- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 21 Mar 2001 23:24:15 -0500
- To: <www-mobile@w3.org>
- Cc: <w3c-p3p-specification@w3.org>
The P3P Specification Working Group has reviewed the CC/PP last call working draft. We have a few comments we would like you to consider. P3P is listed in Appendix A.2 Abbreviations -- but there is no mention of P3P anywhere else in the spec. It would be relevant to mention P3P where privacy concerns are discussed, and perhaps in other places as well. Somewhere in this spec it should probably mention that CC/PP vocabulary elements can also be represented in a P3P data set -- with an explanation as to how. You might also note that both P3P and CC/PP involve comparisons of preferences and policies. Typically P3P would have the client do the comparison and CC/PP would have the server do the comparison, but we could imagine other scenarios. Perhaps CC/PP could be used to facilitate sending P3P user preferences to servers (this in and of itself raises privacy concerns, but with the user's permisison, this could potentially be useful). In appendix F there is a discussion of HTTP request processing. It would be good to discuss how CC/PP would fit in here when P3P is used as well. There's no one right answer, but some guidelines and/or an example might be useful. Regards, Lorrie Cranor P3P Specification Working Group Chair
Received on Wednesday, 21 March 2001 23:25:14 UTC