- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Mon, 2 Oct 2000 22:54:13 -0400
- To: "Fiona Walsh" <Fiona.Walsh@avenuea.com>
- Cc: <www-p3p-policy@w3.org>
Correct. A P3P user agent should check for a policy every time it gets a redirect. Lorrie ----- Original Message ----- From: Fiona Walsh <Fiona.Walsh@avenuea.com> To: 'Lorrie Cranor' <lorrie@research.att.com> Cc: <www-p3p-policy@w3.org> Sent: Monday, October 02, 2000 9:28 PM Subject: RE: embedded include > Lorrie, > When we work with an ad network like DoubleClick, their server gets an ad > request from a publisher, they redirect the request to our server and then > we serve the advertiser's ad. > I imagined that the user agent would check the privacy policy for each > server that the request gets redirected to. > Is this correct? > Fiona > > -----Original Message----- > From: Lorrie Cranor [mailto:lorrie@research.att.com] > Sent: Monday, October 02, 2000 5:02 PM > To: Fiona Walsh; w3c-p3p-specification@w3.org > Cc: www-p3p-policy@w3.org > Subject: Re: embedded include > > > Note, I'm CCing this to www-p3p-policy, as the questions raised > here are the sorts of things we would like to have discussed on this > list. > > I don't know exactly how AvenueA works. If you have contracts > directly with content publishers to put embedded images > in their content to point to ads on your servers, then it would > be appropriate for you to ask those content publishers to post > a P3P policy reference file that uses embedded includes and > points to a privacy policy on the AvenueA web site. You > could also have your own policy reference file in addition to this > (which might be useful if not all your content publishers are > ready to use P3P just yet). > > If you are supplying ads to DoubleClick and they are the ones > who actually serve the ads and have the contracts with the > content publishers, then it would be up to DoubleClick to > take care of posting a policy reference file and/or asking content > publishers to use embedded includes. Depending on what your > arrangement is with DoubleClick, whose privacy policy would > be in effect here might vary. I could imagine scenarios where > the appropriate privacy policy is one belonging to AvenueA, > DoubleClick, or the content publisher. > > Lorrie > > ----- Original Message ----- > From: Fiona Walsh <Fiona.Walsh@avenuea.com> > To: <w3c-p3p-specification@w3.org> > Sent: Monday, October 02, 2000 6:07 PM > Subject: Re: embedded include > > > > Thanks for your responses. > > > > I've aggregated all your input and here's the conclusion. > > Use embedded includes if; > > 1 you have a complex url layout, so it would be impractical to have one > > valid PRF on the server itself, > > 2 the PRF file at a well know location is going to be too large or have a > > high rate of change or > > 3 you want performance optimization by eliminating the round trip. > > > > A 3rd party ad server like AvenueA serves ads a) direct into a publishers > > site or b) into an ad network like DoubleClick. > > Question: should a 3rd party ad server like AvenueA use "embedded > includes"? > > Mark Nottingham, Akamai stated that "embedded includes" are not intended > to > > address situations where there were multiple levels of embedding, like ad > > services. > > However in the P3P spec., scenario 7 in section 2.5 states that the > > publisher (Bigsearch) can use a embedded include to point to the ad > servers > > P3P policy. > > Thoughts? > > > > Cheers > > > > >
Received on Monday, 2 October 2000 22:58:29 UTC