Re: P3P Protocol Concerns and Proposed Changes

Thomas,

Thank you for your thoughtful proposal for P3P protocol
modifications. The P3P specification working group
has reviewed and discussed your proposal. 

We share your concerns about the performance of P3P, and 
have been working with implementers for several months on 
addressing these concerns. We hope to have solutions 
documented in the next two or three weeks that will reduce
the number of round trips required in most situations. Basically,
this will allow for inline policy files, references to embedded
content within a policy reference file, and more clarification
of the use of the safe zone to allow P3P policy checking to
occur synchronously with fetching of content. All of the
implementers who have been involved in the project seem 
satisfied with the direction we are heading in. 

While your proposal presents a number of interesting ideas
that would be good to consider in future versions of P3P,
we believe that overall it is unworkable in version 1 because
it creates an unacceptably high barrier to entry for the 
adoption of P3P. Your proposal requires that servers adopt
special P3P software as well as modify content on every page
on their site that contains a form. This seems like a huge
amount of start-up work for web sites, as well as an ongoing
maintenance problem that can only be realistically addressed
through P3P-aware web site management tools. While all
of these things may be possible in the long term, we believe
they place too great a burden on web sites to get P3P 
off the ground.

There are some interesting ideas in this proposal. We agree 
that there is value in associating P3P data elements directly
with form fields, and we hope the ongoing XForms work will
be able to address this.
     
Thanks for taking the time to submit such a thorough proposal.

Regards,

Lorrie Cranor
P3P Specification Working Group Chair

Received on Monday, 17 July 2000 16:37:56 UTC