- From: Matthias Schunter <mts@zurich.ibm.com>
- Date: Fri, 13 Dec 2002 16:04:27 +0100
- To: <public-p3p-ws@w3.org>
- Cc: wmi@zurich.ibm.com, evh@zurich.ibm.com
SCOPE A P3P policy should make clear what recipient is allowed to perform what purpose on which data element. In addition, it should define what data can be collected, whether it needs to be anonymized at collection, and how long can it be retained. Unfortunately, the P3P specification only describes the meaning of a policy that restricts itself to the most primitive case. Complicated cases, like conflicts, are not sufficiently addressed. The following issues should be clarified: - Overlapping Statements: What is the meaning of overlapping statements In particular if some have opt-in opt-out, some haven't. - Meaning of non-identifiable: It is unclear what an non-identifiable element means. RESOURCES - Matthias Schunter - Review and proposed changes to the spec. - Aiming at an addenum to 1.0 that clarifies these issues. -- Dr. Matthias Schunter <mts (at) zurich.ibm.com> --- IBM Zurich Research Laboratory, Ph. +41 (1) 724-8329 Fax +41-1-724 8953; More info at www.semper.org/sirene PGP Fingerprint 989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Friday, 13 December 2002 10:54:44 UTC