- From: <graeme@i7.com.au>
- Date: Thu, 8 Nov 2001 13:06:21 +1100
- To: www-p3p-policy@w3.org
Our banner advertising company has contacted us about implementing P3P for ou ads which is nice. We were going to implement P3P anyway so this is a nice way to kill 2 birds with 1 stone. However, our ad company wants us to send them the PRF, CP and full P3P policy which I find a bit odd. Since the ad company is going to have to send the CP in the headers anyway, is it feasible for them to point to the PRF on our servers so we can host both that and the full policy document ourselves? I haven't read to much about 'cross-domain' P3P stuff. Also, in that case would it also be feasible to then place a <HINT> tag in our PRF to point back to the ad company's PRF which indicates our privacy policy applies to their ads. Does IE6 know about and follow these hints? So to summarise... Us: i7.com.au Ads: i7ads.adplace.com (name changed for some sort of protection) i7ads.adplace.com sends header policyref="http://i7.com.au/w3c/p3p.xml", CP="XX XX XX XX XX" i7.com.au PRF contains <HINT domain="i7ads.adplace.com" path="/w3c/p3p.xml"> Have I got this right? Can anyone give me a hint as to what the PRF for i7ads.adplace.com might contain in order to say that their ads use our privacy policy? This is an expanded version of Scenario 3 in Sept 2001 P3P draft. Since it's a commercial ad hosting company I suspect that there is actually more to this since the data collected is used for purposes other than serving ads and therefore the ad company must create its own P3P policy and serve that with the ads. This is basically Scenario 7 in the draft. Have I missed anything? Oh how is this going to affect legacy cookies in IE6 since the ad cookies expire in 2004? Cheers, Graeme
Received on Wednesday, 7 November 2001 21:06:42 UTC