- From: Nguyen Viet Ha <HaNV@fsoft.com.vn>
- Date: Fri, 14 Apr 2006 19:41:35 +0700
- To: <www-p3p-dev@w3.org>
- Message-ID: <2AAB52AC4DF8FB4B801C5B174D3BA2FB1F3BC4@fsoft-email03.fsoft.fpt.vn>
I have been trying to understand what is involved with P3P and I was dubious about whether a single line of code in a header would solve any problem, and even worse, if its insertion would open a whole can of compliance worms. >From what I've read regarding P3P there are 3 levels of policy: 1. Compact policy - that can be inserted into a header for example - I think this is what eGS have suggested. 2. XML policy for machine reading (which can be referenced on each page, modified for each page, or modified for sections) 3. Text policy for human readability I understand that P3P is good practice and not a technical nor legal requirement, but, What needs clarification is - I understand that even though our system is JSP we can still include the required HTTP declaration in a header. - is that right? - Is there a genuine technical requirement to have a P3P policy, compact or otherwise, ie: will it be a significant benefit to our system? - Can a compact policy statement code in a header stand alone as the privacy policy in an application, or it will need the other XML and text policies to reference to? - If a line of code can stand alone in the headers - what should that code be? (verify the code Gareth Boden has suggested) - Will the line of code impact in others ways - new accessibility issues for eg: other browser problems / user agents. How much back testing will be involved?
Received on Friday, 14 April 2006 20:51:38 UTC