This Document is deprecated and replaced by the domain-relationsship document
Prepared for W3C P3P 1.1 Working Group
Jack Humphrey (firstname.lastname@example.org)
Revised October 2003
As part of the P3P 1.1 effort, this document describes modifications to the P3P specification that would allow user agents to recognize when hosts in different domains are owned by the same entity. These modifications would allow user agents to more intelligently apply privacy preferences, addressing implementation issues that have plagued many P3P deployments.1
This document contains an overview of the proposed modifications but not the specification-level details of the modifications, which will be provided in a subsequent document.
Consider the web sites example.com and forinstance.com, which are owned by the same company and share some web site content, hosted on example.com. Some of that content includes “internal” banner ads that are generated by a servlet on example.com and promote certain features on example.com. Both sites are owned by the same company and wish to deploy a single P3P policy that describes their single corporate policy on data collection and usage. We refer to this situation as a “same entity” relationship, as in “sample.com is an owned by the same entity as example.com.”
A simple policy reference is deployed in the well-known location (/w3c/p3p.xml) on example.com. It looks like this:
forinstance.com is configured to return the HTTP header
When a web browser visits a page on forinstance.com, the user agent applies the policy at the URI http://www.example.com/p3p/policy.xml#corporate. If an image on that page is served by example.com, the same policy would be applied to that image request, after looking up the policy reference file at the well-known location.
The proposed mechanism allows sites to declare hosts owned by the same entity in the policy reference file. These declarations would allow user agents to recognize and verify “same entity” relationships automatically.
Since forinstance.com references example.com’s policy reference file, that file would have an additional KNOWN-HOSTS section:
<HOST name="*.forinstance.com" entity-type="SAME"/>
The new KNOWN-HOSTS section would allow example.com to declare hosts who may refer to this policy reference file. The HOST name attribute above denotes that forinstance.com hosts are allowed to refer to this policy reference file, and the entity-type attribute denotes that they are owned by the same entity.
Some user agents choose to only use compact policies to apply privacy preferences to cookies. Since compact policies do not allow the same level of expressiveness as policy reference files, they require a parallel mechanism to allow expression of “same entity” relationships. The proposed mechanism calls for the addition of a new HTTP P3P header “same-entity.”
The P3P same-entity header allows a host to specify a list of space-delimited hostname qualifiers that describe hosts owned by the same entity as the current host. This list must match the list of known hosts of type SAME in the policy reference file. In the “same entity” example, example.com would return the header:
and forinstance.com would return the header:
When using these headers while evaluating compact policies, a user agent should only consider two hosts to belong to the same entity if each host has a matching same-entity hostname qualifier for the other host. For simplicity of implementation, user agents should allow the trivial case of including the current host in the same-entity list.
For purposes of efficiency, hosts should not be required to return all hostname qualifiers for each of these new headers on every request. Instead they may tailor the header based on the request context, e.g. an entity owns 100 different domains, on hosts in forinstance.com, it may return only “*.example.com” if it can glean that the request was referred from example.com.
To take advantage of the new expressiveness provided by the proposed modifications, user agents should implement the following high-level rules:
Same Entity: Hosts A and B should be considered to belong to the same entity if:
Host A refers to a policy reference file on host B, and that policy reference file contains a matching KNOWN-HOSTS entry for host B with type SAME, or
During compact policy evaluation, host A has a matching hostname qualifier in the P3P same-entity header for the host B, and vice versa.
In the event of a verified “same entity” relationship, no extra privacy restrictions should be applied to either host.