the platform for privacy preferences p3 p
play

The Platform for Privacy Preferences ( P3 P) December 2000 Update - PowerPoint PPT Presentation

The Platform for Privacy Preferences ( P3 P) December 2000 Update A user empowerment approach Marc Langheinrich ETH Zurich APPEL Subgroup Chair P3P Working Group Outline P3P December 2000 Update Platform for Privacy Preferences ! What


  1. The Platform for Privacy Preferences ( P3 P) December 2000 Update A user empowerment approach Marc Langheinrich ETH Zurich APPEL Subgroup Chair P3P Working Group

  2. Outline P3P December 2000 Update Platform for Privacy Preferences ! What is P3P? – A user empowerment tool – P3P1.0 a first step – not a full solution ! What does P3P provide? – Machine-readable privacy policies – Referencing & Exchanging policies – Exchanging Privacy Preferences (APPEL) ! FAQ’ s, Wrap-Up 2

  3. User Em pow erm ent P3P December 2000 Update Develop tools that allow people to control the use and dissemination of their personal information I . W hat is P3 P? 3

  4. Em pow erm ent Tools P3P December 2000 Update ! Prevent your actions from being linked to you – Crowds (AT&T Labs), Anonymizer, Freedom (zks.net) ! Allow you to develop persistent relationships not linked to each ot her or you – Lucent Personal Web Assistant (Bell Labs) ! Make informed choices about how your information will be used I . W hat is P3 P? – Platform for Privacy Preferences Proj ect – P3P (W3C) ! Know that assurances about information practices are trust worthy – TRUS Te, BBBOnline 4

  5. P3 P 1 .0 P3P December 2000 Update ! W3C Activity S tarted S ummer 1997 ! Goals – Web sites offer machine readable policies – Browsers automatically compare policies and user preferences – Web site & browser negotiate „ best deal“ I . W hat is P3 P? ! P3P 1.0 – No negotiation, no choice of policies – Goal: Ease of deployment 5

  6. December 2000 Update P3 P Overview

  7. P3 P1 .0 Provides P3P December 2000 Update ! Machine-readable privacy policies I I . W hat does P3 P provide? – A standard schema for data collected – A vocabulary to express purpose, recipients, etc. – An XML format for machine-readability ! Referencing & Exchanging policies – Reference Files associate P3P policies with Web content (e.g., pages, sites) – A protocol for transporting P3P policies over HTTP 7

  8. Brow sing w ithout P3 P P3P December 2000 Update Web I I . P3 P – Exchanging Policies Server GET /x.html HTTP/1.1 GET /x.html HTTP/1.1 . . . Request web page . . . Request web page HTTP/1.1 200 OK HTTP/1.1 200 OK Content-Type: text/html Content-Type: text/html . . . Send web page . . . Send web page 8

  9. Brow sing w ith P3 P1 .0 P3P December 2000 Update Web I I . P3 P – Exchanging Policies GET /x.html HTTP/1.1 GET /x.html HTTP/1.1 Server . . . Request web page . . . Request web page HTTP/1.1 200 OK HTTP/1.1 200 OK P3P: policyref=“http://foo.com/p3p/ref.xml P3P: policyref=“http://foo.com/p3p/ref.xml Content-Type: text/html Content-Type: text/html . . . Send web page . . . Send web page Request Policy Reference File Request Policy Reference File Send Policy Reference File Send Policy Reference File Request P3P Policy Request P3P Policy Send P3P Policy Send P3P Policy 9

  10. The Policy Reference File P3P December 2000 Update I I . P3 P – Referencing Policies /w3c/p3p/ref.xml /index.html /orders/*.html /w3c/p3p/policy1.xml /catalog/* /orders/cgi-bin/* /w3c/p3p/policy2.xml Set-Cookie: session-id=... /w3c/p3p/policy3.xml /catalog/kids/* 10

  11. Reference File Syntax P3P December 2000 Update <META xmlns="http://www.w3.org/2000/11/23/P3Pv1" I I . P3 P – Referencing Policies <POLICY-REFERENCES> <POLICY-REF web:about="/w3c/p3p/ policy1.xml "> < INCLUDE >/index.html</INCLUDE> <INCLUDE>/orders/*.html</INCLUDE> <INCLUDE>/catalog/*</INCLUDE> < EXCLUDE >/catalog/kids/*</EXCLUDE> </POLICY-REF> <POLICY-REF web:about=“w3c/p3p/ policy2.xml "> <INCLUDE>/orders/cgi-bin/*</INCLUDE> <COOKIES-INCLUDE>session-id .examples.org /</COOKIES-INCLUDE> </POLICY-REF> <POLICY-REF web:about=“w3c/p3p/ policy3.xml "> < INCLUDE >/catalog/kids/*</INCLUDE> </POLICY-REF> </POLICY-REFERENCES> </META> 11

