110 likes | 129 Views
Learn about P3P, a standardized language that informs users about the privacy policies of websites and applications. Understand how P3P allows websites to present their data collection practices and helps users know what data will be collected and how it will be used.
E N D
A P3P Preference Exchange Language(APPEL) Introduction by W3C working draft
P3P Basic • P3P is designed to inform users about the privacy policies of services(Web sites and applications that declare privacy practices • Policies can be parsed automatically by user agents
Basic P3P interaction process Inform user about policies Fetch P3P policy User agent User service Request a web page
Goal of P3P • It allows Web sites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner. • It enables Web users to understand what data will be collected by sites they visit, how that data will be used.
<appel:RULE behavior=‘block’ <p3p:POLICY> <p3p:STATEMENT> <p3p:DATA-GROUP> <p3p:DATA> <p3p:CATEGORIES appel:connective=‘or’> <p3p:physical/> <p3p>:demographic/> </p3p:CATEGORIES> </p3p:DATA> </p3p:DATA-GROUP> <p3p:RECEIPTIENT appel:connective=‘or’> <p3p:other-recipient/> <p3p:public/> <p3p:delivery/> </p3p:RECEIPTIENT > </p3p:STATEMENT> </p3p:POLICY> </appel:RULE> Explanation: agent reject the policy ask for personal data under the physical,demographic categories when these information will be shared by the third part.
Sample Ruleset in APPEL 1.0 <appel:RULE behavior=‘request’ <appel:REQUEST-GROUP> <appel:REQUEST uri=http://www/my-bank.com/*/> </appel:REQUEST-GROUP> <p3p:POLICY> <p3p:STATEMENT> <p3p:appel:connective=‘or-excat’> <p3p:ours/> </p3p:RECEIPTIENT > </p3p:STATEMENT> </p3p:POLICY> </appel:RULE> Explanation: This "request" rule only continues to match the policy if it has been fetched while requesting a Web resource from www.my-bank.com. This request element allows the creation of rules that only apply to a certain resource or domain.
Sample Ruleset in APPEL 1.0 <appel:RULE behavior=‘request’ prompt=‘yes’ <p3p:POLICY> <p3p:STATEMENT > <p3p:STATEMENT> <p3p:purpose appel:connective=‘or-exact’> <p3p:develop/> <p3p:admin/> </p3p:purpose> <p3p:DATA-GROUP appel:connective=‘or-exact’> <p3p:DATA ref=‘#User.Name.*’/> </p3p:DATA-GROUP> </p3p:STATEMENT> <p3p:DISPUTES-GROUP> <p3p:DISPUTESservice=‘http://trustus.org’/> </p3p:DISPUTES-GROUP> </p3p:POLICY> </appel:RULE> Explanation: User agree to provide its name under admin purpose (non-marketing purpose assurance from PrivacyProtect and TrustUS) but user still like to supervise all data transfer.
Matching summary(six connective total) • E:expression X:evidence [If an or connective is given in E]at least one of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are ignored) [If an and connective is given in E]all of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are ignored) [If an non-or connective is given in E]none of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are ignored) [If an non-and connective is given in E]not all of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are ignored)
Matching summary(six connective total) [If an or-exact connective is given in E]at least one of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are not ignored) [If an and-exact connective is given in E] all of E’s contained expressions(if any) match X’s enclosed elements(additional enclosed elements in evidence X which are not referenced in expression E are not ignored)
Future work of Current APPEL • Extensible of behaviors • Comparison operators for simple numeric expression • Expiration dates