- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Tue, 20 Nov 2001 23:26:11 -0500
- To: <www-p3p-dev@w3.org>, <www-p3p-policy@w3.org>
The P3P specification working group adopted the following new text to describe the HINT element in the P3P specification. The substantive change is in the attributes of the HINT element. The other changes are simply to make this section more clear. We expect to issue a new specification document that includes a new XML schema in the next few weeks. The only difference between the new and old schema will be the HINT change and the ability to use the extension mechanism in policy reference files. Web sites should not adopt these changes until the new schema is available. We expect that user agents will be able to process policy reference files using either the new or the old schema for some time (but note that IE6 currently does not follow HINTs at all because this was added to the spec after IE6 was released). The new specification will also include a number of other editorial corrections and clarifications, as described at http://jigedit.w3.org/P3PGroup/lorrie/WWW/P3P/updates.html Section 2.3.2.6: Policy reference hints are a performance optimization that can be used under certain conditions. A site may declare a policy reference for itself using the well-known location, the P3P response header, or the HTML link tag. It MAY further provide a hint to additional policy references, such as those declared by other sites. For example, an HTML page might hint at policy references for its hyperlinks, embedded content, and form submission URIs. User agents MAY use the hint mechanism to discover policy reference files before requesting the affected URIs when the policy references are not available from the well-known location. User-Agents which use hints to retrive policies MUST NOT apply them to any site other than the one which contains the hinted policy reference file. Any policy reference file MAY contain zero or more policy reference hints. Each hint is contained in a HINT element with two attributes, scope and path. The scope attribute is used to specify a URI scheme and authority to which the hinted policy reference can be applied. If the authority component [RFC2396] is a server component (e.g., a hostname or IP address) the host part of the authority MAY begin with a wildcard, as defined in Section 2.3.2.1.2. The scope attribute MUST NOT contain a wildcard in any other position, MUST be encoded according to the conventions in Section 2.3.2.1.2, and MUST NOT contain a path, query or fragment URI component. Additionally, if the authority is a server, it SHOULD NOT contain a userinfo part. For example, legal values for scope include: http://www.example.com http://www.example.com:81 http://*.example.com ftp://ftp.example.org The following are illegal values for the scope attribute: http://www.*.com ; the wildcard can only be at the start http://www.example.com/ ; the trailing slash is not allowed www.example.com ; the scheme must be stated *://www.example.com ; the scheme cannot contain a wildcard http://www.example.com:* ; the port cannot contain a wildcard The path attribute is used to locate the policy reference file on the hinted site. It is a relative URI whose base is the URI scheme and authority matched in the scope attribute. The path attribute MUST NOT be an absolute URI, so that the policy reference file is always retrieved from the same site that it is applied to. Example: <hint scope="http://www.example.org" path="/mypolicy/p3.xml" /> <hint scope="http://www.example.net:81" path="/w3c/prf.xml" /> <hint scope="http://*.shop.example.com" path="/w3c/prf.xml" /> hint = '<HINT scope="' scheme ( '://' | ':/' ) authority '" \ path="' relativeURI '/>' here, scheme, authority and relativeURI are taken from RFC2396.
Received on Tuesday, 20 November 2001 23:27:32 UTC