P3P Public Issues List

[See also member confidential issues list -- If you are not a member and have questions about some of the member confidential material, please ask www-p3p-public-comments@w3.org -- Much of this information is included in private working group meeting minutes and discussions; some, however, can be extracted and shared publically upon request.]

Date # Issue description and links Status
11/18/99 1 XML Schemas - how can we use them to describe the P3P policy and/or for data schemas (Lorrie raised issue after TimBL urged all working groups to use XML Schemas where appropriate) RESOLVED 12/20 Daniel's XML schema and introductory paragraph have been added to the spec as Appendix 3.
11/18/99 2 vCard - can we make our data schema more consistent with vCard (or replace it with Card)?
- Larry Massinter's public comments
RESOLVED (decline) 1/20 This issue had been raised earlier in the P3P process (see Drummond's report from July 1998 [member confidential]) and we had little cooperation from the vCard folks (they actually told us that they didn't see a need for us to use vCard [member confidential]!). When the issue was raised again, we looked into using XML vCard or RDF vCard. However, we could not find anyone with implementation plans for XML or RDF vCard. There were also some concerns about the XML vCard syntax -- namely their use of multiple attribute values seperated by spaces. If we were to use this syntax we would want to change it. We decided there was not a compelling reason to switch to vCard, especially since many applications are using their own address book formats (for example Palm Pilots) and converting data in and out of vCard fairly easily. We did address the i18n issues related to the base data schema, however -- see issue 32.Note that we followed up with Larry Massinter via telephone and he said he would not press the issue further. This was over a year ago, and unfortunatly not documented in the email archive. No other comments on this topic have been received in the intervening year.
11/18/99 3 Space and time issues - how to announce in advance what policies apply to resources we haven't requested yet RESOLVED 12/13 Martin's draft [member confidential] adopted. Marc's proposal adopted with minor revisions. (Note, while general solution remains, many of the details were later changed as a result of issues raised later)
11/18/99 4 same policy in multiple languages and immutability/user interface issues RESOLVED12/9 Marc's proposal to use content-language tag for this purpose accepted
1/12/00 5 First batch of vocab changes reviewed by POWG
- Complete list of proposed and approved vocab changes as of January 10 [member confidential]
RESOLVED 1/13, first batch of changes approved with minor edit (use "public" instead of "published")
1/20/00 6 Second batch of vocab changes reviewed by POWG
- Discussion on January 20 conference call [member confidential]
RESOLVED 1/20, second batch of changes approved except for delivery services issue, Massimo updated spec; 1/27 Retention and may issues resolved and spec updated (note minority opinion on may issue, documented at end of section 3.3.3 of spec); 2/3 assurance-group changed to disputes-group with additional fields and delivery services recipient added
1/20/00 7 Add guiding principles as appendix to spec RESOLVED 1/20, approved, also add signatories to acknowledgements and add preveiously approved addition to principles. Guiding principles are now Appendix 7.
1/25/00 8 Time zones - public comment
- Public comment from Chris Toomey
- Massimo's response on behalf of working group
- Follow-up public comment from Chris Toomey
RESOLVED (decline, but no longer relevant) 6/26 Massimo responded to follow up comment -- good idea, but we don't think its necessary for version 1, will consider for P3P2. This issue became irrelevent after we removed typing of data elements.
1/25/00 9 COPPA extension proposal - public comment
- Public comment from Jason Axtell
RESOLVED 2/27 P3P already has requested functionality. Lorrie wrote response
2/13/00 10 authoritative cache problem
- Massimo's note describing the problem [member confidential]
RESOLVED 3/2 group agreed this was not an issue that needs to be resolved in P2P1.0, although it should be revisited in P3P2. Massimo wrote a short explanation of the problem for section 2.4.4 of the spec (Note this eventually was rewritten and moved to the end of
2/13/00 11 Need server configuration guide (not part of spec) To be done after CR
2/13/00 12 Need implementation suggestions, features, etc. (not part of spec) --

companies need guidance on how to do P3P strategically -- not just how to write the policy, but also things like how to figure out if you need one or multiple policies -- HP and P&G volunteered to help based on their experiences

