- From: Rigo Wenning <rigo@w3.org>
- Date: Tue, 4 May 2004 18:45:17 +0200
- To: public-p3p-spec@w3.org
- Cc: Lorrie Cranor <lorrie@cs.cmu.edu>, Mark Nottingham <mark.nottingham@bea.com>
Received on Tuesday, 4 May 2004 13:14:03 UTC
Am Monday 03 May 2004 20:34 verlautbarte Lorrie Cranor : > > > >> P3P 1.0 was designed to associate XML-encoded privacy policies with > >> URIs, sets of URIs, or cookies. P3P 1.0 it well suited for use with > >> HTML and XHTML content transmitted over [HTTP] . > > > > I think this would be better stated as: > > > >> P3P 1.0 was designed to associate XML-encoded privacy policies with > >> data submitted to Web resources, which are identified by URIs or > >> bound to cookies. > > I think the word "submitted" is too limiting, as P3P also covers log > data that is created as a result of a transaction but might not really we associate some URI with a certain privacy behavior, NOT with data. As Lorrie said, some of the data is generated directly over there: P3P 1.0 was designed to associate XML-encoded privacy policies with URI's describing the privacy impact of the Web resources behind those URI's. Talking about "data" is too dangerous IMHO as people will mix that up with the data schemata in the policy.. This is NOT what we mean. We can describe the data in the POST, as we have a data schema for that. The violation of attaching a P3P Policy to a set of data happens on the protocol level. "I send a policy over the wire to force someone to apply it" is is what we want to avoid. Best, Rigo
Received on Tuesday, 4 May 2004 13:14:03 UTC