To:
Stephane Bortzmeyer <bortzmeyer@nic.fr>
cc:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>, "Hollenbeck, Scott" <shollenbeck@verisign.com>, "'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>, brunner@nic-naa.net
From:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date:
Wed, 23 Oct 2002 12:03:47 -0400
Content-ID:
<16628.1035389027.1@nic-naa.net>
In-Reply-To:
Your message of "Wed, 23 Oct 2002 14:26:29 +0200." <20021023122629.GC19545@nic.fr>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: "private" Element Attribute
> I was not there and I find nothing in the mailing list archive.
Some was via voca during the WG face-to-face. Scott's provided pointers to
the WG list archive.
> <dcp> has exactly the same problem: while it acknowledges the work of
> the P3P WG, it tries to reinvent P3P, instead of using it.
We took some of the vocabulary. We didn't take the binding of p3p to
http, either in the URI (WKL) form, or in the subsequent forms for a
p3p header (I'm co-author of that in the p3p spec), nor in the later
forms (html link tag, xhtml link tag xform (pending CR)).
We took something quite close to the application of p3p's vocabulary to
cookies (compact policies) -- policy-on-apdu, not policy-on-uri, and put
<dcp>-on-session (sessionlessly on-object, I think).
> Why not use <POLICY> and not <dcp>?
For everyone's benefit, and this may not be current (shame Eric, shame!):
(from: http://www.w3.org/2000/10/XMLSchema.dtd)
<!-- ************* POLICY ************* -->
<element name='POLICY'>
<complexType>
<sequence>
<element ref='p3p:EXTENSION' minOccurs='0' maxOccurs='unbounded'/>
<element ref='p3p:TEST' minOccurs='0'/>
<element ref='p3p:EXPIRY' minOccurs='0'/>
<element ref='p3p:DATASCHEMA' minOccurs='0'/>
<element ref='p3p:ENTITY'/>
<element ref='p3p:ACCESS'/>
<element ref='p3p:DISPUTES-GROUP' minOccurs='0'/>
<element ref='p3p:STATEMENT' minOccurs='0' maxOccurs='unbounded'/>
<element ref='p3p:EXTENSION' minOccurs='0' maxOccurs='unbounded'/>
</sequence>
<attribute name='discuri' type='uriReference' use='required'/>
<attribute name='opturi' type='uriReference' use='optional'/>
<attribute name='name' type='ID' use='optional'/>
</complexType>
</element>
Meta-Issues:
a. Personally I don't think it helps us to mandate UTF-8 for a portion
of the data between EPP endpoints,
b. We haven't mandated genuine P3P at the initial (to onward-transport
via EPP) data-collection (registrar, or re-seller, or more
generally, agent) site, and mandated getting the P3P at that point
consistent with the DCP at the registrar.
c. We haven't mandated genuine P3P at the registry (recall, registries
don't "talk" to registrants),
c. We haven't (yet) provided for transparent, or transparent subsetting
of an instance of P3P to the EPP client from the EPP server, or
the reverse in the case of APPEL-esque thingies I still haven't looked
at.
<POLICY> Element Issues:
Numerous.
Please see <dcp>.
Eric