global compact policy from Clifford Lyon on 2001-11-13 (www-p3p-public-comments@w3.org from November 2001)

From: Clifford Lyon <Clifford.Lyon@cnet.com>
Date: Tue, 13 Nov 2001 10:22:19 -0800
To: "'www-p3p-public-comments@w3.org'" <www-p3p-public-comments@w3.org>
Message-ID: <F5E5CB897FCA1A4BAC3FD38CEBA1A644F919FA@zdnet08.zdz.cnwk>

One approach to meeting ie6's compact policy requirement is to put the P3P response header in every response from the server. This is what www.microsoft.com and www.msn.com have done.

My question is, is it acceptable (under p3p, not ie6) to create a sort of maximal compact policy that includes tokens for all the information linked to cookies on the site, set that policy in every response, and sort of unilaterally not supply the opt- mechanisms for cookies that would not require them?

For example, let's say site.com has two cookies, anon-cookie, and id-cookie. The anon cookie contains nothing that requires and opt- mechanisms. The id-cookie, however, contains or is linked to name, address, social-security number, and an opt- mechanism is provided by the site for the user to manage that cookie. So, would it be acceptable to set a policy everywhere that encompassed all the information in those two cookies, and to _not_ provide any opt- mechanism when setting anon-cookie?

Thanks.

Received on Tuesday, 13 November 2001 13:23:29 UTC