- From: Greg Hampson <gregham@microsoft.com>
- Date: Tue, 15 May 2001 10:22:54 -0700
- To: "Neil Durrant" <info@affiliatemarketing.co.uk>
- Cc: "www-p3p-policy" <www-p3p-policy@w3.org>, "Rigo Wenning" <rigo@w3.org>
This site contains information about the IE 6 public preview implementation: http://msdn.microsoft.com/workshop/security/privacy/ie6privacyfeature.as p GH -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: Tuesday, May 15, 2001 9:40 AM To: Neil Durrant Cc: www-p3p-policy Subject: Re: P3P/IE6 and cookies On Mon, May 14, 2001 at 02:57:22PM -0400, Neil Durrant wrote: > Hi, > > I wonder if anyone on this list can offer a little assistance? That's what this list and www-p3p-dev@w3.org are for. Please see also the archives[0]. > > I'm trying to get to grips with IE6 implementation of The Platform for > Privacy Preferences Project and it's handling of cookies. > > I've spent ages looking through relevant documentation and keep coming > up with conflicting data or information that I'm unsure can be deemed > as 100% reliable but.. From all I heard, IE6 implements the compact policies as defined by the P3P Specification[1]. So it should be clear, what IE6 does. If IE6 is behaving differently, it would be great, if you would report this back to the this list (or www-p3p-dev@w3.org). > > I believe IE6 is compliant with The Platform for Privacy Preferences > Project (P3P) - http://www.w3.org/P3P/ As said, the privacy features claim to be an implementation of the compact policies. > > The most worrying comment I have seen is that - > > "If a site doesn't put up a compliant privacy policy at the site, P3P > complaint browsers (such as IE6) will automatically refuse cookies > from them unless the surfer changes the default settings for IE6 - an > unlikely proposition." > > Unsure if this statement is 100% accurate and I really needed to > ascertain if this is the case? I think, they refer to the safe-zone behaviour as described in the P3P Specification. If a P3P-Client does not find a P3P-Policy or if there is a mismatch to the preferences, the client should remain in the "safe-zone" - state and not send out unnecessary data. (e.g. referer, cookies etc) What you are concerned about are the default preferences. The P3P Specification requires, that a user agent has to openly document a mecanism to import preferences (or use APPEL-Language[2]). I assume from your mailaddress, you're asking yourself the question from a UK-perspective. The UK has implemented the European Data Protection Directive. If you follow those rules and express them in the compact policies, I would be surprised to find a cookie blocked. Perhaps, you should contact your data protection authority to help you implementing P3P on your site. If you look for further information on how to implement P3P compact policies on your Web-Server, please have a look at the Server Implementation Guide[3] written by Martin Presler-Marshal from IBM. To write a policy, it might help you to use the P3P Policy Editor[4] Best, Rigo Wenning W3C/INRIA Policy Analyst Privacy Activity Lead mail:rigo@w3.org 2004, Routes des Lucioles +33 (0)6 73 84 87 31 F-06902 Sophia Antipolis http://www.w3.org/ > > Can anyone throw anymore light on this? > > Neil Durrant > www.AffiliateMarketing.co.uk 0. http://lists.w3.org/Archives/Public/www-p3p-policy/ 1. http://www.w3.org/TR/P3P/#compact_policies 2. http://www.w3.org/TR/P3P-preferences 3. http://www.w3.org/TR/p3pdeployment 4. http://www.alphaworks.ibm.com/tech/p3peditor
Received on Tuesday, 15 May 2001 13:23:51 UTC