Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Another important issue for policy reference files arise when it comes to cookies. For<br />
the association of policies with cookies, P3P specifies the two elements COOKIE-<br />
INCLUDE and COOKIE-EXCLUDE. For both elements the name of the cookie,<br />
the value, domain and path of the cookie has to be provided. The example shown in<br />
Listing 3.6 defines that the policy “first” applies to all cookies except for the one with<br />
the name “obnoxious-cookie” from “.example.com” and that actually the second policy<br />
is applied to this cookies from domain “.example.com”.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Listing 3.6: Policy reference file using the COOKIE-INCLUDE and COOKIE-<br />
EXCLUDE elements (Source: [W3Ca])<br />
In addition to the already introduced features, policies can also be applied to certain<br />
HTTP methods using policy reference files. That means that in a policy reference file,<br />
a certain policy can be applied to one of the HTTP methods such as OPTIONS, GET,<br />
HEAD, POST, PUT, DELETE, TRACE and CONNECT (cp. [W3Cb] for more details<br />
on the HTTP/1.1 specification). Practically applicable in most cases are probably the<br />
POST and GET methods to apply policies to either requested data or sent content via<br />
forms. The corresponding element to be used for this purpose is METHOD.<br />
P3P offers a diverse set of features for policy preference files of which the most important<br />
ones were introduced here. For a more detailed description, readers should consult the<br />
P3P specification available at [W3Ca].<br />
3.1.4. P3P policies<br />
P3P policies are the heart of P3P. With a P3P policy, a website can transfer its privacy<br />
policy in a machine-readable, standardized way which enables user-agents to parse this<br />
policy and compare it to user-preferences in browsers, proxies or other software. To be<br />
standardized and machine-readable, P3P policies have to use a predefined vocabulary<br />
and syntax. Within a P3P policy, there are five general assertions which apply to the<br />
24