[Workshop Homepage] [Participants] [Position Papers] [Agenda] [Minutes]
November 12, 2002
Bill Duserick
- Can a site post a CP and not a full policy? Or, are there advantages to posting just a full policy and not a CP? In a future version of P3P, are CPs necessary at all? Fidelity's experience was that the CP is more difficult to update than the whole policy.
Lorrie Cranor
- the IBM editor will take a full policy and create a CP for you. But, the result may be very broad. The issue is maintaining it. You have to change it server by server whereas the full policy is in one place.
Giles Hogben
- At set time, cookies stored on a user's computer but this is still an act of data processing. P3P 1.0 allows user agents to evaluate cookie policies only at replay time.
- Commented that performance is not an issue. Latency may be an issue but efficient uses of cache should help (see AOL paper). If at replay time, according to EU law it is too late because setting a cookie is an act of preparation for data processing.
Hosts must be responsible for entire domain but this reflects the actual domain of responsibility.
Comment on processing and when the processing starts. From a legalistic perspective, it does not matter where the data is.
Should the P3P user agent when it evaluates the cookie, if it does so at set time or does it do that at replay time? If the cookie is set back to the same host that sent it so it doesn't matter. But some cookies are sent back to any host server anywhere in the domain. This is a problem at the server level.
Question Danny Weitzner
- Doesn't this proposal eliminate the processing/performance benefits of the CP? If we require the information at set time it eliminates any benefits of CP'ss use.
Giles Hogben
- we didn't measure performance against one another -- meaning measure their agent versus the CP process. But, they found the performance to be adequate.
Lorrie Cranor
- it would be a good test to do in the future to match the performance of the CP versus the JVC agent.
Question Rigo Wenning
I was against CP's to begin with. If we were to start again, I would appreciate if we do the benchmarking.
Andrew Bybee
- The performance concern was about the time it took to download the policy. Default expiration is 24 hour expiration (that's the default) and the next day when you return it's downloaded again so caching doesn't help.
Lorrie Cranor
- the Bird's performance is limited because it is not built into the browser. If it were it would be twice as fast.
Brooks Dobbs
- Accuracy is critically important. There are 53 tokens for which other people wrote the definitions for. For instance, on health.
Some data points: If I looked at aspirin on a web site. If I am heterosexual. If I am a diabetic. Is it accurate to say that one of these trigger the health token that would reflect all these data points. It's a problem of scope.
Brian Zwit
- CPs - we talked a lot about what needs to be revealed in cookies. The concern is "data linked to the cookies" and at what point do you need to disclose that. For instance, a shopping cart: There's a lot of data that's set off to the side. If you have to describe all those data elements then the cookie definition is so broad it means nothing.
Brooks Dobbs
- an example where the referrer included the search string. Or even Yahoo maps and the URL string that includes geographical information. It's minable but it's not exactly linked.
Brian Zwit
- if a screen name is a unique identifier then you have to craft a kitchen sink compact policy.
Andrew Bybee
- I am hearing concern about the level of transparency that CPs provide. Concerns about whether performance is an issue. Do we even need cps.
Transparency - The larger point is why did we do CPs? The core issue is that we have a behavior -- I can collect data about you, store it on your machine and replay it. You are storing info on my machine and can come back and retrieve it. MS wanted to do it without impacting performance. We wanted to do it before providing the page.
1. In terms of short term fixes -- maybe have a group tag token. Longer term -- understand how we deal with client side persistence of information. Last, we need to deal with performance. We may be doing tens of thousands of user transactions, and we must be able to deal with hard core issue relating to performance.
Brooks Dobbs
- We're interested in the grouping idea to break out individual components of a cookie. Isn't that rewriting the spec and vocabulary? Are there going to be good sets and bad sets. Also, what if I want to trade download time for privacy -- isn't that my choice.
Lorrie Cranor
- with CPs, you loose granularity. But, they don't have CPs because the corporate privacy policy says that we don't share PII but we share non-PII. In a CP, we can't express that -- it comes across as we share "something."
Andrew Bybee
- We must solve the problem as a group and stay focused on performance and transparency. Caching makes a huge difference but it's not the only answer.
Lorrie Cranor
- What about Brooks suggestion that let companies decide what performance it wants. In IE6 if there's no CP data it looks no further. But what if on the second time it looks it looks for an xml policy?
Brooks Dobbs
asks, What good is performance if it's not accurate.
[Workshop Homepage] [Participants] [Position Papers] [Agenda] [Minutes]
Last update $Date: 2002/11/29 17:57:25 $ by $Author: rigo $