Re: Compact Policy Interpretation from Lorrie Cranor on 2001-09-20 (www-p3p-policy@w3.org from September 2001)

From: Lorrie Cranor <lorrie@research.att.com>
Date: Thu, 20 Sep 2001 09:43:29 -0400
To: "Schutzer, Daniel M" <daniel.m.schutzer@citi.com>, "w3c-p3p-ig list" <w3c-p3p-ig@w3.org>, <www-p3p-policy@w3.org>
Message-ID: <007c01c141da$3b85b960$9816cf87@barbaloot>

I am copying this response to the www-p3p-policy@w3.org
mailing list, which has been setup to discuss questions like these.
Please direct any followup messages to that mailing list.
To subscribe to that mailing list, email
www-p3p-policy-request@w3.org with "subscribe" in the Subject

A cookie policy is supposed to apply not only to the
cookies themselves, but also to the data linked
to the cookie. See
http://www.w3.org/TR/2000/CR-P3P-20001215/#cookies
for more information.

A compact policy is simply a compact representation of
your full cookie policy (which may be the same as your
regular policy or it may be a policy you just use for cookies).
So develop your full policy first, then simply translate
it into a compact policy.

Regards,

Lorrie Cranor


----- Original Message -----
From: "Schutzer, Daniel M" <daniel.m.schutzer@citi.com>
To: "w3c-p3p-ig list" <w3c-p3p-ig@w3.org>
Cc: <daniel.m.schutzer@citi.com>
Sent: Wednesday, September 19, 2001 8:04 AM
Subject: Compact Policy Interpretation


> Question: The compact policy section of the W3 specs defines the compact
> policy as "summarized P3P policies".  I realize that it also notes that
for
> P3Pv1 "compact policies contain information related to cookies only".  Our
> problem is that some of the elements used in the compact policy are not
> cookie specific.
>
> For example, one of the compact elements is Disputes.  In developing the
> compact policy should we be considering how cookies, or the information
> resident on them, are used in the resolution of disputes.   The Remedies
and
> Access
> elements are also not to clear to us.
>
> For some of the elements it is easier to relate them to cookie usage:
> - Purpose (what are cookies used for)
> - Retention (how long are cookies good for - through session or date
> specific)
> - Recipient (who can access the cookies and the information on them)
> - Categories (type of information resident on the cookie)
> - Non-Identifiable (if identifiable or non-identifiable information is
used
> on
> the cookies)
>
> Even with these elements, we would want to confirm our thoughts. Can
anyone
> help clarify this for us?
>
> Thanks,
>
> Dan Schutzer
>
>

Received on Thursday, 20 September 2001 09:51:21 UTC