- From: Martin Presler-Marshall <mpresler@us.ibm.com>
- Date: Thu, 31 Oct 2002 08:46:08 -0500
- To: Graeme Eastman <graeme@eastman.com.au>
- Cc: www-p3p-policy@w3.org
The IBM P3P Policy Editor will create a compact policy which
aggregates all the statements in the policy. If there's information you
collect on forms which is never associated with the cookies you set, then
this approach will overstate what data is associated with your cookies.
In my experience, most sites will associate all the data they collect
on a form with the cookies they set, which is why our editor behaves that
way.
But you can still use our editor to create a more focused policy:
just remove from the policy the data/purposes/whatever which aren't
associated with your cookies, save it as a different policy, and generate
the compact policy from that.
-- Martin
Martin Presler-Marshall - WebSphere Portal Server Performance & Privacy
E-mail: mpresler@us.ibm.com AIM: jhreingold
Phone: (919) 254-7819 (tie-line 444-7819) Fax: (919) 254-6430 (tie-line
444-6430)
Graeme Eastman
<graeme@eastman.co To: <www-p3p-policy@w3.org>
m.au> cc:
Sent by: Subject: p3p policy and compact policy differences
www-p3p-policy-req
uest@w3.org
10/31/2002 03:01
AM
Am I correct in assuming that a compact policy is only required for
cookies, but a p3p policy applies to all information collected, such as
through forms?
So if a site collects information through both forms and cookies, then we
could create a p3p policy xml file with a number statements covering all
information. But the compact policy would just detail aspects that relate
to the cookies.
I got the impression that some vendor solutions seemed to create a compact
policy from all the statements in a p3p policy, but that could be incorrect
if a site collected some information through forms (as most do).
Cheers,
Graeme Eastman
Eastman Internet
Email: graeme@eastman.com.au http://www.eastman.com.au
Received on Thursday, 31 October 2002 08:47:29 UTC