Re: form action uri parameters matching from Lorrie Cranor on 2002-07-11 (www-p3p-dev@w3.org from July 2002)

From: Lorrie Cranor <lorrie@research.att.com>
Date: Thu, 11 Jul 2002 09:40:26 -0400
To: "Elena" <elena.dasseni@txt.it>, <www-p3p-dev@w3.org>
Message-ID: <00bc01c228e0$b04e44e0$9816cf87@barbaloot>

Yes, the parameter order counts. A P3P parser is not expected
to have semantic knowledge about the strings within an <INCLUDE> --
it's just doing string comparisons. If the parameters are in a different
order than the string comparison will not result in a match.

In general, as explained in section 2.3.2.1.1, the first POLICY-REF
that matches is the one that applies.

Lorrie

----- Original Message -----
From: "Elena" <elena.dasseni@txt.it>
To: <www-p3p-dev@w3.org>
Sent: Thursday, July 11, 2002 6:14 AM
Subject: form action uri parameters matching


Hi,
    I've got a question on the the following paragraph, concerning the
comparison of an action URI with parameters and the URI specified in the
<INCLUDE> (<EXCLUDE>) node of a policy reference file:

Note that if a form is handled through use of the GET method, then the
action URI reflects the choice of form elements selected by the user. In
some cases, it will be possible to make use of the wildcard syntax allowed
in policy reference files to specify different policies for different uses
of the same form action-handler URI. Therefore, user agents MUST include the
query-string portion of URIs when making comparisons with INCLUDE and
EXCLUDE elements in policy reference files.

 I've got a questioLet's suppose that, when clicking the submit button of
the form, the request is the following:

http://host/URI?name=Elena&surname=Dasseni&city=Milan

 Let's also suppose we have the following PRF at http://host/w3c/p3p.xml :


<META xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY-REFERENCES>
    <EXPIRY max-age="86400"/>
    <POLICY-REF about=http://www.website.com/policy1.xml>
        <INCLUDE>/URI?*surname=*&name=*</INCLUDE>
    </POLICY-REF>
    <POLICY-REF about=http://www.website.com/policy2.xml>
        <INCLUDE>/URI?*name=*&surname=*&city=*</INCLUDE>
    </POLICY-REF>
</POLICY-REFERENCES>
</META>

 Both My doubts are:

1) does the parameters order count?If so, then I should say the first
INCLUDE does not match.
2) if not, then both the INCLUDEs match: shall I apply the rule that the
first POLICY-REF node matching the request URI has to be taken into account,
and do not consider the second policy-ref, or shall I apply the second
one,which is more precise?

Thank you very much.

elena

Received on Thursday, 11 July 2002 09:50:43 UTC