- From: Lorrie Cranor <lorrie+@cs.cmu.edu>
- Date: Thu, 2 Nov 2006 07:04:23 -0500
- To: almhe@ida.liu.se
- Cc: www-p3p-policy@w3.org
Right, I think that would work. Lorrie On Nov 2, 2006, at 4:11 AM, Almut Herzog wrote: > > Lorrie Cranor wrote: > >>> Web sites can advertise their certifications using a disputes >>> element. >>> You can create an APPEL file that looks for sites with particular >>> certifications. > > > So the web site states that they are BBB-certified in their policy: > >>>>> From the P3P book, p.89: > ... > <DISPUTES resolution-type="independent" > service="http://www.bbbonline.org" short-description="BBBOnline"> > ... > </DISPUTES> > ... > > And user Alice would have the following rule in her privacy policy, > allowing her to request content from web sites that are BBB-certified: > > <appel:RULE behavior="request" description="Site is BBB-certified."> > <p3p:POLICY> > <p3p:STATEMENT> > <p3p:DISPUTES appel:connective="and"> > <p3p:resolution-type="independent"> > <p3p:service="http://www.bbbonline.org"> > </p3p:DISPUTES> > </p3p:STATEMENT> > </p3p:POLICY> > </appel:RULE> > > Is that correct? > > >>> Payment info is not party of the P3P base data schema. The idea all >>> along was that anyone could create a data schema to meet their >>> needs. >>> We were hoping the credit card industry would create one with the >>> fields that make sense for credit card info, but that never >>> happened. >>> In the mean time, most sites are expressing their policies in >>> terms of >>> categories of information rather than explicit data fields. > > > Thanks for the explanation. > > /Almut > > >
Received on Thursday, 2 November 2006 12:05:12 UTC