- From: Rigo Wenning <rigo@w3.org>
- Date: Tue, 3 Oct 2000 11:22:59 +0200
- To: www-p3p-policy@w3.org
----- Forwarded message from Fiona Walsh <Fiona.Walsh@avenuea.com> ----- Date: Mon, 2 Oct 2000 21:29:27 -0400 (EDT) From: Fiona Walsh <Fiona.Walsh@avenuea.com> To: "'Lorrie Cranor'" <lorrie@research.att.com> Cc: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org> Old-Date: Mon, 2 Oct 2000 18:28:35 -0700 Subject: [Moderator Action] RE: embedded include Lorrie, When we work with an ad network like DoubleClick, their server gets an ad request from a publisher, they redirect the request to our server and then we serve the advertiser's ad. I imagined that the user agent would check the privacy policy for each server that the request gets redirected to. Is this correct? Fiona -----Original Message----- From: Lorrie Cranor [mailto:lorrie@research.att.com] Sent: Monday, October 02, 2000 5:02 PM To: Fiona Walsh; w3c-p3p-specification@w3.org Cc: www-p3p-policy@w3.org Subject: Re: embedded include Note, I'm CCing this to www-p3p-policy, as the questions raised here are the sorts of things we would like to have discussed on this list. I don't know exactly how AvenueA works. If you have contracts directly with content publishers to put embedded images in their content to point to ads on your servers, then it would be appropriate for you to ask those content publishers to post a P3P policy reference file that uses embedded includes and points to a privacy policy on the AvenueA web site. You could also have your own policy reference file in addition to this (which might be useful if not all your content publishers are ready to use P3P just yet). If you are supplying ads to DoubleClick and they are the ones who actually serve the ads and have the contracts with the content publishers, then it would be up to DoubleClick to take care of posting a policy reference file and/or asking content publishers to use embedded includes. Depending on what your arrangement is with DoubleClick, whose privacy policy would be in effect here might vary. I could imagine scenarios where the appropriate privacy policy is one belonging to AvenueA, DoubleClick, or the content publisher. Lorrie ----- Original Message ----- From: Fiona Walsh <Fiona.Walsh@avenuea.com> To: <w3c-p3p-specification@w3.org> Sent: Monday, October 02, 2000 6:07 PM Subject: Re: embedded include > Thanks for your responses. > > I've aggregated all your input and here's the conclusion. > Use embedded includes if; > 1 you have a complex url layout, so it would be impractical to have one > valid PRF on the server itself, > 2 the PRF file at a well know location is going to be too large or have a > high rate of change or > 3 you want performance optimization by eliminating the round trip. > > A 3rd party ad server like AvenueA serves ads a) direct into a publishers > site or b) into an ad network like DoubleClick. > Question: should a 3rd party ad server like AvenueA use "embedded includes"? > Mark Nottingham, Akamai stated that "embedded includes" are not intended to > address situations where there were multiple levels of embedding, like ad > services. > However in the P3P spec., scenario 7 in section 2.5 states that the > publisher (Bigsearch) can use a embedded include to point to the ad servers > P3P policy. > Thoughts? > > Cheers > > ----- End forwarded message -----
Received on Tuesday, 3 October 2000 05:23:27 UTC