This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Need to address concerns raised about compact policies (see for example http://www.w3.org/P3P/ 2003/03-compact.html). On March 31 call we agreed to adopt the following: Section 4 of the latest p3p1.1 wd http://www.w3.org/TR/2004/WD-P3P11-20040210/#compact_policies describes compact policies. The first paragraph of 4. currently states: Compact policies are summarized P3P policies that provide hints to user agents to enable the user agent to make quick, synchronous decisions about applying policy. Compact policies are a performance optimization that is OPTIONAL for either user agents or servers. User agents that are unable to obtain enough information from a compact policy to make a decision according to a user's preferences SHOULD fetch the full policy. I propose changing it to say: Compact policies are summarized P3P policies that provide hints to user agents to enable the user agent to make quick, synchronous decisions about applying policy to cookies. Compact policies are a performance optimization that is OPTIONAL for both user agents and servers. They represent only a summary of a site's full P3P policy for a cookie; the full P3P policy is the authoritative statement of policy. However, if a site makes compact policy statements, it MUST make these statements in good faith. User agents that are unable to obtain enough information from a compact policy to make a decision according to a user's preferences SHOULD fetch the full policy. User agents that use compact policies as part of their decision making MUST include a mechanism that allows users to determine that a particular decision was made based on a compact policy and to view that compact policy. However, user agents that provide general information about a site's P3P policies to users MUST use the full P3P policy and MUST NOT use the compact policy for this purpose. I propose adding a section 4.2.10 Compact STATEMENT The STATEMENT element is represented in compact policies using the curly brace { } symbols. The { represents the opening STATEMENT tag and the } represents the closing statement tag. The syntax of the compact statement corresponds to the syntax of the full statement. Unless it surrounds a compact NON-IDENTIFIABLE element, each pair of braces MUST surround one compact RETENTION element and at least one of each of the following compact elements: PURPOSE, RECIPIENT, and CATEGORIES. Alternatively, a pair of braces may surround a compact NON-IDENTIFIABLE element; optionally any of the PURPOSE, RECIPIENT, and CATEGORIES elements; and optionally a RETENTION element. A compact policy that has an improperly matching pair of curly braces or is missing one of the required statement elements MUST be treated as if no curly braces are present. A compact policy may contain one or more statements. A compact policy with no {} elements is considered to have a single implied statement element. [BNF] Section 4.5, fourth paragraph, change to: The P3P 1.0 specification required that all purposes, recipients, and categories that appear in multiple statements in a full policy be aggregated in a compact policy, as described in section 3.3.1. With the addition of the compact STATEMENT element in P3P 1.1, this is no longer necessary, although it is still permitted. When performing the aggregation, a Web site MUST disclose all relevant tokens (for instance, observe Example 4.1, where multiple retention policies are specified.) Section 4.5 give two examples of valid translations. In addition to the one currently given, add: "NON DSP { ADM DEV PSD OUR IND PRE NAV } { IVDo OUR STP PHY PRE UNI }" Section 4.6 and 4.7 should be dropped.
Integrated into WD-P3P11-20040420