1 / 11

INTERNET SECURITY TOPIC

Learn about P3P, a standardized language that informs users about the privacy policies of websites and applications. Understand how P3P allows websites to present their data collection practices and helps users know what data will be collected and how it will be used.

bolszewski
Download Presentation

INTERNET SECURITY TOPIC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INTERNET SECURITY TOPIC

  2. A P3P Preference Exchange Language(APPEL) Introduction by W3C working draft

  3. P3P Basic • P3P is designed to inform users about the privacy policies of services(Web sites and applications that declare privacy practices • Policies can be parsed automatically by user agents

  4. Basic P3P interaction process Inform user about policies Fetch P3P policy User agent User service Request a web page

  5. Goal of P3P • It allows Web sites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner. • It enables Web users to understand what data will be collected by sites they visit, how that data will be used.

  6. <appel:RULE behavior=‘block’ <p3p:POLICY> <p3p:STATEMENT> <p3p:DATA-GROUP> <p3p:DATA> <p3p:CATEGORIES appel:connective=‘or’> <p3p:physical/> <p3p>:demographic/> </p3p:CATEGORIES> </p3p:DATA> </p3p:DATA-GROUP> <p3p:RECEIPTIENT appel:connective=‘or’> <p3p:other-recipient/> <p3p:public/> <p3p:delivery/> </p3p:RECEIPTIENT > </p3p:STATEMENT> </p3p:POLICY> </appel:RULE> Explanation: agent reject the policy ask for personal data under the physical,demographic categories when these information will be shared by the third part.

  7. Sample Ruleset in APPEL 1.0 <appel:RULE behavior=‘request’ <appel:REQUEST-GROUP> <appel:REQUEST uri=http://www/my-bank.com/*/> </appel:REQUEST-GROUP> <p3p:POLICY> <p3p:STATEMENT> <p3p:appel:connective=‘or-excat’> <p3p:ours/> </p3p:RECEIPTIENT > </p3p:STATEMENT> </p3p:POLICY> </appel:RULE> Explanation: This "request" rule only continues to match the policy if it has been fetched while requesting a Web resource from www.my-bank.com. This request element allows the creation of rules that only apply to a certain resource or domain.

  8. Sample Ruleset in APPEL 1.0 <appel:RULE behavior=‘request’ prompt=‘yes’ <p3p:POLICY> <p3p:STATEMENT > <p3p:STATEMENT> <p3p:purpose appel:connective=‘or-exact’> <p3p:develop/> <p3p:admin/> </p3p:purpose> <p3p:DATA-GROUP appel:connective=‘or-exact’> <p3p:DATA ref=‘#User.Name.*’/> </p3p:DATA-GROUP> </p3p:STATEMENT> <p3p:DISPUTES-GROUP> <p3p:DISPUTESservice=‘http://trustus.org’/> </p3p:DISPUTES-GROUP> </p3p:POLICY> </appel:RULE> Explanation: User agree to provide its name under admin purpose (non-marketing purpose assurance from PrivacyProtect and TrustUS) but user still like to supervise all data transfer.

  9. Matching summary(six connective total) • E:expression X:evidence [If an or connective is given in E]at least one of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are ignored) [If an and connective is given in E]all of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are ignored) [If an non-or connective is given in E]none of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are ignored) [If an non-and connective is given in E]not all of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are ignored)

  10. Matching summary(six connective total) [If an or-exact connective is given in E]at least one of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are not ignored) [If an and-exact connective is given in E] all of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are not ignored)

  11. Future work of Current APPEL • Extensible of behaviors • Comparison operators for simple numeric expression • Expiration dates

More Related