"
Section 4.6 Transforming a Compact Policy to a P3P Policy should be
dropped.
Received on Wednesday, 24 March 2004 15:25:31 UTC