Re: Questions

> 1.How could user apply APPEL ruleset to extend browsers security
> preferences and is there any browsers supporting APPEL? I ve seen
> P3P issues in Internet Explorer, but there was no words abt APPEL.

IE6 and Netscape 7 P3P implementations currently do not
support APPEL. The AT&T Privacy Bird supports a limited
version of APPEL. The JRC proxy supports APPEL.

> 2. Our server is a distance learning college and the information collected
> is students answsers to tests, their grades and everything like that.
> Should we mention it in our policies, and if we should to what kind
> of data collected (in P3P spec) it refers?

Certainly this should be mentioned -- every type of data
you collect should be mentioned. I think the answers to test
questions could be considered as "interactive" or "content" data
(probably both). As far as test scores and grades go... do
you every ask the users to tell you their grades? Or do you
just generate them as a result of the student submitting
a test. If you never collect the grade directly, you probably
don't need to make an explicit declaration that you collect it.
If you do collect the grade, you may need to declare it
as "other-category" with an explicit explanation
that this refers to test scores and grades. I don't like to advise
people to use the other-category category, but in this
case I don't see another category that would fit (does
anybody else?).

> 3. There are three methods of setting up P3P - well known localtion,
> link tag, HTTP headers - are they all-sufficient or they are should be
> used in conjunction?

Unless you have a good reason not to, you should
just use the well-known location.

Regards,

Lorrie Cranor

--
Lorrie Faith Cranor - http://lorrie.cranor.org/
P3P Specification Working Group Chair - http://www.w3.org/p3p/
New book: Web Privacy with P3P - http://p3pbook.com/

Received on Monday, 12 August 2002 13:18:03 UTC