Proposal: Agent-Of Domain Relationships


This Document is deprecated and replaced by the domain-relationsship document

Prepared for W3C P3P 1.1 Working Group

Jack Humphrey (

October 2003


As part of the P3P 1.1 effort, this document describes modifications to the P3P specification that would allow user agents to recognize when hosts in different domains have an agent-client relationship in which data is collected by the agent solely on behalf of the client. They build on the modifications suggested in the “Same-Entity Domain Relationships” proposal, which covers multiple domains owned by the same entity.

This document contains an overview of the proposed modifications but not the specification-level details of the modifications, which will be provided in a subsequent document.

Proposed Additions to Policy Reference Files

Consider a site that uses a data collection service provided by another company, whose site makes use of embedded image requests and cookies to collect data solely on behalf of its clients. maintains no ownership of this data and has only administrative responsibilities for its use. We refer to this situation as an “agent of” relationship, as in “ is an agent of”

The proposed mechanism allows the expression of the “agent of” relationship in much the same way as the “same entity” relationship, described in a separate proposal. For requests received on behalf of, could return a P3P policyref header referring to’s policy reference file, which would look something like this:

<META xmlns="">


<POLICY-REF about="/p3p/">





<HOST name="*" entity-type="AGENT" about=""/>



This file refers to a P3P policy hosted by that covers the data collected through the service. The HOST name attribute above indicates that is allowed to refer to this policy reference file, the type attribute indicates that it is an agent acting on behalf of, and the about attribute provides a URL for a default policy for the agent, which allows identification of the entity providing the agent service.

Proposed Additions to Support Compact Policies

Some user agents choose to only use compact policies to apply privacy preferences to cookies. Since compact policies do not allow the same level of expressiveness as policy reference files, they require a parallel mechanism to allow expression of “agent of” relationships. The proposed mechanism calls for the addition of two new HTTP P3P headers: agent-of and has-agent.

P3P agent-of Header

The P3P agent-of header allows a host to specify a list of space-delimited hostname qualifiers. This header denotes that the current host is providing a service that may involve collecting data solely on behalf of the listed hosts. This list has no direct mapping to the policy reference file but corresponds to the policy reference file(s) included in the P3P policyref header. In the “agent of” example, would return the header:

P3P: agent-of="*"

The P3P has-agent header allows a host to specify a list of space-delimited hostname qualifiers and URIs (separated by semicolons) that describe agent hosts that may collect data solely on behalf of the current host. This list must match the list of known hosts of type AGENT in the policy reference file. In the “agent of” example, would return the header:

P3P: has-agent="*;"

When evaluating compact policies, a user-agent should only consider one host to be an agent of another if the agent host has a matching agent-of hostname qualifier for the client host and the client host has a matching has-agent hostname qualifier.

Efficiency Concerns

For purposes of efficiency, hosts should not be required to return all hostname qualifiers for each of these new headers on every request. Instead they may tailor the header based on the request context, e.g. if acts as agent for 100 different hosts, it may return only “*” if it can glean that the request was referred from

Implications for User Agents

To take advantage of the new expressiveness provided by the proposed modifications, user agents should implement the following high-level rules:

  1. Agent Of: Host B should be considered an agent collecting data solely on behalf of host A if:

    1. Host A refers to a policy reference file on host B, and that policy reference file contains a KNOWN-HOSTS entry for host B with type AGENT, or

    2. During compact policy evaluation, host B’s P3P agent-of header contains a matching hostname qualifier for host A, and host A’s P3P has-agent header contains a matching hostname qualifier for host B.

  2. In the event of a verified “agent of” relationship, no extra privacy restrictions should be applied to either host.