W3C home > Mailing lists > Public > www-p3p-policy@w3.org > March 2002

Re: Non linked 3rd party cookie acceptance

From: Walter Deane <walter.deane@iconmedialab.com.au>
Date: Mon, 18 Mar 2002 13:19:21 +1100
To: www-p3p-policy@w3.org
Message-Id: <8EDC979F-3A16-11D6-B778-003065C00F46@iconmedialab.com.au>
The compact policy that is generated by IBM's editor will erroneously 
include multiple elements with conflicting meanings because it it 
creates a policy that is generated from all of your groups.

The process I follow is to first create my cookie policy and export the 
cp. Then I create my policy for the other areas of my site and combine 
them into a single policy file. This gets by the bug in the IBM editor. 
 From my readings, the cp is only related to cookies so the fact that it 
doesn't take in consideration other elements is fine.

Also if some of your cookies have different policies, The most 
"offensive" cookie policy must be sent as the header for a given page. I 
don't think there is anything that prevents you from having multiple 
policies for different cookies. The only technical drawback is you will 
not be able to use a sitewide header for your p3p and will have to 
resort to using a page by page solution since you can't send 2+ p3p 

The cp is also optional but required because of IE's implementation if 
it processed the cookies properly from the xml then it wouldn't be 
necessary to do all of this hoop-jumping.

On Tuesday, March 12, 2002, at 06:00  AM, Lorrie Cranor wrote:

> P3P allows you to seperately declare policies
> for the URLs and cookies on your site. The full
> policy you have for cookies should match the
> compact policy, but it doesn't have to be the
> same policy as you have for the URLs on your site.
> Lorrie
> ----- Original Message -----
> From: "Tim Money" <Tim.Money@staff.virgin.com>
> To: <www-p3p-policy@w3.org>
> Sent: Friday, March 08, 2002 12:02 PM
> Subject: Non linked 3rd party cookie acceptance
>> Hi,
>> I would just like a confirmation on the best way to imlpement 
>> accepteable
>> 3rd party cookie accepteable compact poilcies.  I used the IBM policy
> editor
>> to create a policy and compact policies and everything worked fine, 
>> but I
>> didnt details non cookie data collection in the main policy.  Now 
>> that I
>> have done this and generated the files, the extra entries in the 
>> compact
>> policy cause the cookie to be blocked.
>> We dont use cookies in any conjunction with our database or other data
>> collection methods, and only use cookies for tracking user experience 
>> etc,
>> so to solve the blocking issue do I
>> a)    Use the shorter full policy and compact policy, which doesnt 
>> detail
>> our collection of data with our database.  (but doesnt this deviate 
>> from
> the
>> purpose of the main policy of declaration of use to the user)
>> b)    Use the detailed full policy and the shorter compact policy, 
>> which
>> doesnt have any information about the non cookie related data 
>> collection
>> (does this cause any issues with using a privacy policy which only half
>> relates to the compact policy)
>> Any help would be gratefully recieved.
>> Tim
     Walter Deane
     Web Programmer
Email walter.deane@iconmedialab.com.au
Telephone +61 2 9968 3933
Facsimile +61 2 9960 7333

     Icon Medialab Australia Pty Ltd
     44 Avenue Road
Received on Sunday, 17 March 2002 21:20:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:42:54 UTC