Discussed at April 3 face-to-face meeting; we will continue to work on this after CR
2/15/00 13 Cache and validation issues raised by Martin
- Martin's description of the problem [member confidential]
- Martin's proposed solution [member confidential]
RESOLOVED 3/9 Martin's proposal [member confidential]approved. (Note that this was later redone when policy reference file was introduced.)
2/16/00 14 Extensions syntax issues RESOLVED 3/2 We will change extension syntax to make optional an attribute and move xmlns -- documented in Section 3.5
2/15/00 15 Data elements in multiple categories
Martin's description of problem [member confidential]
RESOLVED Marc's solution [member confidential] adopted -- multiple element definitions in schema (one for each category element is in). (Note, this was revisited in issue 46 and changed.)
2/15/00 16 We still need a DTD RESOLVED Added as appendix
2/17/00 17 Chris Hunter's public comments regarding entity and categories RESOLVED 3/23 Lorrie responded to Chris that more structure is being added to entity and new categories will be added
3/3/00 18 Lee Ann Phillip's entity public comments RESOLVED 3/16 POWG group agreed to add third-party and business data schema -- business would be used specifically to address this concern; 3/23 Lorrie responded to Lee Ann
3/8/00 19 Proposal to add health and financial info categories RESOLVED 3/24 spec group approved these and other category changes - revised categoriesincorporated in 3/27 draft with revised definitions
3/8/00 20 Proposal to add remedies attribute to disputes element RESOLVED 3/9 Proposal accepted with minor modifications (remedies elements instead of attributes) -- incorporated into Section 3.2.5 of spec
3/8/00 21 URL with query-string variables RESOLVED4/26 Section on forms added to spec as section 2.3.5
3/8/00 22 Do we really need a consequence group? RESOLVED 3/16 Spec group agreed to remove consequence group (just have consequence element without the group) and all xml:lang from the spec -- international issues are still addressed by the ability to write the entire policy in multiple languages.
3/13/00 23 Martin Duerst's comment on meta syntax RESOLVED 4/3 This problem is solved by change to policy reference file -- see issue 38
3/13/00 24 Martin Duerst's comment on "what do policies apply to?" RESOLVED Addressed by issue 21. Lorrie replied to Martin.
3/14/00 25 Should we restructure user.bdate? RESOLVED (decline) Consensus that we've been through this discussion before and our current solution (seperating date and time) is sufficient. Martin agrees with consensus.
3/14/00 26 We don't use the "long" description in our base data schema. Should we use it? RESOLVED 3/16 consensus that it is not necessary for us to use it, but long is still useful for people developing new data schema
3/17/00 27 typeschema and DATA namespace
- Martin Duerst's public comment
RESOLVED 4/3 Data schema is now at the appropriate URI
3/17/00 28 Representing Lifetimes of Direct Policy Refernces
Martin Duerst's public comment
RESOLVED 3/22 Lorrie sent Martin Duerst a response from Martin Presler-Marshall. (Note, addition of policy reference file changes this.)
3/17/00 29 P3P Basic Data Types and XML Schema Datatypes
- Martin Duerst's public comment
RESOLVED (decline) 4/3 Might be a good idea for P3P2, but not worth doing now, especially given instability of XML schemas.
3/17/00 30 Add signature example to extension mechanism
Martin Duerst's public comment
RESOLVED (decline) Good idea, but we probably won't add any more examples now. Lorrie responded to Martin
3/17/00 31 CCPP and P3P compatibility concerns
- Pulic comment from Graham Klyne
- Yuichi's response
- Graham's reply
RESOLVED 4/20 We will change data element syntax to URI format to promote compatibility with CCPP and other RDF-based applications; Massimo updated Section 3.3.6 of spec; Yuichi responded to Graham Klyne
3/22/00 32 I18N comments and Misha's addendum RESOLVED 9/15 Marc's proposal adopted [member confidential] and spec updated; Marc responded [member confidential] to I18N group (and they responded back [member confidential]) --

Marc prepared revised list of issues we still need to address in spec. We believe all of thes issues have been resolved as of 9/15 draft, and have informed the I18N group. We asked the I18N group to confirm that they are satisfied and are awaiting their response.

