- From: Martin Presler-Marshall <mpresler@us.ibm.com>
- Date: Wed, 19 Sep 2001 10:01:46 -0400
- To: "Lars Nyman" <larsnyman@14designs.com>
- Cc: <www-p3p-policy@w3.org>
What you've got here is two conflicting policy reference files. Each
one declares a policy which covers all cookies on the site...this is a bad
thing. P3P's non-ambiguity rules require that the site only declare one
policy for a given cookie or URL.
Now, let's assume that the two policy reference files weren't
conflicting. Imagine that the main site sets one cookie on every single
page under mall.example.com, and the shoe store sets a second cookie for
its pages. Imagine further that the two policy reference files
differentiate this correctly, perhaps by naming the cookies to include or
exclude. In this case, the user-agent would need to consult both policy
reference files in order to find the policy for the two cookies.
-- Martin
Martin Presler-Marshall - Program Manager, Privacy Technology
E-mail: mpresler@us.ibm.com AIM: jhreingold
Phone: (919) 254-7819 (tie-line 444-7819) Fax: (919) 254-6430 (tie-line
444-6430)
Received on Wednesday, 19 September 2001 10:02:22 UTC