Section 4.5

I am trying to understand how policies apply and how to develop correct
compact policies.  However, section 4.5 is somewhat confusing to me and
doesn't correspond to my current understanding.  Perhaps someone could
clarify a few things.

---------
Section 4.5 states: "When using P3P compact policies, the web site is
responsible for building a compact policy by summarizing the policy
referenced by the COOKIE-INCLUDE elements of a P3P policy."

Shouldn't that be "...the COOKIE-INCLUDE elements of a P3P policy reference
file."
And since multiple cookie policies can apply for a single response, perhaps
even "...summarizing the policies referenced by the COOKIE-INCLUDE elements
of a P3P policy reference file."
---------
Section 4.5, 2nd paragraph: "If a site's policy uses COOKIE-EXCLUDE elements
then the site will need to manage sending the correct P3P compact policies
to the user agent given the cookies set in a specific response."

First, shouldn't it be "If a policy reference file uses COOKIE-EXCLUDE
elements...".
Second, this sentence seems to express that a COOKIE-EXCLUDE element in a
policy reference file, or the cookies set in a specific response, can
*directly* affect the compact policy to be sent.
I thought the compact policy represented the cookie policy/cookie policies
that apply to a specific response.  Therefore I had thought COOKIE-EXCLUDE
elements, and cookies set in a specific response, only indirectly affect the
compact policy to be sent.
---------
Section 4.5, 3rd paragraph: "In addition to the COOKIE-EXCLUDE elements,
other information from the full policy is discarded when building a compact
policy."

Again, it seems to say that COOKIE-EXCLUDE elements exist in a policy.  I
thought COOKIE-EXCLUDE elements only existed in a policy reference file and
helped determine which cookie policy actually applies and that
COOKIE-EXCLUDE element had nothing to do with the policy itself.
---------

Lars

Received on Thursday, 20 September 2001 14:08:08 UTC