- From: Clifford Lyon <Clifford.Lyon@cnet.com>
- Date: Thu, 4 Oct 2001 08:18:59 -0700
- To: "'Lorrie Cranor'" <lorrie@research.att.com>, www-p3p-public-comments@w3.org
- Message-ID: <F5E5CB897FCA1A4BAC3FD38CEBA1A644F91833@zdnet08.zdz.cnwk>
Ahh... so the include and cookie-include have the same relationship to the host. Great, thanks for the clarification. --Cliff -----Original Message----- From: Lorrie Cranor [mailto:lorrie@research.att.com] Sent: Wednesday, October 03, 2001 9:55 PM To: Clifford Lyon; www-p3p-public-comments@w3.org Subject: Re: cookie-include element I think you have it mostly right. The PRF only applies to URIs on or cookies set by the host that references it. You can have identical PRFs on each host in your domain (assuming they have the same policy usage). Or you can have one PRF that is referenced in the headers by all the hosts in the domain. Unless you have a good reason not to, we highly recommend that you put a PRF in the well-known location of every host, however. Lorrie ----- Original Message ----- From: "Clifford Lyon" <Clifford.Lyon@cnet.com> To: <www-p3p-public-comments@w3.org> Sent: Wednesday, October 03, 2001 1:58 PM Subject: RE: cookie-include element > I noticed the text of the original message got cut off. > Here it is again. > > -----Original Message----- > > Hi, > > In the prf, the include element's URI reference must be > relative. So, a prf at x.domain.com may only refer to > locations x.domain.com/*, and not y.domain.com/*. However, > the domain attr of the cookie indluce element allows > *.domain.com. So, do I have this right: for each > subdomain, a corresponding prf entry must be created for > locations w/in that subdomain. However, for each cookie > set in *.domain.com, only one prf entry need be created > and added to some prf file under the top level domain. > The location of that prf can be added to the http reponse > headers that set the cookie. > > Thanks, > > Cliff >
Received on Thursday, 4 October 2001 11:23:37 UTC