- From: Hugo Haas <hugo@w3.org>
- Date: Sun, 13 Aug 2000 20:50:39 -0400
- To: www-p3p-public-comments@w3.org
I made my site P3P-compliant last week and I found the syntax of the policy reference file too restrictive. According to what I read in the 10 May specification[1], you can only specify URIs using the PREFIX and EXCLUDE elements which contain a string used for prefix matching. This makes it either difficult or impossible to define a policy for certain URIs in the policy reference file. Example 1: http://example.org/foo has a certain policy (policy1) whereas the rest of the site has a different policy (policy2). There are 100 URIs of the form http://example.org/fooN.html, where 1 <= N <= 100. The reference file looks like: <POLICY-REFERENCES xmlns="http://www.w3.org/2000/P3Pv1" xmlns:web="http://www.w3.org/1999/02/22-rdf-syntax-ns#" > <web:RDF> <POLICY-REF web:about="policy2"> <PREFIX>/</PREFIX> <EXCLUDE>/foo</EXCLUDE> </POLICY-REF> <POLICY-REF web:about="policy1"> <PREFIX>/foo</PREFIX> <EXCLUDE>/foo1.html</EXCLUDE> <EXCLUDE>/foo2.html</EXCLUDE> <EXCLUDE>/foo3.html</EXCLUDE> [..] <EXCLUDE>/foo100.html</EXCLUDE> </POLICY-REF> <POLICY-REF web:about="policy2"> <PREFIX>/foo1.html</PREFIX> <PREFIX>/foo2.html</PREFIX> <PREFIX>/foo3.html</PREFIX> [..] <PREFIX>/foo100.html</PREFIX> </POLICY-REF> </web:RDF> </POLICY-REFERENCES> If I create http://example.org/foo101.html, I need to add an EXCLUDE element and a PREFIX element to specify that its policy is policy2 and not policy1. That could easily be fixed by providing to element for inclusion and exclusion for exact strings (I have used EXACT and EXCLUDE-EXACT below): <POLICY-REFERENCES xmlns="http://www.w3.org/2000/P3Pv1" xmlns:web="http://www.w3.org/1999/02/22-rdf-syntax-ns#" > <web:RDF> <POLICY-REF web:about="policy2"> <PREFIX>/</PREFIX> <EXCLUDE-EXACT>/foo</EXCLUDE-EXACT> </POLICY-REF> <POLICY-REF web:about="policy1"> <EXACT>/foo</EXACT> </POLICY-REF> </web:RDF> </POLICY-REFERENCES> This would not make implementations more complex. Example 2: The specification reads: Note that policy reference files do not support any sort of regular expressions. The problem with this is that it is, I think, impossible to define a policy for certains URIs. Take for example a CGI script which takes several arguments, including a search string and a policy name: http://example.org/search?string=My+Search&policy=policy2&option=t It is not possible to get the value of the policy argument using prefix matching, whereas a regular expression or more simply a wildcard would allow people to do things like that. There must be regular expression and wildcard libraries in pretty much all the languages, so I don't think that it would make the implementations much more complex to add this functionnality. Finally, I have a question about content negotiation. Suppose that I ask for http://example.org/foo (policy1), and the response shows that the resource has been negotiated and that the actual resource served is http://example.org/foo.html (policy2), specified in a Content-Location header. RFC2616 specifies[2] that the the Content-Location value is a "statement of the location of the resource corresponding to this particular entity at the time of the request". Would that pose a problem to determine the policy used for this resource? Regards, Hugo 1. http://www.w3.org/TR/2000/WD-P3P-20000510/#ref_file_preexc 2. http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.14
Received on Sunday, 13 August 2000 20:50:42 UTC