With the increase in customized information provided to clients by servers, there has also been an increase in the transmission of client information from the client to the server. A server may utilize client information, among other things, to tailor content which is provided to the client. For example, if the server is informed of the location of a client, then the server may provide content to the client based on that location. Similarly, if the client informs the server of the network through which it is connected, then the server may utilize this information to provide network specific information to the client.
As an example, if a mobile client is connected to a network in, for example, Research Triangle Park, North Carolina, in the United States, then, if the client provides profile information to the server identifying its location as in North Carolina, information about North Carolina may be provided to the client by a server. If the client is then later connected to the server through a network in Tokyo, Japan, and the client provides profile information to the server identifying its location as being in Tokyo, then the server may provide information about Tokyo to the client.
Various methods exist by which a client may communicate its preferences and capabilities to a server. For example, information may be embedded within a Hyper-Text Transport Protocol (HTTP) user-agent field, or it may be embedded within a Universal Resource Locator (URL) itself. Emerging standards such as the W3C Composite Capability/Preference Profile (CC/PP) standard and the WAP Forum's User-Agent Profiles standard similarly define formats by which information may be embedded by the client in HTTP requests.
However, it is not always the case that information which may be required by the server to support such capabilities is actually available to the client. For example, the client may not have the location information which is to be provided to the server. This may occur if the client is not associated with a Global Positioning System (GPS). Therefore, the client may be unable by itself to provide such location information to the server. However, such information may be available to a network intermediary, i.e. a data processing system in the path between the client and the server. While the network intermediary may have such information, the network intermediary may need to be informed that such information should be passed on to the server as part of the client's profile. However, legal considerations may prevent a network intermediary, such as a service provider, from providing information to a third party service without the end user's explicit permission. Thus, the client may need to explicitly inform the network intermediary to pass its location information on to the server.
One issue which may arise when network intermediaries provide information on behalf of a client is security. Because information is not being provided directly by the client, it may be necessary to determine the authenticity of such information and to assure that the information is not be provided by someone posing as the client. However, privacy protocols, such as the Platform for Privacy Preferences Project (P3P), operate end-to-end between the client and the server and, therefore, may be unsuitable for providing authorization to network intermediaries to provide information about a client to a server. Accordingly, a need exists for improvements in the security of how client profile information is provided to servers.