3/22/00 33 Reference same policy irrespective of method
- Martin Duerst's public comment
RESOLVED 4/3 We will include method in policy reference file -- see issue 38
3/22/00 34 Express safe zone policy as P3P
4/3 We will look into this after CR; Ari volunteered to try this
3/23/00 35 Concern raised during project review about delay caused by P3P headers
RESOLVED 4/3 policy reference file solves this -- see issue 38
3/23/00 36 Tim suggests we represent data elements as objects with properties in RDF data
ACTION: RDF data model removed from spec, but we will issue a W3C note explaining new improved RDF data model around when we go to PR Working group reviewed Tom's proposal and would like him to proceed with preparing a note after we go to last call.

11/6 Lorrie contacted Tom, but is still awaiting response

3/23/00 37 Suggestion raised during project review that we require 302 return code for indirect references RESOLVED 4/3 We will do this -- see Section 2.3.3
3/23/00 38 Concern raised during project review about policy-cc header and whether it is semantic hogwash RESOLVED 4/13 We will use policy reference file instead of multiple header extensions.
3/23/00 39 Dan Connolly's comments [member confidential] RESOLVED 4/3 Discussed at f2f meeting, many points already addressed by other issues on this list - additional action items:
  • Massimo will validate XML
  • Lorrie will discuss with Daniel concerns about RDF data model
  • Massimo will split normative and non-normative references
We decided to keep BNF as non-normative because we think it's helpful, those who don't like it can ignore it and read DTD
3/28/00 40 Concerns about using experimental RFC (HTTP Extension Framework)
See Mark Baker's comment
RESOLVED 4/3 We disagree that experimental RFCs should not be implemented. Lorrie responded to Mark -- note we eventually removed HTTP extension framework stuff from the spec, so this concern was addressed
3/31/00 41 Louis Theran's comments RESOLVED 4/3 Discussed at f2f meeting, many points already addressed. We will take up his suggestion of using elements rather than attributes for DATA. Lorrie responded to him.
4/3/00 42 Need to revamp P3P policy example in spec to make it more realistic. Also use catalog.example.com as name of web site. RESOLEVED 5/10 Ari created two examples -- they have been added to section 2 of the 5/10 working draft
4/3/00 43 Need example P3P policy archive 4/3 group will work on this after spec goes to CR with assistance from POWG
4/4/00 44 Problems with content models in XML Schemas
See Martin Duerst's note, Henry Thompson's followup, and Noah Mendelsohn's followup
4/13 RESOLVED Yuichi responded to Martin Duerst
3/30/00 45 Remove DISCLOSURE element, create ACCES element, and move discuri to policy element 4/13 RESOLVED Marc's proposal [member confidential] adopted
4/13/00 46 Turning categories from attributes into elements RESOLVED 4/20 We will turn categories into elements -- see Section 3.4
4/13/00 47 Add phonenum.formatted RESOLVED (decline) 4/13 group decided this was not necessary and had concerns about people using formatted field only and making it difficult for international phone numbers to be parsed easily
4/13/00 48 Add short and long description to disputes (change current description to short description), similar to data
RESOLVED 4/13 group agreed, Section 2.3.5 of spec changed
4/14/00 49 Tom Hubbard's comments and questions
(a) meaning of size attribute in DATA element
(b) suggestion to add MUST language to UTF-8 requirement in 3.2
(c) concern about overloading of DATA element
RESOLVED 4/20 (a) We will clarify description of size attribute in spec
RESOLVED 4/20 (b) We will adopt MUST language for UTF-8 requirement
RESOLVED 4/20 (c) We will split DATA into 3 elements
4/14/00 50 Suggestion that we add a P3P policy content type
- See Tom Hubbard's note

RESOLVED (decline) 7/10 - the consensus of the group was that a P3P policy content type would not be all that useful and would add to the server overhead. It might be worth considering for P3P2

