User side policy & handling of credentials

Hi,

I wonder if it is possible/sensible to express the following policies in
P3P/APPEL:

User Alice will only submit her credit card information to sites that
have the XYZ credential.

User Alice only does business with web sites that are ABC-certified (=
have the ABC credential).

If someone could create these rules, e.g. using the JRC editor, I would
be most grateful. If it is not sensible to have such rules, please give
me a comment.

And a general question: Why is payment information such as credit card
number, expiry date, bearer name etc. not part of the P3P user data
structures?

Cheers,
/Almut

Received on Tuesday, 31 October 2006 21:31:15 UTC