172 2003-03-10 21:42:45 +0000 clarify what we mean by data linked to a cookie 2008-12-02 22:41:20 +0000 1 1 1 Unclassified P3P Clarifications needed unspecified Other other RESOLVED FIXED P2 normal P3P1.1 167 174 1 lorrie rigo zzz oldest_to_newest 408 0 lorrie 2003-03-10 21:42:45 +0000 The spec requires sites to disclose in their cookie policies the data linked to a cookie. However, it is not entirely clear what we mean. We need further explanation and perhaps some examples to be added to the spec. 1173 1 rigo 2004-01-19 14:52:50 +0000 See proposed wording from Giles, which is not yet agreed: http://lists.w3.org/Archives/Public/public-p3p-spec/2003Dec/0010.html 1310 2 lorrie 2004-02-15 17:52:12 +0000 See Lorrie's proposal at http://lists.w3.org/Archives/Public/public-p3p-spec/2004Feb/0030.html 1516 3 lorrie 2004-03-10 13:22:08 +0000 The WG agreed to the following on March 10: Remove the last 3 paragraphs of 1.3.2 that pertain to "linked" data and change the title of that section to "Non-identifiable" Data. Then add a new section 1.3.4 as follows: 1.3.4 Linked and Linkable Data Cookies often store a unique number or database key that links to a database record, rather than storing the complete database record. Web sites that use P3P must disclose not only the types of data stored directly in a cookie, but also all data linked to a cookie. A large amount of data may be "linkable" to a cookie without actually being "linked" to that cookie. A piece of data X is said to be linkable to a cookie Y if a key stored in cookie Y can be used to retrieve X either directly or indirectly. A direct retrieval might happen, for example, if the key is associated with a database record in which X is stored. An indirect retrieval might happen, for example, if the key is associated with a database record that contains a piece of data that may be used, in turn, as a key to retrieve a record in a second database, and X is stored in the second database. Furthermore, if cookie Y is stored in a server log file, the log file may facilitate further linking. For example, when cookie Y is replayed, it may be accompanied by a referer field that includes additional identifiable information or even another key. Alternatively, imagine a web site that sets two cookies, Y and Z. Cookies Y and Z may get replayed in the same HTTP request and subsequently recorded side-by-side in the server log file. Thus all data associated with cookie Y are also linkable to cookie Z. Indeed, unless precautions are taken to minimize server log files and severely restrict the use of identifiable data, almost all data an entity stores about an individual are likely to be linkable to any cookies they have set on that individual's computer. A piece of data X is said to be linked to a cookie Y if at least one of the following activities may take place as a result of cookie Y being replayed, immediately upon cookie replay or at some future time (perhaps as a result of retrospective analysis or processing of server logs): <ul> <li>A cookie containing X is set or reset.</li> <li>X is retrieved from a persistent data store or archival media.</li> <li>Information identifiable with the user -- including but not limited to data entered into forms, IP address, clickstream data, and client events -- is retrieved from a record, data structure, or file (other than a log file) in which X is stored. </li> </ul> Entities should consider their data collection and storage architectures carefully to determine what data may be linkable to their cookies and what data will actually be linked to each cookie. If data is linkable but not linked to a particular cookie, it does not have to be disclosed in a P3P statement concerning that cookie. However, should the entity associated with that P3P policy ever link the data for any reason other than to comply with law enforcement demands, they would be in violation of their stated policy. 1709 4 rigo 2004-04-19 11:22:45 +0000 Integrated into the new http://www.w3.org/P3P/2004/WD-P3P11-20040420