4/14/00 51 Authoritative caches
See Louis Theran's note
RESOLVED 4/20 We believe we have already addressed this. Martin responded to Louis.
4/20/00 52 Can we modify syntax so extensions can be put in more places? RESOLVED 4/21 Allow extensions at the beginning and end of ENTITY, POLICY, DISPUTES, and STATEMENT
4/21/00 53 Specification should introduce concept of hierarchical structure of policies and entities
- NDMA public comment
RESOLVED (decline) 4/26 Beyond the scope of P3P1.0; Lorrie responded
4/21/00 54 Need better support for i-mode
- NMDA public comment
RESOLVED We will add location category -- i-mode specific data elements can be added with new data schemas; Lorrie responded
4/24/00 55 We need validation and testing tools RESOLVED Yuichi created validator
4/24/00 56 Additional NMDA comments (1) RESOLVED (decline) Not compelling that we need way for web site to maintain same policy when web site moves (2) RESOLVED 8/14- See issue 73 (3) RESOLVED (decline) third-party labeling is beyond the scope of P3P1.0, but can be done with PICS/RDF; Lorrie responded
4/28/00 57 Comments from Renato Iannella RESOLVED 5/10 Comments were mostly questions, suggestions on matters of style, or issues we have previously discussed. Lorrie responded to Renato
4/30/00 58 P3P Vocabulary comments from Dan Jaye RESOLVED (partial decline) 5/10 The POWG discussed these comments at legnth. We decided to add a pseudononymous profiling purpose and change the name of "one-time targeting" to "one-time tailoring". Lorrie responded to Dan. (Note issue was addressed again as part of issue 83)
5/2/00 59 P3P Comments from Bert Bos RESOLVED 5/10 Lorrie responded to Bert
5/15/00 60 Unset categories in base data schema

Two questions --

1. To what categories do the following elements belong: dynamic, user, thirdparty, business, dynamic.http, dynamic.clickstream

2. Do sub-elements inherit the categories of their parents?

RESOLVED 6/8 Missing categories added to base data schema and explanation in spec
5/31/00 61 What to do about sites that have no data RESOLVED 6/8 Syntax in section 3.2.1 changed to allow 0 or more statements
6/20/00 62 Allow expiration in policy files in addition to HTTP headers? RESOLVED 8/7 - Rajeev's proposal adopted. Martin folded other points we discussed into revised section 2
6/21/00 63 does protocol, safezone, etc. work properly when cookies are set on redirect responses? RESOLVED 8/21 - Martin looked into this and could not find any problems
6/21/00 64 how can sites state that they don't log IP addresses and/or that they keep only some of the bits of the ip address? do we need an explicit IP address data element? RESOLVED 7/31 - New data elements added to base data set
6/21/00 65 could we add a vocab tag to indicate whether or not a site is a childrens' site (as defined by US COPPA act)? Clearly this could be done with an extension, but does it make sense to make that part of the vocab itself? RESOLVED (decline) - POWG recommends against this because it would add content labeling to P3P. Spec group agreed not to add this, people are free to add extensions with this functionality.
6/21/00 66 unique ID category remains problematic .... perhaps we should pull out SS# or government ID as specific data elements? Perhaps also pairwise ID, identity hash, etc.?
RESOLVED 9/6 - (partial decline) We will create government id category. Eric Brunner would still prefer LUID/GUID solution, but there was not enough support for this to add it due to concerns about LUIDs becoming GUIDs over time.
6/21/00 67 It is difficult for sites to represent that they have optional purposes, that is purposes
that you may opt-in or opt-out of. Should we add syntax to handle this or just document the sort of kludgy way it can be handled currently and recommend that implementers learn to recognize this?
RESOLVED July 31 - add opt-in and opt-out flags as "required" attribute
6/21/00 68 Can we rename the p3p.xml file so that it is not in the root directory? Perhaps put it in a /metadata/ directory or a /metadata/w3c directory or something like that. RESOLVED: 7/24 - We will rename this /w3c/p3p.xml but remain agnostic about other uses of this file
6/21/00 69 Can we modify the recipients field to allow web sites to optionally declare specific recipients by name? RESOLVED 8/7 - group agreed to adopt long-description, but not entities. We will call it "recipient-description" rather than "long-description". We decided that entities might be useful in the long term and should be reconsidered for P3Pv2, but we don't see enough demand for it for version 1 and it adds complexity to the policy.
6/21/00 70 if we drop immutability, should we recommend or require sites to keep history of changes to their privacy policy? RESOLVED 8/14 -Added note to section 2 to explain that web sites should keep records of past policies
6/23/00 (raised in April but never put on issues list) 71 Performance issues -- how can we minimize delay imposed prior to first request for content and also avoid inconsistent behavior

