- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Fri, 12 Jul 2002 10:26:55 -0400
- To: <xmlp-comments@w3.org>
Dear XML Protocol WG, On behalf of the P3P Specification Working Group I would like to raise a concern about the complete absence of any mention of P3P in any of the XML Protocol documents other than the Requirements document [1]. Indeed, there is only a single mention of privacy in any of the XML Protocol documents under review, and that one mention just points out that SOAP intermediaries raise privacy issues. We believe that SOAP may raise considerable privacy issues and that it is crucial for these issues to be acknowledged and suggestions for mitigating these issues to be included in the specifications where appropriate. In section 5.2 of the Requirements document [1] it states "It must be possible to associate a P3P Privacy Policy with an XMLP message." In a previous exchange with the P3P Specification working group [2] we agreed that indeed it appeared that this was possible. However, we do not believe that the requirement can be adequately met without actually documenting how a P3P policy can be associated with an XMLP message. As there are a variety of ways this might be done, it is important that your working group document the preferred method so that implementations will be interoperable. In our previous discussion [2] it was suggested that a SOAP header could be defined to associate a policy with a message. (Actually it might make more sense to associate a policy reference file with a message if there is a way to uniquely reference messages by URI -- that's a topic we would be happy to discuss with you further). As far as we can tell, no such header has been defined. Furthermore it was suggested that a policy could be directly embedded within a header. If this mechanism is to be used, it would need to be documented that embedding a P3P policy has the meaning of associating that policy with the message within which it is embedded. There may be some scoping and lifetime issues that would also be necessary to resolve, as well as issues about resolving potential policy conflicts. When XMLP messages are conveyed over HTTP the existing mechanisms defined in the P3P1.0 specification may be used to associate policies with XMLP messages. However, it is unclear to us whether the P3P specification supplies a sufficient level of granularity to identify XMLP messages. If it does not, it is likely that the P3P extension mechanism could be used to provide this granularity, but again this would need to be documented. Furthermore, if other mechanisms are defined specifically for use with XMLP, then conflicts may arise between these mechanisms and the P3P1.0-defined mechanisms. The proper way to resolve these conflicts needs to be documented as well. Besides documenting how a P3P policy should be associated with an XMLP message, we believe it would be useful to offer some usage scenarios that include P3P. We are concerned that in the absence of discussion of privacy and P3P, developers will be likely to ignore privacy issues when implementing the XML Protocol. Thank you for your attention to these issues. We would be happy to discuss possible solutions with members of your group. Regards, Lorrie Cranor P3P Specification Working Group Chair 1. http://www.w3.org/TR/2002/WD-xmlp-reqs-20020626 2. http://lists.w3.org/Archives/Public/xmlp-comments/2002Jan/0022.html
Received on Friday, 12 July 2002 10:36:25 UTC