- From: Rigo Wenning <rigo@w3.org>
- Date: Thu, 31 Jan 2002 13:49:30 +0100
- To: Mark Gangi <markg@mail.com>
- Cc: www-p3p-policy@w3.org
On Wed, Jan 30, 2002 at 05:13:21PM -0500, Mark Gangi wrote: > I am working on a portal site for our employees, some of the sites that > we link to drop cookies. It depends.. If you have only links on your portal site, your users have to click on the link to get to those sites. If IE6 then drops cookies, that's just default behavior. If you include third party sites in frames, it is different. In this case, even first party cookies from those sites become third party cookies... > IE6 sees these as 3rd party cookies, so with > the default security settings in place, my end users can't access these > sites. They can access the site, but the cookies are blocked. If the access needs cookies enabled. You could write them an email to encourage them to implement P3P. > Can I create a p3p file on my site that will allow 3rd party > cookies to be dropped, or is the only way to get around this to have > these 3rd party sites become p3p compliant (something that I don't have > any control over)? As a mesure of security, the policy-reference file (the file that indicates which policy applies to which resource) can only contain URI's relative to the host the file is sitting on. So you can't declare a policy for a third party. You have to control the host to be able to set the policy. So the only way here is to convince the third party-sites to use P3P. Otherwise, you would have to set the privacy-level to very low on all browsers as this way, no cookies are blocked anymore. But this also means, that the privacy protection is disabled. > My boss is itching for an answer, any help will be > appreciated. Hope this helps. -- Rigo Wenning W3C/INRIA Policy Analyst Privacy Activity Lead mail:rigo@w3.org 2004, Routes des Lucioles http://www.w3.org/ F-06902 Sophia Antipolis
Received on Thursday, 31 January 2002 07:51:32 UTC