- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Tue, 31 Jul 2001 22:16:16 -0400
- To: <w3c-p3p-specification@w3.org>, <www-p3p-dev@w3.org>, <www-p3p-policy@w3.org>
The P3P specification working group is considering a change to seciton 2.3.2.7 of the P3P spec, and we would like feedback from implementers and web sites. This is the part of the spec that pertains to COOKIE-INCLUDE and COOKIE-EXCLUDE elements. The current syntax for COOKIE-INCLUDE looks like: <META xmlns="http://www.w3.org/2000/12/P3Pv1"> <POLICY-REFERENCES> <POLICY-REF about="/P3P/Policy1.xml"> <COOKIE-INCLUDE>* * *</COOKIE-INCLUDE> </POLICY-REF> </POLICY-REFERENCES> </META> The proposed new syntax looks like: <META xmlns="http://www.w3.org/2000/12/P3Pv1"> <POLICY-REFERENCES> <POLICY-REF about="/P3P/Policy1.xml"> <COOKIE-INCLUDE name="Cookie1" value="FOO" domain=".example.com" path="/servlet"/> </POLICY-REF> </POLICY-REFERENCES> </META> This is a change from space-delimeted PCDATA to attributes. In addition we are proposing to add the ability to match on cookie values, not just name, domain, and path. This change should make it easier to assign different policies to cookies based on their values, for example a different policy to an opt-out cookie than to a userid cookie (even if the same cookie name is used). The COOKIE-INCLUDE element would now have four attributes. A COOKIE-INCLUDE element applies to a given cookie if the values given in the COOKIE-INCLUDE match the corresponding components of the cookie. The name attribute of COOKIE-INCLUDE is compared to the NAME portion of the cookie. The value attribute of COOKIE-INCLUDE is compared to the VALUE portion of the cookie. The domain attribute is compared to the contents of the domain attribute on the cookie. The path attribute is compared to the path attribute on the cookie. The cookie specification states default values for the domain and path attributes of cookies; these should be used in the comparison if those attributes are not found in a specific cookie. All four attributes of the COOKIE-INCLUDE element are optional. If an attribute is absent, the COOKIE include will match cookies that have that attribute set to any value. Please let us know if you have any comments or concerns about this by August 6. If you find this change particularly useful for you, please let us know that too. Lorrie Cranor P3P Specification Working Group Chair
Received on Tuesday, 31 July 2001 23:02:22 UTC