RE: global compact policy

Thanks so much for the quick response - and that's great, it could save us a lot effort.

What are the dependencies? Would you be willing to look at a couple of compact policies to see if you see any problems?


-----Original Message-----
From: Lorrie Cranor [mailto:lorrie@research.att.com]
Sent: Tuesday, November 13, 2001 1:27 PM
To: Clifford Lyon; www-p3p-public-comments@w3.org
Subject: Re: global compact policy


In theory, yes, but it depends on what exactly is in your
compact policy.

----- Original Message -----
From: "Clifford Lyon" <Clifford.Lyon@cnet.com>
To: <www-p3p-public-comments@w3.org>
Sent: Tuesday, November 13, 2001 1:22 PM
Subject: global compact policy


> One approach to meeting ie6's compact policy requirement is to put the P3P
response header in every response from the server. This is what
www.microsoft.com and www.msn.com have done.
>
> My question is, is it acceptable (under p3p, not ie6) to create a sort of
maximal compact policy that includes tokens for all the information linked
to cookies on the site, set that policy in every response, and sort of
unilaterally not supply the opt- mechanisms for cookies that would not
require them?
>
> For example, let's say site.com has two cookies, anon-cookie, and
id-cookie. The anon cookie contains nothing that requires and opt-
mechanisms. The id-cookie, however, contains or is linked to name, address,
social-security number, and an opt- mechanism is provided by the site for
the user to manage that cookie. So, would it be acceptable to set a policy
everywhere that encompassed all the information in those two cookies, and to
_not_ provide any opt- mechanism when setting anon-cookie?
>
> Thanks.
>