index.html
13.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>P3P: The Platform for Privacy Preferences</title>
<link rel="stylesheet" type="text/css" media="screen"
href="../StyleSheets/base.css" />
<link rel="stylesheet" type="text/css" media="screen"
href="style/stolenfromdean.css" />
<link rel="stylesheet" type="text/css" media="handheld"
href="style/deanstolenhandheld.css" />
</head>
<body>
<div id="page">
<div id="header">
<p><a href="http://www.w3.org/"><img src="../Icons/w3c_home.png" alt="W3C"
height="48" width="72" /></a><a href="http://www.w3.org/P3P/"><img
src="p3.gif" alt="P3P" height="48" width="212" /></a> <img alt="T & S"
src="../Icons/tands.png" /></p>
<h1>Platform for Privacy Preferences (P3P) Project</h1>
<h2>Enabling smarter Privacy Tools for the Web</h2>
</div>
<div id="content">
<div id="main">
<h3>PLING - W3C Policy Languages Interest Group</h3>
<p class="details"><span class="date">3 October 2007:</span> The <a
href="../Policy/pling/Overview.html">Policy Languages Interest Group
(PLING)</a> was created. Chaired by Marco Casassa-Mont (HP Labs) and Renato
Iannella (NICTA), the group is <a
href="../Policy/2007/ig-charter.html">chartered</a> to discuss
interoperability, requirements and related needs for integrating and
computing the results when different policy languages used together, for
example, <a
href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml">OASIS
XACML (eXtensible Access Control Markup Language)</a>, <a
href="http://www.faqs.org/rfcs/rfc4745.html">IETF Common Policy</a>, and <a
href="Overview.html">P3P</a> (W3C Platform for Privacy Preferences).
Participation is open to <a
href="http://www.w3.org/Consortium/Member/List">W3C Members</a> and the
<em><strong>public</strong></em>.</p>
<h3>Status: P3P Work suspended</h3>
<p class="details">After a successful Last Call, the P3P Working Group
decided to publish the <a href="http://www.w3.org/TR/P3P11/">P3P 1.1
Specification as a Working Group Note</a> to give P3P 1.1 a provisionally
final state.<br />
The P3P Specification Working Group took this step as there was insufficient
support from current Browser implementers for the implementation of P3P 1.1.
<a href="http://www.w3.org/TR/P3P11/">The P3P 1.1 Working Group Note</a>
contains all changes from the P3P 1.1 Last Call. The Group thinks that P3P
1.1 is now ready for implementation. It is not excluded that W3C will push
P3P 1.1 until Recommendation if there is sufficient support for
implementation. <br />
On the other hand, P3P keeps being the basis of a number of research
directions in the area of privacy world wide. One might cite the <a
href="https://www.prime-project.eu/">PRIME Project</a> as well as the <a
href="http://www.policyawareweb.org/">Policy aware Web</a>. Many other
approaches also follow the descriptive metadata approach started by P3P. Such
projects are invited to send email to <a
href="mailto:rigo@w3.org"><rigo@w3.org></a> to be listed here. </p>
<h3>What is P3P?</h3>
<p class="details">The Platform for Privacy Preferences Project (P3P) enables
Websites to express their privacy practices in a standard format that can be
retrieved automatically and interpreted easily by user agents. P3P user
agents will allow users to be informed of site practices (in both machine-
and human-readable formats) and to automate decision-making based on these
practices when appropriate. Thus users need not read the privacy policies at
every site they visit. Have a look at the <a href="implementations.html">list
of P3P software</a>. </p>
<h3>Why is P3P useful?</h3>
<p class="details">P3P uses machine readable descriptions to describe the
collection and use of data. Sites implementing such policies make their
practises explicit and thus open them to public scrutiny. Browsers can help
the user to understand those privacy practises with smart interfaces. Most
importantly, Browsers can this way develop a predictable behavior when
blocking content like cookies thus giving a real incentive to eCommerce sites
to behave in a privacy friendly way. This avoids the current scattering of
cookie-blocking behaviors based on individual heuristics imagined by the
implementer of the blocking tool which will make the creation of stateful
services on the web a pain because the state-retrievel will be unpredictable.