  12. Reference File Syntax P3P December 2000 Update <META xmlns="http://www.w3.org/2000/11/23/P3Pv1" I I . P3 P – Referencing Policies <POLICY-REFERENCES> <POLICY-REF web:about="/w3c/p3p/ policy1.xml "> <POLICY-REF web:about="/w3c/p3p/ policy1.xml "> < INCLUDE >/index.html</INCLUDE> < INCLUDE >/index.html</INCLUDE> <INCLUDE>/orders/*.html</INCLUDE> <INCLUDE>/orders/*.html</INCLUDE> <INCLUDE>/catalog/*</INCLUDE> <INCLUDE>/catalog/*</INCLUDE> < EXCLUDE >/catalog/kids/*</EXCLUDE> < EXCLUDE >/catalog/kids/*</EXCLUDE> </POLICY-REF> </POLICY-REF> <POLICY-REF web:about=“w3c/p3p/ policy2.xml "> <INCLUDE>/orders/cgi-bin/*</INCLUDE> <COOKIES-INCLUDE>session-id .examples.org /</COOKIES-INCLUDE> </POLICY-REF> <POLICY-REF web:about=“w3c/p3p/ policy3.xml "> < INCLUDE >/catalog/kids/*</INCLUDE> </POLICY-REF> </POLICY-REFERENCES> </META> 11

  13. Reference File Syntax P3P December 2000 Update <META xmlns="http://www.w3.org/2000/11/23/P3Pv1" I I . P3 P – Referencing Policies <POLICY-REFERENCES> <POLICY-REF web:about="/w3c/p3p/ policy1.xml "> < INCLUDE >/index.html</INCLUDE> <INCLUDE>/orders/*.html</INCLUDE> <INCLUDE>/catalog/*</INCLUDE> < EXCLUDE >/catalog/kids/*</EXCLUDE> </POLICY-REF> <POLICY-REF web:about=“w3c/p3p/ policy2.xml "> <POLICY-REF web:about=“w3c/p3p/ policy2.xml "> <INCLUDE>/orders/cgi-bin/*</INCLUDE> <INCLUDE>/orders/cgi-bin/*</INCLUDE> <COOKIES-INCLUDE>session-id .examples.org /</COOKIES-INCLUDE> <COOKIES-INCLUDE>session-id .examples.org /</COOKIES-INCLUDE> </POLICY-REF> </POLICY-REF> <POLICY-REF web:about=“w3c/p3p/ policy3.xml "> < INCLUDE >/catalog/kids/*</INCLUDE> </POLICY-REF> </POLICY-REFERENCES> </META> 11

  14. Reference File Syntax P3P December 2000 Update <META xmlns="http://www.w3.org/2000/11/23/P3Pv1" I I . P3 P – Referencing Policies <POLICY-REFERENCES> <POLICY-REF web:about="/w3c/p3p/ policy1.xml "> < INCLUDE >/index.html</INCLUDE> <INCLUDE>/orders/*.html</INCLUDE> <INCLUDE>/catalog/*</INCLUDE> < EXCLUDE >/catalog/kids/*</EXCLUDE> </POLICY-REF> <POLICY-REF web:about=“w3c/p3p/ policy2.xml "> <INCLUDE>/orders/cgi-bin/*</INCLUDE> <COOKIES-INCLUDE>session-id .examples.org /</COOKIES-INCLUDE> </POLICY-REF> <POLICY-REF web:about=“w3c/p3p/ policy3.xml "> <POLICY-REF web:about=“w3c/p3p/ policy3.xml "> < INCLUDE >/catalog/kids/*</INCLUDE> < INCLUDE >/catalog/kids/*</INCLUDE> </POLICY-REF> </POLICY-REF> </POLICY-REFERENCES> </META> 11

  15. P3 P Policies P3P December 2000 Update ! Machine-readable (XML) version of web site I I . P3 P – Expressing Policies privacy policies – Use P3P Vocabulary t o express data practices – Use P3P Base Data S et to express type of data collected ! Captures common elements of privacy policies but may not express everything – sites may provide further explanation in human- readable policies 12

  16. The P3 P Vocabulary P3P December 2000 Update ! Who is collecting data? ! What data is collected? I I . P3 P – Expressing Policies ! Does the data collector ! For what purpose will provide access to my data be used? data? ! Who are the data ! What assurance is recipients (anyone there that this policy beyond t he data will be followed? collector)? ! Where is the human- ! Hong long will data be readable privacy retained ? policy? 13

  17. P3 P Base Data Schem a P3P December 2000 Update ! A set of common data elements all P3P I I . P3 P – Expressing Policies implementations should know about ! Includes “ User.” elements such as – name – Address – phone number, etc. ! Includes “ Dynamic.” elements such as – indicators that a site collects click-stream – uses cookies – collects info of a cert ain category, etc. 14

  18. Exam ple Privacy Policy P3P December 2000 Update TheCoolCatalogExample, Inc., of 123 Main S treet, S eattle, WA 98103 US A, makes the following statement for the Web page at I I . P3 P – Expressing Policies http:/ / www.TheCoolCatalog.example.com/ catalog/ . We have a privacy seal from PrivacyS ealExample, which provides assurance that we abide by our policy. We do provide access capabilities to any identifiable information we may have from you. We use cookies and collect your gender , information about your clothing preferences , and ( optionally ) your home address to customize our entry catalog pages and for our own research and product development . We retain this information indefinitely. We also maintain server logs that include information about visits to the http:/ / www.CoolCatalog.example.com/ catalog/ page, and the types of browsers our visitors use. We use this information in order to administrate and improve our web site. We retain this information indefinitely. 15

Recommend


More recommend