W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > November 1999

Re: P3P question

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 24 Nov 1999 12:01:19 -0500
Message-ID: <015501bf369d$87a0f020$9816cf87@research.att.com>
To: "Karen Coyle" <kcoyle@ix.netcom.com>, "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: <www-p3p-public-comments@w3.org>, <massimo@w3.org>, <dll@w3.org>

The working group tried to explain our intentions regarding the
removal of the data transport mechanism in:

The last call working draft (http://www.w3.org/TR/P3P)
also explains:

  1.1.2 P3P User Agents

  P3P1.0 user agents can be built into web broswers, browser plug-ins,
  or proxy servers. They can also be implemented as Java applets or
  Javascript; or built into electronic wallets, automatic form-fillers, or
  other user data management tools. P3P user agents look for P3P
  headers in HTTP responses and in P3P LINK tags embedded in
  HTML content. These special headers and tags indicate the location
  of a relevant P3P policy. User agents can fetch the policy from the
  indicated location, parse it, and display symbols, play sounds, or
  generate user prompts that reflect a site's P3P privacy practices.
  They can also compare P3P policies with privacy preferences set
  by the user and take appropriate actions. P3P can perform a sort
  of "gate keeper" function for data transfer mechanisms such as
  electronic wallets and automatic form fillers. A P3P user agent
  integrated into one of these mechanisms would retrieve P3P policies,
  compare them with user's preferences, and authorize the release of
  data only if a) the policy is consistent with the user's preferences and
  b) the requested data transfer is consistent with the policy. If one of
  these conditions is not met, the user might be informed of the
  discrepancy and given an opportunity to authorize the data release

In general, the base data set is still there for two main reasons:
1. We wanted to have a way for web sites to talk precisely about the
kinds of data they collect in order to better inform visitors about their
2. We wanted P3P to be able to easily interoperate with other tools that
will focus on the actual data collection. It has been the group's feeling
that if users are going to take advantage of the many tools that seem to
be emerging that help them manage their data and automate data
collection, than P3P must be able to directly interoperate with these
tools if it is to prove useful to a consumer. We don't want people to have
P3P only in their web browser and feel they are protected, and then have
their electronic wallet blindly disseminating their information without
regard for privacy policies.

In order to meet these goals we are currently reviewing whether we can
substitute the vcard data schema for our user data set for even better


Lorrie Cranor
P3P Specification Group Chair

----- Original Message -----
From: Joseph M. Reagle Jr. <reagle@w3.org>
To: Karen Coyle <kcoyle@ix.netcom.com>
Cc: <www-p3p-public-comments@w3.org>; Lorrie Cranor
<lorrie@research.att.com>; <massimo@w3.org>; <dll@w3.org>
Sent: Wednesday, November 24, 1999 11:50 AM
Subject: Re: P3P question

> Karen,
> I'm forwarding your email to the comment list and the other contacts since
> think they can answer this question better than I can.
> At 07:23 99/11/23 -0800, Karen Coyle wrote:
>  >Hi. I'm trying to get a grasp on the lastest P3P draft and the removal
>  >the data transport portion of the protocol. Some people are interpreting
>  >this as meaning that there will not be any uploading of data during a
>  >P3P-managed transaction. That would only make sense to me if there were
>  >data elements associated with P3P, but the mandatory data elements
>  >in the protocol.
>  >
>  >Is it still expected that the user's data may/will be conveyed to the
>  >requesting site, but just using some other mechanism? In other words,
>  >is the purpose of the mandatory data elements in the current draft?
>  >
>  >If I missed something on the P3P site that explains all of this, don't
>  >hesitate to point me to it.
>  >
>  >Thanks,
>  >
>  >Karen Coyle
>  >http://www.kcoyle.net
>  >
> _________________________________________________________
> Joseph Reagle Jr.
> Policy Analyst           mailto:reagle@w3.org
> XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Wednesday, 24 November 1999 12:08:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:42:58 UTC