- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 24 Nov 1999 12:01:19 -0500
- To: "Karen Coyle" <kcoyle@ix.netcom.com>, "Joseph M. Reagle Jr." <reagle@w3.org>
- Cc: <www-p3p-public-comments@w3.org>, <massimo@w3.org>, <dll@w3.org>
Karen, The working group tried to explain our intentions regarding the removal of the data transport mechanism in: http://www.w3.org/P3P/data-transfer.html The last call working draft (http://www.w3.org/TR/P3P) also explains: 1.1.2 P3P User Agents P3P1.0 user agents can be built into web broswers, browser plug-ins, or proxy servers. They can also be implemented as Java applets or Javascript; or built into electronic wallets, automatic form-fillers, or other user data management tools. P3P user agents look for P3P headers in HTTP responses and in P3P LINK tags embedded in HTML content. These special headers and tags indicate the location of a relevant P3P policy. User agents can fetch the policy from the indicated location, parse it, and display symbols, play sounds, or generate user prompts that reflect a site's P3P privacy practices. They can also compare P3P policies with privacy preferences set by the user and take appropriate actions. P3P can perform a sort of "gate keeper" function for data transfer mechanisms such as electronic wallets and automatic form fillers. A P3P user agent integrated into one of these mechanisms would retrieve P3P policies, compare them with user's preferences, and authorize the release of data only if a) the policy is consistent with the user's preferences and b) the requested data transfer is consistent with the policy. If one of these conditions is not met, the user might be informed of the discrepancy and given an opportunity to authorize the data release themselves. In general, the base data set is still there for two main reasons: 1. We wanted to have a way for web sites to talk precisely about the kinds of data they collect in order to better inform visitors about their practices 2. We wanted P3P to be able to easily interoperate with other tools that will focus on the actual data collection. It has been the group's feeling that if users are going to take advantage of the many tools that seem to be emerging that help them manage their data and automate data collection, than P3P must be able to directly interoperate with these tools if it is to prove useful to a consumer. We don't want people to have P3P only in their web browser and feel they are protected, and then have their electronic wallet blindly disseminating their information without regard for privacy policies. In order to meet these goals we are currently reviewing whether we can substitute the vcard data schema for our user data set for even better interopeability. Regards, Lorrie Cranor P3P Specification Group Chair ----- Original Message ----- From: Joseph M. Reagle Jr. <reagle@w3.org> To: Karen Coyle <kcoyle@ix.netcom.com> Cc: <www-p3p-public-comments@w3.org>; Lorrie Cranor <lorrie@research.att.com>; <massimo@w3.org>; <dll@w3.org> Sent: Wednesday, November 24, 1999 11:50 AM Subject: Re: P3P question > Karen, > > I'm forwarding your email to the comment list and the other contacts since I > think they can answer this question better than I can. > > At 07:23 99/11/23 -0800, Karen Coyle wrote: > >Hi. I'm trying to get a grasp on the lastest P3P draft and the removal of > >the data transport portion of the protocol. Some people are interpreting > >this as meaning that there will not be any uploading of data during a > >P3P-managed transaction. That would only make sense to me if there were no > >data elements associated with P3P, but the mandatory data elements remain > >in the protocol. > > > >Is it still expected that the user's data may/will be conveyed to the > >requesting site, but just using some other mechanism? In other words, what > >is the purpose of the mandatory data elements in the current draft? > > > >If I missed something on the P3P site that explains all of this, don't > >hesitate to point me to it. > > > >Thanks, > > > >Karen Coyle > >http://www.kcoyle.net > > > > _________________________________________________________ > Joseph Reagle Jr. > Policy Analyst mailto:reagle@w3.org > XML-Signature Co-Chair http://www.w3.org/People/Reagle/ > >
Received on Wednesday, 24 November 1999 12:08:17 UTC