Hi, I assume everyone has heard of P3P (Platform for Privacy Preferences), so I'll skip explaining in detail what it is. If you don't know, just skip this message *g*.
I've got one Problem with this, and PHP may solve it: P3P has absolutely no Application-Server/Scripting support. It's just a simple XML-File that tells the User what (personal) data the Website collects, and is Requested with "hard-coded" relative URL's. Assume a PHP Website with URL-based Session's. A User Request the Homepage (/index.phtml) - he's anonymous, collected data is anonymous. The (static) P3P File tells the User that the collected data is anon. Well, now the User logs-in via a Form-Submit and reloads the Page (/index.phtml). The information is set in the PHP-Session, the User is shown other (personalized) Content, but the P3P-File is still the same, telling the user, that the collected data is still anonymous - this is (or may be) wrong now. P3P has no mechanism to handle this case, in P3P you can only set a different policy for (sub-)folders (differrent URI's). The problem is, that the GET Request is absolutely the same, it doesn't matter if the user is logged-in or anonymous (well, it would be a security hole, if someone is able to find out, if a user is logged-in when (s)he takes a look at the URL, hm?). Sure, it's possible to copy all "templates" to another subfolder and link logged-in users to this one, but why should I do so? The advantage of using templates (a I define them) is that they just show any content. They don't care if this content is personalized or not. The content is "prepared" by the "business logic" - programmed in PHP - and stored in a database. This way, I'm able to use the same "templates" for logged-in and anonymous users - well, half the work to do... I already talked to some P3P-Members, they think, it is no Problem, but didn't provide a solution - at least none I was able to understand *g*. I think, P3P should (must!!) be supported by the Application-Server or Scripting Language. It should be possible to catch a request for a P3P file from the Webserver, match Information from the Session, and generate the correct XML-contents on the fly or assign a matching P3P-File. Links: P3P - http://www.w3.org/P3P/ One of our Website's that will have the described problem. (Not coded in PHP - we do quite the same thing with PHP and the BroadVision Application Server): http://www.siemens.de/solutionprovider/dialog Bruno Baketaric Development Director WOB Interactive AG Werner-Heisenberg-Strasse 6a 68519 Viernheim Fon +49 (0)6204.970-274 Fax +49 (0)6204.970-211 E-Mail: [EMAIL PROTECTED] ICQ: 818981 http://www.wob.ag http://www.bbn-advertising.com Part of: BBN The multicultural agency -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
