W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > August 2000

Policy reference file syntax

From: Hugo Haas <hugo@w3.org>
Date: Sun, 13 Aug 2000 20:50:39 -0400
To: www-p3p-public-comments@w3.org
Message-ID: <20000813205038.A5004@w3.org>
I made my site P3P-compliant last week and I found the syntax of the
policy reference file too restrictive.

According to what I read in the 10 May specification[1], you can only
specify URIs using the PREFIX and EXCLUDE elements which contain a
string used for prefix matching.

This makes it either difficult or impossible to define a policy for
certain URIs in the policy reference file.

Example 1:

  http://example.org/foo has a certain policy (policy1) whereas the
  rest of the site has a different policy (policy2). There are 100 URIs
  of the form http://example.org/fooN.html, where 1 <= N <= 100.

  The reference file looks like:

	    xmlns:web="http://www.w3.org/1999/02/22-rdf-syntax-ns#" >

	  <POLICY-REF web:about="policy2">

	  <POLICY-REF web:about="policy1">

	  <POLICY-REF web:about="policy2">


  If I create http://example.org/foo101.html, I need to add an EXCLUDE
  element and a PREFIX element to specify that its policy is policy2 and
  not policy1.

  That could easily be fixed by providing to element for inclusion and
  exclusion for exact strings (I have used EXACT and EXCLUDE-EXACT below):

	    xmlns:web="http://www.w3.org/1999/02/22-rdf-syntax-ns#" >

	  <POLICY-REF web:about="policy2">

	  <POLICY-REF web:about="policy1">


  This would not make implementations more complex.

Example 2:

  The specification reads:

   Note that policy reference files do not support any sort of regular

  The problem with this is that it is, I think, impossible to define a
  policy for certains URIs.

  Take for example a CGI script which takes several arguments, including
  a search string and a policy name:


  It is not possible to get the value of the policy argument using
  prefix matching, whereas a regular expression or more simply a
  wildcard would allow people to do things like that.

  There must be regular expression and wildcard libraries in pretty much
  all the languages, so I don't think that it would make the
  implementations much more complex to add this functionnality.

Finally, I have a question about content negotiation. Suppose that I ask
for http://example.org/foo (policy1), and the response shows that the
resource has been negotiated and that the actual resource served is
http://example.org/foo.html (policy2), specified in a Content-Location
header. RFC2616 specifies[2] that the the Content-Location value is a
"statement of the location of the resource corresponding to this
particular entity at the time of the request". Would that pose a problem
to determine the policy used for this resource?



   1. http://www.w3.org/TR/2000/WD-P3P-20000510/#ref_file_preexc
   2. http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.14
Received on Sunday, 13 August 2000 20:50:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:42:59 UTC