-- consider mini-policies, inline policy reference file, and safezone issues

RESOLVED 8/7: We won't allow policy summaries, but we will allow inline policies, require strict order for policy elements, and get rid of immutability requirement. We will allow HTTP headers to point to either PRFs or policies. We will remove section of spec on indirect references -- they will be allowed but not recommended. Martin revised section 2 to reflect all of this plus expiration of policies and explaination of transition period for site authors.
6/15/00 72 Tom Hubbard's protocol concerns and proposed changes [member confidential] RESOLVED (decline) 7/17 - Lorrie responded to Tom [member confidential] - we are addressing performance concerns in other ways and his proposal places unacceptable burdens on servers
6/23/00 73 Review and, if necessary, revise guiding principles to reflect changes to spec; review this in conjunction with issue 56

- Lorrie and Ari's proposal [member confidential]

RESOLVED 8/14 - Lorrie and Ari's proposal adopted
6/23/00 74 Use P3P headers without HTTP extension framework? RESOLVED 7/31 - Group decided to create our own HTTP header and drop the extension framework from the spec -- we will submit an I-D to the IETF after last call
6/27/00 75 Consider adding "directory" and "historical" purposes to vocab RESOLVED 8/7: We will add historical purpose, however we decided that adding a directory purpose was not necessary. People should use the public recipients.
6/28/00 76 Contact element -- need to clarify the definition RESOLVED 7/24 -Lorrie's proposal for new contact element defintion [member confidential] adopted
6/29/00 77 Mark Nottingham's comments about embedded content [member confidential]
- can sites reference an off-site policy reference file?
- could link tags or headers reference a policy directly instead of a PRF?
- can we add a flag to indicate that embedded content has same policy as rest of page?
RESOLVED: 8/7 - revised embedded content proposal accepted with clarifications of hyperlink definition. Included in revised section 2 (see issue 71).
6/30/00 78 When there is no PREFIX in the PRF RESOLVED 8/21: Addressed in Martin's revised section 2 by linked-object element (see issue 71).
7/5/00 79 Expressing that a site is acting as an agent
RESOLVED 8/7 - we will modify <ours/> definition (option a in Lorrie's response)
7/11/00 80 Joe Reagle's comments
- Martin's response [member confidential]
RESOLVED 8/14 - Martin will forward his response and clarifying comments to Joseph
7/26/00 81 (Recipient) disclosures regarding aggregate data
RESOLVED 8/14 - Add paragraph to spec to clarify that disclosures about aggregate data are not required
7/28/00 82 Comments from the CC/PP working group RESOLVED8/14 - Lorrie sent them a response, which they acknowledged was satisfactory
7/31/00 83

Joe Adler's proposed changes to statement element [member confidential]
A) Add <method> element as a sub-element of <retention> with optional maxdays attribute
B) Changes to list of <purpose> elements
- Dan Jaye's purpose suggestions [member confidential]
C) Add more detail to <recipients> element to describe what the recipients will do with the data
D) Add flag to <recipients> element to indicate whether opting out of sharing is permitted
E) Add redistribution flag to recipients element

RESOLVED (partial decline) 9/6-proposals A, C, and E were rejected due to lack of support. Dan Jaye's purpose suggestionswere accepted, subject to ammendments. The "required" attribute will be added to recipients to indicate opt-in/opt-out etc..
8/4/00 84 Need a way to identify which practices apply to which cookies

- Revised proposal [member confidential]

