- From: Martin Presler-Marshall <mpresler@us.ibm.com>
- Date: Wed, 19 Sep 2001 10:01:46 -0400
- To: "Lars Nyman" <larsnyman@14designs.com>
- Cc: <www-p3p-policy@w3.org>
What you've got here is two conflicting policy reference files. Each one declares a policy which covers all cookies on the site...this is a bad thing. P3P's non-ambiguity rules require that the site only declare one policy for a given cookie or URL. Now, let's assume that the two policy reference files weren't conflicting. Imagine that the main site sets one cookie on every single page under mall.example.com, and the shoe store sets a second cookie for its pages. Imagine further that the two policy reference files differentiate this correctly, perhaps by naming the cookies to include or exclude. In this case, the user-agent would need to consult both policy reference files in order to find the policy for the two cookies. -- Martin Martin Presler-Marshall - Program Manager, Privacy Technology E-mail: mpresler@us.ibm.com AIM: jhreingold Phone: (919) 254-7819 (tie-line 444-7819) Fax: (919) 254-6430 (tie-line 444-6430)
Received on Wednesday, 19 September 2001 10:02:22 UTC