The following is a proposal for future work on P3P submitted following the November 2002 Workshop on the Future of P3P
Many companies have sites on multiple domains and, with the current implementations of P3P, have had a very difficult time implementing P3P and compact policies on all its sites. When content is shared between domains, significant difficulties have been encountered with both P3P and compact policies from different sites being inconsistent with the practices of the site using the content or cookies from the second domain being blocked even when the same company owns both sites. In addition, some companies are acting as agents for another company and are simply following the contracting company's privacy policy.
There is no mechanism in the specification to allow a site to handle content sharing between domains or indicate that one site is acting as the agent for another. (HINT is sometimes incapable of fully expressing the relationship between sites.) To encourage adoption of P3P, a mechanism or mechanisms are required to permit a site to easily share content without an unduly complicated P3P policy or compact policies and to indicate that one site is the agent for another site.
Work on the issues discussed above could, without excluding other ideas, center on the following:
There is no known work already on this topic. However, extensive experience exists in the private sector with implementing P3P on sites that share significant amounts of content. These experiences could be leveraged to identify problems and potential solutions.
The issues here should be relatively easy to resolve. It should be possible to reach consensus on a mechanism to accomplish the last objective above within the timeframe for version 1.1 of the specification. Review of compact policies might take longer to complete. (See P3P Future Work Item 4.)
Last update $Date: 2003/05/23 13:58:13 $ by $Author: rigo $