- From: Clifford Lyon <Clifford.Lyon@cnet.com>
- Date: Tue, 13 Nov 2001 10:32:52 -0800
- To: "'Lorrie Cranor'" <lorrie@research.att.com>, Clifford Lyon <Clifford.Lyon@cnet.com>, www-p3p-public-comments@w3.org
- Message-ID: <F5E5CB897FCA1A4BAC3FD38CEBA1A644F919FB@zdnet08.zdz.cnwk>
Thanks so much for the quick response - and that's great, it could save us a lot effort. What are the dependencies? Would you be willing to look at a couple of compact policies to see if you see any problems? -----Original Message----- From: Lorrie Cranor [mailto:lorrie@research.att.com] Sent: Tuesday, November 13, 2001 1:27 PM To: Clifford Lyon; www-p3p-public-comments@w3.org Subject: Re: global compact policy In theory, yes, but it depends on what exactly is in your compact policy. ----- Original Message ----- From: "Clifford Lyon" <Clifford.Lyon@cnet.com> To: <www-p3p-public-comments@w3.org> Sent: Tuesday, November 13, 2001 1:22 PM Subject: global compact policy > One approach to meeting ie6's compact policy requirement is to put the P3P response header in every response from the server. This is what www.microsoft.com and www.msn.com have done. > > My question is, is it acceptable (under p3p, not ie6) to create a sort of maximal compact policy that includes tokens for all the information linked to cookies on the site, set that policy in every response, and sort of unilaterally not supply the opt- mechanisms for cookies that would not require them? > > For example, let's say site.com has two cookies, anon-cookie, and id-cookie. The anon cookie contains nothing that requires and opt- mechanisms. The id-cookie, however, contains or is linked to name, address, social-security number, and an opt- mechanism is provided by the site for the user to manage that cookie. So, would it be acceptable to set a policy everywhere that encompassed all the information in those two cookies, and to _not_ provide any opt- mechanism when setting anon-cookie? > > Thanks. >
Received on Tuesday, 13 November 2001 13:33:57 UTC