</p>
<h3>The P3P 1.1 Working Group Note</h3>
<p class="details">A number of changes were made in P3P version 1.1. Those
are supposed to be backwards compatible with P3P 1.0. The way to achieve
compatibility is described in the P3P 1.1 Specification. The most significant
changes are summarized here:</p>
<ul class="details">
<li>All the <a href="http://www.w3.org/2002/04/P3Pv1-errata">errata from
P3P 1.0</a> have been incorporated into this specification.</li>
<li>In <a href="/TR/P3P11/#def_identity">Section 1.3</a>, definitions are
now provided for <i>identified, identifiable, linked,</i> and
<i>linkable</i> data</li>
<li>In <a href="/TR/P3P11/#oho">Section 2.3.2.9</a> an optional
<code>OUR-HOST</code> element has been added for declaring domain
relationships, allowing user agents to recognize when hosts in different
domains are owned by the same entity or entities acting as agents for one
another.</li>
<li>In <a href="/TR/P3P11/#generic_attribute">Section 2.5</a> a new P3P
generic attribute for XML applications has been added. This is a new
mechanism for binding P3P policies to XML elements that describe
interfaces, for example, in <a
href="http://www.w3.org/TR/xforms/">XForms</a> or <a
href="http://www.w3.org/TR/wsdl20/">WSDL</a>.</li>
<li>In <a href="/TR/P3P11/#StatementGroupDef">Section 3.2.3</a> and <a
href="/TR/P3P11/#statement_group">Section 3.3.2</a> a mechanism has been
added for naming P3P <code>STATEMENT</code> elements and grouping
<code>STATEMENT</code> elements together. This allows user agents to
better organize the summary display of P3P policies. </li>
<li>In <a href="/TR/P3P11/#DISPUTES">Section 3.2.7</a> and <a
href="/TR/P3P11/#REMEDIES">Section 3.2.8</a> new definitions are provided
for the <code>DISPUTES</code> and <code>REMEDIES</code> elements and
their sub-elements.</li>
<li>In <a href="../TR/P3P11/#RECPNT">Section 3.36</a> a new definition is
provided for the <code>RECIPIENT</code> element.</li>
<li>In <a href="../TR/P3P11/#Categories">Section 3.4</a> a new definition
is provided for the <code>demographic</code> element.</li>
<li>In <a href="../TR/P3P11/#ppurpose">Section 3.3.5.1</a> an optional
<code>ppurpose</code> element has been added added to allow user agents
to determine the primary reason why the data recipient is collecting
data.</li>
<li>In <a href="/TR/P3P11/#jurisdiction">Section 3.3.6.1</a> an optional
<code>JURSIDICTION</code> element has been added for declaring the
jurisdiction of data recipients.</li>
<li>In <a href="/TR/P3P11/#compact_policies">Section 4</a> language was
added to explain the use of compact policies as a performance
optimization, and to emphasize their optional nature and
non-authoritative status.</li>
<li>In <a href="/TR/P3P11/#compact_statement">Section 4.2.10</a> new syntax
has been added to provide a compact version of the <code>STATEMENT</code>
element for use in compact policies. This allows for the creation of
compact policies that make more granular statements about data practices
than is possible with the P3P 1.0 syntax.</li>
<li>In <a href="/TR/P3P11/#Data_Schemas">Section 5</a>, the format for
specifying P3P data schemas has been changed substantially so that it is
now simpler and more standardized than the format used in P3P 1.0. The
new format uses the XML Schema Definition Standard (XSD) format, which
can be validated against an XML schema. In <a
href="../TR/P3P11/#basedataxml">Appendix 3</a> the P3P base data schema
definition has been updated to reflect this change. </li>
<li>In <a href="/TR/P3P11/#ua">Section 6</a> new user agent guidelines have
been added to assist user agent implementers. These guidelines include a
set of plain language translations of P3P vocabulary elements. </li>
<li>The XML DTD definition for P3P has been removed from the
Specification.</li>
</ul>
<h3>Background</h3>
<p class="details">P3P 1.1 is a direct consequence of the first <a
href="../2002/p3p-ws/Overview.html">Privacy Workshop </a> that took place
2002 in Dulles/Virginia and targets short term improvements like the <a
href="http://www.w3.org/TR/P3P11/#ua">User Agent Guidelines</a>.<br />
Discussions about longer term goals were held in Kiel during the second <a
href="../2003/p3p-ws/Overview.html">Workshop on the long-term future</a> of
Web Privacy.Those were more focused on privacy in the back end.<br />
Most research activities around privacy enhancing technologies today are
based on P3P. They advance the general idea to express privacy practices in a
machine readable way. But they add a lot of missing features. W3C staff is
