- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Thu, 23 Aug 2001 20:39:25 -0400
- To: "Ben Wright" <Ben_Wright@compuserve.com>, "P3P Policy" <www-p3p-policy@w3.org>
Section 4.5 of the specification says that full policies that include mandatory extensions must not be represented as compact policies. The DSA token you describe sounds like it would be a mandatory extension. Thus what you describe is a violation of the P3P specification. Regards, Lorrie Cranor P3P Specification Working Group Chair ----- Original Message ----- From: "Ben Wright" <Ben_Wright@compuserve.com> To: "P3P Policy" <www-p3p-policy@w3.org> Sent: Thursday, August 23, 2001 3:45 PM Subject: Disavowing Legal Liability > P3P Policy List: > > I am a lawyer studying Internet Explorer 6's implementation of P3P. > > Web administrators will be reacting to IE 6's P3P implementation as the > browser is rolled out to the market. I am concerned that administrators > will expose themselves to unwarranted legal liability through the > statements they try to make in compact P3P policies. I'm looking for a way > to disclaim liability in compact policies. > > I'm thinking about suggesting that web administrators add the token "DSA" > at the end of their compact policies. DSA is not defined in the P3P > specification, but it would be defined in full P3P policies and elsewhere > as meaning that the web administrator disavows any legal liability > associated with the compact policy. > > I see in the update for P3P specification section 4.2 that "If an > unrecognized token appears in a compact policy, the compact policy has the > same semantics as if that token was not present." > http://www.w3.org/P3P/updates.html > > My question: Suppose a user agent like IE 6 sees, with respect to a > certain cookie, a compact policy that ends with the token "DSA". For > purposes of the user agent's decision on how to handle the cookie, will the > agent simply ignore the DSA token and treat the cookie as it otherwise > would in the absence of the token? It seems to me that the answer should > be yes, but I'm not technically savvy enough to know for sure. > > Is anyone aware of someone doing something like this? > > I would be happy to hear other thoughts anyone wishes to share about this > idea. > > --Ben Wright > ben_wright@compuserve.com > tel 214-403-6642 > http://ourworld.compuserve.com/homepages/Ben_Wright > >
Received on Thursday, 23 August 2001 20:39:17 UTC