Re: P3P editor from Lorrie Cranor on 2002-07-12 (www-p3p-policy@w3.org from July 2002)

From: Lorrie Cranor <lorrie@research.att.com>
Date: Fri, 12 Jul 2002 09:07:50 -0400
To: "Rachel McEneaney" <rmce@Softchoice.com>, <www-p3p-policy@w3.org>
Message-ID: <002c01c229a5$207c87d0$9816cf87@barbaloot>

There is only one well-known location and no conflicting
information in any of the documents you cited. The well-known
location is at /w3c/p3p.xml

Sites have the option of placing that file at another location and
referencing it in their P3P headers (as in example 2.1). Unless
you have a good reason to do this, you should just use the
well-known location.

Lorrie


----- Original Message ----- 
From: "Rachel McEneaney" <rmce@Softchoice.com>
To: <www-p3p-policy@w3.org>
Sent: Friday, July 12, 2002 8:39 AM
Subject: RE: P3P editor


I'm in the process of setting up a P3P policy.  Does anyone know what is
currently the best practice or standard "Well-known location" for
policies are? I've come across conflicting guidelines for locating the
policy reference file (some finds are listed below).

Please and thanks,
Rachel

  _____  

Main Resource Guidelines for locating policy reference files state:

1. According to The platform for privacy preferences 1.0 (P3P1.0)
Specification. W3C Recommendation 16 April 2002.
(http://www.w3.org/TR/P3P/ <http://www.w3.org/TR/P3P/> )

Section 2.2.1 Well-Known Location
"...well-known" location a policy reference file would be made
available on the site at the path /w3c/p3p.xml."


2. According to The platform for privacy preferences 1.0 (P3P1.0)
Specification. W3C Recommendation 16 April 2002.
(http://www.w3.org/TR/P3P/ <http://www.w3.org/TR/P3P/> )

Example 2.1
2. Server returns content and the P3P header pointing to the
policy of the resource.
HTTP/1.1 200 OK
P3P:
policyref="http://catalog.example.com/P3P/PolicyReferences.xml"
Content-Type: text/html
Content-Length: 7413
Server: CC-Galaxy/1.3.18



3. 
According to The platform for privacy preferences 1.0 (P3P1.0)
Specification. W3C Recommendation 16 April 2002.
(http://www.w3.org/TR/P3P/ <http://www.w3.org/TR/P3P/> )






2.3.1 Example Policy Reference File

1. P3P policy /P3P/Policies.xml#first applies to the entire
site, except resources whose paths begin with /catalog, /cgi-bin, or
/servlet. 
2. P3P policy /P3P/Policies.xml#second applies to all
resources whose paths begin with /catalog. 
3. P3P policy /P3P/Policies.xml#third applies to all
resources whose paths begin with /cgi-bin or /servlet, except for
/servlet/unknown. 


4. According to The P3P Implementation Guide By Laurel Jamtgaard*
and the Internet Education Foundation  (http://www.p3ptoolbox.org/guide/
<http://www.p3ptoolbox.org/guide/> )    

Section IV: 
P3P Policy Reference File (p3p.xml)     

"Location: The file should be placed in the /w3c directory on
the server (called the Well-known location) and named .p3p.xml"


5. According to The Platform for Privacy Preferences 1.0 Deployment
Guide [W3C Note 11 February 2002]
(http://www.w3.org/TR/p3pdeployment#Locating_PRF
<http://www.w3.org/TR/p3pdeployment#Locating_PRF>  ). 

2.3 Locating The Policy Reference File 
"...Place the a policy reference file in the "well-known
location" (at the location /w3c/p3p.xml on the site) "

Received on Friday, 12 July 2002 09:16:59 UTC