Platform for Privacy Preferences (P3P) Status Notes

26 August 1999

This document was prepared by Lorrie Cranor ([email protected]) on behalf of the P3P Specification Working Group. It is an annex to the 26 August 1999 P3P public working draft.

This public working draft is being issued in order to keep the public informed about P3P. However, there are a number of areas where the working group is well aware that further work is needed. These open issues are summarized here. W3C members may also consult the P3P open issues list for more details.

Vocabulary Issues

Questions have been raised about how relationships with credit card companies are reflected in the P3P vocabulary. This and other vocabulary-specific questions need to be examined by the P3P Policy and Outreach Working Group.

Base Data Set Issues

Most of the base data set issues have been resolved in the current draft. Known issues that remain include:

Need to better document base data set extension mechanism and discuss a few remaining open questions.
Need to split date type into two sub-types for date and time.

Internationalization Issues

Most of the internationalization issues have been resolved in the current draft. We may add a mechanism that will allow multiple copies of an element to be returned in different languages with the appropriate language attributes.

RDF/XML Syntax Issues

A number of syntax issues have been raised. We need to either fix the RDF syntax or agree to use XML syntax without RDF. Once we solve this problem, we still need to work on a DTD and resolve a number of minor issues. Major syntax changes are still possible at this point.

Protocol Issues

The protocol itself is now fairly well document, but a few open issues still remain:

Some questions remain about the Limited P3P protocol using the HTML link tag, including whether a propID is needed with a link tag.
Questions remain about whether there should be restrictions on where a proposal may be stored (i.e. does it have to be stored on the same host or in the same domain as the realm to which it applies?)
Questions remain about the use of the realm element. It has been proposed that P3P provide syntax for excluding sub-directories from realms. It has also been proposed that the realm element become a header rather than part of the proposal or that it be removed altogether.
It has been brought to our attention that some servers will not accept HTTP headers bigger than 4k. This may be a concern when the P3P data transfer mechanism is used to return data. We may modify the header syntax to a more compact syntax to address this problem.
We may also consider removing automatic data transfer (source=agent) from P3P 1.0.

Extension Mechanism

A general P3P extension mechanism has been proposed. This would allow extensions not only to data sets, but to all parts of P3P. This will likely be added to the specification after some additional work. It is likely that this mechanism will include an easy way for implementations that don't wish to recognize extensions to still be compliant.

User Experience Issues

There are a number of issues that impact the P3P user experience. Most of these issues require input from the P3P Policy and Outreach working group before they can be addressed.