involved in two projects worth mentioning: </p>
<p class="details"><a href="https://www.prime-project.eu">PRIME</a> is a
European IST research project that explores the future of privacy enabled
Identity Management. The PRIME project addresses the widening gap between
privacy laws on the one hand and the 'real life' in networks on the other
hand through an integrative approach of the legal, social, economic and
technical areas. </p>
<p class="details"><a href="http://dig.csail.mit.edu/TAMI/">TAMI</a> is a
project of the <a href="http://dig.csail.mit.edu/">Decentralized Information
Group</a> that is part of MIT's <a href="http://www.csail.mit.edu/">Computer
Science and Artificial Intelligence Laboratory</a>. The TAMI Project is
creating technical, legal, and policy foundations for transparency and
accountability in large-scale aggregation and inferencing across
heterogeneous information systems. The incorporation of transparency and
accountability into decentralized systems such as the Web is critical to help
society manage the privacy risks arising from the explosive progress in
communications, storage, and search technology. </p>
<p class="details"><a href="http://www.policyawareweb.org/">Policy Aware Web
(PAW)</a> is a rule-based policy management system that can be deployed in
the open and distributed milieu of the World Wide Web. It creates a system of
a <q>Policy Aware infrastructure</q> for the Web using a Semantic Web rules
language (N3) with a theorem prover designed for the Web (Cwm). This is
designed to enable a scalable mechanism for the exchange of rules and,
eventually proofs, for access control on the Web. </p>
</div>
<div id="sidebar">
<h3>Documents</h3>
<h4>P3P 1.1:</h4>
<ul>
<li><a href="../TR/P3P11/">Final P3P 1.1 Working Group Note</a> </li>
</ul>
<h4>P3P 1.0:</h4>
<ul>
<li><a href="http://www.w3.org/TR/P3P/">P3P 1.0 Recommendation</a><br />
[<a
href="http://www.iajapan.org/trans2japanese/w3c/rec-p3p-20020416j.html">Japanese</a>]
[<a
href="http://www.yoyodesign.org/doc/w3c/p3p1/index.html">French</a>]</li>
</ul>
<h4>Implementing P3P</h4>
<ul>
<li><a href="http://p3ptoolbox.org/guide/">P3P Implementation Guide</a></li>
<li><a href="http://www.w3.org/TR/p3pdeployment">P3P Deployment
Guide</a></li>
<li><a href="details.html">6 easy steps to implement P3P</a></li>
<li><a href="http://search.privacybird.com">Privacy Finder</a>, a search
engine that ranks according to privacy preferences.</li>
<li><a href="http://www.p3ptoolbox.org/">P3PToolbox.org</a>, with lots of
complementary information</li>
<li><a href="validator.html">P3P Validator</a> to test the results</li>
<li>The <a
href="http://lists.w3.org/Archives/Public/www-p3p-policy/">www-p3p-policy
mailing-list</a> to discuss issues</li>
<li><a href="implementations.html">P3P Software and Tools</a> that may
help</li>
</ul>
<h4>Other P3P Documents and Notes</h4>
<ul>
<li><em>Working Draft:</em><a
href="http://www.w3.org/TR/P3P-preferences/">A P3P Preference Exchange
Language 1.0 (APPEL1.0)</a></li>
<li><a href="http://www.w3.org/TR/xmldsig-p3p-profile/">A P3P Assurance
Signature Profile</a></li>
<li><a href="http://www.w3.org/TR/p3p-rdfschema/">An RDF Schema for P3P
1.0</a></li>
</ul>
<h3>Mailing lists</h3>
<ul>
<li><a
href="http://lists.w3.org/Archives/Public/www-p3p-dev/">www-p3p-dev</a>
is a mailing list for P3P software developers</li>
<li><a
href="http://lists.w3.org/Archives/Public/www-p3p-policy/">www-p3p-policy</a>
is a mailing list for people who are responsible for creating P3P
policies for web sites</li>
</ul>
<h3>Background</h3>
<ul>
<li><a href="develop.html">Resources for Developers</a></li>
<li><a href="background.html#feedback">Feedback and Discussions</a></li>
<li><a href="background.html#papers">Papers & Presentations about
P3P</a></li>
<li><a href="background.html#critics">Critiques of P3P</a></li>
<li><a href="background.html#media">Selected P3P Media Coverage</a></li>
<li><a href="background.html#history">Historical documents and
things</a></li>
</ul>
<h3>Working Group Pages</h3>
<ul>
<li><a href="Group/Overview.html">P3P Group page</a>[Member]</li>
<li><a href="1.1/Overview.html">P3P Specification WG Homepage</a></li>
<li><a href="../2006/02/19-p3p-specification-charter.html">Charter</a></li>
</ul>
</div>
</div>
<div id="footer">
<address>
Contact: <a href="http://lorrie.cranor.org/">Lorrie Cranor</a> (Chair)
& <a href="mailto:rigo@w3.org">Rigo Wenning</a> (W3C)<br />
Last updated $Date: 2007/11/20 13:07:31 $ by $Author: rigo $
</address>
</div>
<!-- footer -->
</div>
<!-- page -->
</body>
</html>