- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 19 Apr 2006 12:55:18 +0200
- To: "Nguyen Viet Ha" <HaNV@fsoft.com.vn>
- Cc: www-p3p-dev@w3.org
- Message-Id: <200604191255.19442@rigo>
Am Wednesday 19 April 2006 12:09, sprach Nguyen Viet Ha: > Is there any chance that P3P compact policy headers could be added to > the site as part of this work? It basically involves adding a single > HTTP header to each page as it is served out which says something like: > > P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" As I said in my previous email. This is only the compact header. It can't stand alone and there MUST be a full policy for conformance with the P3P Specification. This can be done using the well-known location ($DOCUMENTROOT/w3c/p3p.xml) or by adding the location of the Policy Reference File to the P3P Header: P3P: policyref="http://www.w3.org/2001/05/P3P/p3p.xml" CP="...." > I attempt to verify whether a simple line of code in a header would > solve cookie issues. It is dangerous to do "make IE happy" policies as this might engage your liability. In fact, if the real data handling practices differ from the policy announced, this might be considered lying and can trigger liability. > > Can a compact policy statement code in a header stand alone as the > privacy policy in an application, or it will need the other XML and text > policies to reference to? It needs the other info to display the policy correctly to the user. AND the server MUST have the XML policy to claim conformance to P3P. Best, -- Rigo Wenning W3C/ERCIM Staff Counsel Privacy Activity Lead mail:rigo@w3.org 2004, Routes des Lucioles http://www.w3.org/ F-06902 Sophia Antipolis
Received on Wednesday, 19 April 2006 10:57:45 UTC