W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > November 2001

global compact policy

From: Clifford Lyon <Clifford.Lyon@cnet.com>
Date: Tue, 13 Nov 2001 10:22:19 -0800
Message-ID: <F5E5CB897FCA1A4BAC3FD38CEBA1A644F919FA@zdnet08.zdz.cnwk>
To: "'www-p3p-public-comments@w3.org'" <www-p3p-public-comments@w3.org>
One approach to meeting ie6's compact policy requirement is to put the P3P response header in every response from the server. This is what www.microsoft.com and www.msn.com have done.

My question is, is it acceptable (under p3p, not ie6) to create a sort of maximal compact policy that includes tokens for all the information linked to cookies on the site, set that policy in every response, and sort of unilaterally not supply the opt- mechanisms for cookies that would not require them?

For example, let's say site.com has two cookies, anon-cookie, and id-cookie. The anon cookie contains nothing that requires and opt- mechanisms. The id-cookie, however, contains or is linked to name, address, social-security number, and an opt- mechanism is provided by the site for the user to manage that cookie. So, would it be acceptable to set a policy everywhere that encompassed all the information in those two cookies, and to _not_ provide any opt- mechanism when setting anon-cookie?

Thanks.
Received on Tuesday, 13 November 2001 13:23:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:43:00 UTC