- From: Martin Presler-Marshall <mpresler@us.ibm.com>
- Date: Tue, 18 Sep 2001 08:14:15 -0400
- To: Rigo Wenning <rigo@w3.org>
- Cc: www-p3p-policy@w3.org
Lars asked:
> Assume a user agent is retrieving an html entity by fetching a URI and
that
> a cookie is set by that html entity when it is returned by the server.
>
> I am curious about how many policies may potentially apply in this
situation
> and how a user agent must determine which policy, or policies, applies.
> Reading the P3P1.0 spec, I have come to the conclusion that two separate
> policies may apply in this situation - one policy for the URI itself, and
> another policy for the cookie being set when the entity referenced by the
> URI is returned. Is this correct?
Yes, this is correct.
> If my conclusion is correct, that two separate policies may apply, that
> would then imply that two different policy reference files may apply. So
my
> second question is: must a user agent go through the same mechanisms
twice
> (as described in section 2.2) in order to locate the two policy
reference
> files?
No. A single policy reference file can cover a URI and a cookie with
seperate policies.
-- Martin
Martin Presler-Marshall - Program Manager, Privacy Technology
E-mail: mpresler@us.ibm.com AIM: jhreingold
Phone: (919) 254-7819 (tie-line 444-7819) Fax: (919) 254-6430 (tie-line
444-6430)
Received on Tuesday, 18 September 2001 08:15:07 UTC