What do policies apply to?

A very basic question, for which I haven't seen
a hard-and-fast answer in the P3P spec:

Assume I load a page http://www.xyz.org/a,
which points to a policy http://www.xyz.org/a.policy.

Page 'a' also contains a form, with an 'action' URI
of http://www.xyz.org/b, with a policy http://www.xyz.org/b.policy.

If I fill in the form 'a' and send it in to 'b',
which policy is my data submission covered by,
http://www.xyz.org/a.policy or http://www.xyz.org/b.policy?

This should be said very clear at the beginning of the
P3P specification, not just assumed to be somehow obvious.

http://www.xyz.org/a.policy has the advantage that one
less rouund-trip is necessary. http://www.xyz.org/b.policy
has the advantage that it can deal with pages that contain
multiple forms that send data to different servers.
If http://www.xyz.org/b.policy is choosen, it may be
interesting to consider how to allow to indicate
the relevant policy in the html <form> element.


Regards,   Martin.




#-#-#  Martin J. Du"rst, I18N Activity Lead, World Wide Web Consortium
#-#-#  mailto:duerst@w3.org   http://www.w3.org/People/D%C3%BCrst

Received on Monday, 13 March 2000 04:46:42 UTC