- From: Ben Wright <Ben_Wright@compuserve.com>
- Date: Thu, 23 Aug 2001 15:45:55 -0400
- To: P3P Policy <www-p3p-policy@w3.org>
P3P Policy List: I am a lawyer studying Internet Explorer 6's implementation of P3P. Web administrators will be reacting to IE 6's P3P implementation as the browser is rolled out to the market. I am concerned that administrators will expose themselves to unwarranted legal liability through the statements they try to make in compact P3P policies. I'm looking for a way to disclaim liability in compact policies. I'm thinking about suggesting that web administrators add the token "DSA" at the end of their compact policies. DSA is not defined in the P3P specification, but it would be defined in full P3P policies and elsewhere as meaning that the web administrator disavows any legal liability associated with the compact policy. I see in the update for P3P specification section 4.2 that "If an unrecognized token appears in a compact policy, the compact policy has the same semantics as if that token was not present." http://www.w3.org/P3P/updates.html My question: Suppose a user agent like IE 6 sees, with respect to a certain cookie, a compact policy that ends with the token "DSA". For purposes of the user agent's decision on how to handle the cookie, will the agent simply ignore the DSA token and treat the cookie as it otherwise would in the absence of the token? It seems to me that the answer should be yes, but I'm not technically savvy enough to know for sure. Is anyone aware of someone doing something like this? I would be happy to hear other thoughts anyone wishes to share about this idea. --Ben Wright ben_wright@compuserve.com tel 214-403-6642 http://ourworld.compuserve.com/homepages/Ben_Wright
Received on Thursday, 23 August 2001 15:47:08 UTC