RESOLVED 10/9 - Group adopted revised proposal subject to editorial clarifications, dropping of 2.2.1 changes, and dropping language about using lifetime of cookie as lifetime of policy.
8/4/00 85 Seperate domain and path in dynamic.http.uri and dynamic.http.referer
RESOLVED 8/21 - We will adopt Dan's recommendation as ammended by Martin
8/6/00 86 Directing clients to resend safezone after reading P3P header
1) Specify an argument to the PolicyRef HTTP header that instructs the user-agent to reattempt the request if no previous policy were associated
2) Drop the MAY HEAD language
3) Specify a range of status codes (403, more?) that, if a PolicyRef header is attached when there was no policy previously located, will force evaluation of the policy and resubmission of the request, if the policy matches.
4) Specify a new status code to communicate that the request cannot be satisfied without privacy-sensitive information.
RESOLVED (partial decline) 8/21 - We discussed adding an argument to indicate that a non-safezone request may have different results, but decided to leave that as a v2 issue. We have dropped the MAY HEAD language
8/15/00 87 Policy Reference File syntax concerns (raised by Hugo) RESOLVED 8/21 - We will use * wildcard sysntax and ordered rules.
8/22/00 88 PolicyRef conflicts -- should we impose an order for evaluating policy reference files or restrict the scope of PRFs referenced from link tags? RESOLVED - no objections raised so propsal [member confidential] is adopted
8/24/00 89 Disputes element syntax problem [member confidential] RESOLVED 8/26 - Yuichi found out how to represent this syntax with XML schemas [member confidential]
8/31/00 90 Syntax for ordered rules in privacy reference file-- should we add RDF:SEQ syntax or use XML? RESOLVED 9/5 - use XML
8/31/00 91 Immutability of data schemas RESOLVED 9/5 - relax immutability requirement as Massimo proposed
8/31/00 92 Change embedded content definition so that proxies can determine when something is embedded content?
- Mark's proposal [member confidential]
RESOLVED9/11 - Mark's proposal adopted
9/4/00 93 Allow schemas to override categories in other structures? [member confidential] RESOLVED 9/11 - Yes, make proposed change
9/7/00 94 Remove <linked-object>? RESOLVED9/11 - remove linked-object
9/7/00 95 What should the P3P spec say about APPEL? Consensus at APPEL meeting was to require ability to import APPEL files and recommend ability to export APPEL files. RESOLVED 9/11 - spec group agreed with consensus at APPEL meeting -- user agents MUST be able to import APPEL rules and SHOULD be able to export APPEL rules. However, Microsoft dissented [member confidential]. At 11/1 meeting group agreed to relax requirement to require the ability to import preferences, with specifying the APPEL language as the format.
9/7/00 96 Do we need to specify URI escaping rules?

- Proposal [member confidential]

RESOLVED 9/11 - Proposal adopted. Also add note to spec noting that this is the same as rules for XML schemas
9/13/00 97 Indication in HTTP header that client is P3P-enabled RESOLVED 10/6- (decline) Concern that it would not be possible to implement this in a pluggin implementation. Since solution was not provided by 10/5 deadline, issue is closed without action.
9/11/00 98 How to declare client side scripts that collect data

a. revised data element definition [member confidential]
b. when does P3P apply? [member confidential]

RESOLVED 10/6- Martin's revised proposals adopted
9/13/00 99 Add non-PII element? RESOLVED9/18 - proposal adopted on recommendation of POWG with two ammendments -- no special noiduri, and change "policy" to "statement" in definition
9/11/00 100 Concurrent opt-out proposal [member confidential] RESOLVED 9/18 (decline) Consensus of group is that DISPUTES element is adequate to capture this
9/25/00 101 Compact representation of P3P policy in cookie header RESOLVED 11/2 - consensus reached at f2f meeting to adopt compact policies for cookies
9/18/00 102 Need guidelines for asyncronous evaluation of policies ACTION- Dan Jaye and/or Eric to do first draft -- as these are only guidelines, they may be added to spec or in seperate document after CR
9/25/00 103 Protocol optomizations RESOLVED 10/2- No concrete proposals put forward by deadline, so issue is closed
9/25/00 104 POLICY syntax issue

- Massimo's note [member confidential]

RESOLVED10/6 - Massimo's proposal adopted
9/28/00 105 Allow for future extensibility of expiry tag RESOLVED 10/9 -Rajeev's proposal to ignore attributes not adopted, but we will add language to expiry error conditions to clarify
9/29/00 106 Remove restrictions on policy reference files referenced via link tag (but keep requirement that PRF in well-known location overrides)

- Martin's note [member confidential]

RESOLVED 10/6 -Resolved as suggested
Issues raised during second last call period
10/26/00 107 Change name of "other" category to "other_category"? RESOLVED 11/1 - make name change
10/27/00 108 Postal element mismatch between P3P and ECML - comment from David Shepherd

- similar comment from Don Eastlake

RESOLVED (decline) 11/15 - Group decided not to make this change -- Lorrie responded to ECML people, Eastlake acknowledged response

Last updated: 15 December 2000 by Lorrie (please send updates to lorrie@research.att.com)