- From: Mark Nottingham <mnot@akamai.com>
- Date: Wed, 16 Jan 2002 15:22:12 -0800
- To: Christopher Ferris <chris.ferris@sun.com>
- Cc: w3c-p3p-specification@w3.org, xmlp-comments@w3.org
FWIW, I think the current design of SOAP meets this requirement. Some
work would need to be done to define the relationship between the
policy and the message payload, as well as the processing of privacy
policies (which are application-specific), but that's out of scope
for both the P3P and XMLP WGs.
[For P3P people unfamiliar with SOAP, it's an extensible protocol
that can run on top of HTTP, SMTP, or any other protocol, including
raw TCP. It can have a variety of message exchange patterns, not just
request-response; this includes things like publish-subscribe,
one-way messaging, and multicast. It's possible to associate a policy
with any SOAP message because a) SOAP is XML-based, and b) SOAP has
an extensibility mechanism whereby you can embed arbitrary XML (with
some restrictions, e.g., DTDs are not allowed) into 'headers', which
are processed by SOAP nodes in certain ways.]
A SOAP extension header could be defined which associated a policy
with the message:
<?xml version="1.0" ?>
<env:Envelope xmlns:env="http://www.w3.org/2001/12/soap-envelope">
<env:Header>
<policy xmlns="http://www.example.org/policyref">
<reference>http://www.example.com/policy.xml</reference>
</policy>
<env:Header>
<env:Body>
<m:alert xmlns:m="http://example.org/alert">
<m:msg>Pick up Mary at school at 2pm</m:msg>
</m:alert>
</env:Body>
</env:Envelope>
(there are several different variants of this approach, including the
use of XInclude, etc.)
A policy could also be directly embedded within a Header:
<?xml version="1.0" ?>
<env:Envelope xmlns:env="http://www.w3.org/2001/12/soap-envelope">
<env:Header>
<POLICIES xmlns="http://www.w3.org/2001/09/P3Pv1">
<POLICY name="sample"
discuri="http://www.example.com/cookiepolicy.html"
opturi="http://www.example.com/opt.html">
<ENTITY>
<DATA-GROUP>
<DATA ref="#business.name">Example, Corp.</DATA>
<DATA ref="#business.contact-info.online.email">privacy@example.com</DATA
</DATA-GROUP>
</ENTITY>
<ACCESS><none/></ACCESS>
<DISPUTES-GROUP>
<DISPUTES resolution-type="service"
service="http://www.example.com/privacy.html"
short-description="Please contact our customer service desk
with privacy concerns by emailing privacy@example.com"/>
</DISPUTES-GROUP>
<STATEMENT>
<PURPOSE><admin/><develop/><pseudo-decision/></PURPOSE>
<RECIPIENT><ours/></RECIPIENT>
<RETENTION><indefinitely/></RETENTION>
<DATA-GROUP>
<DATA ref="#dynamic.cookies">
<CATEGORIES><preference/><navigation/></CATEGORIES>
</DATA>
</DATA-GROUP>
</STATEMENT>
<STATEMENT>
<PURPOSE><individual-decision required="opt-out"/></PURPOSE>
<RECIPIENT><ours/></RECIPIENT>
<RETENTION><stated-purpose/></RETENTION>
<DATA-GROUP>
<DATA ref="#user.name.given"/>
<DATA ref="#dynamic.cookies">
<CATEGORIES><preference/><uniqueid/></CATEGORIES>
</DATA>
</DATA-GROUP>
</STATEMENT>
</POLICY>
</POLICIES>
</env:Header>
<env:Body>
<m:alert xmlns:m="http://example.org/alert">
<m:msg>Pick up Mary at school at 2pm</m:msg>
</m:alert>
</env:Body>
</env:Envelope>
On Wed, Jan 16, 2002 at 03:35:31PM -0500, Christopher Ferris wrote:
> P3P WG,
>
> The XML Protocol WG believes that the requirements[1] submitted by
> the P3P WG have been met in the SOAP1.2 draft specification(s)[2,3]
> and that the SOAP1.2 protocol provides an effective mechanism for
> association of a P3P privacy policywith a SOAP message (SOAP header
> block(s)).
>
> We would appreciate your review of the recently published draft
> specification(s) in light of your requirements to confirm our
> belief that your stated requirements are met in SOAP1.2.
>
> Cheers,
>
> Chris
>
> [1] http://www.w3.org/TR/2001/WD-xmlp-reqs-20010319/#N1573
> [2] http://www.w3.org/TR/soap12-part1/
> [3] http://www.w3.org/TR/soap12-part2/
>
>
--
Mark Nottingham, Research Scientist
Akamai Technologies (San Mateo, CA USA)
Received on Wednesday, 16 January 2002 18:22:17 UTC