Platform for Privacy Preferences P3P - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Platform for Privacy Preferences P3P

Description:

Well known location. Or document may reference through HTML ... Must be well formed XML. Security of policy transport. Tools & Resources. W3C P3P Home Page ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 13
Provided by: kathri5
Category:

less

Transcript and Presenter's Notes

Title: Platform for Privacy Preferences P3P


1
Platform for Privacy Preferences (P3P)
  • Kathrine Lord
  • State Local Government
  • Microsoft Corporation

2
Agenda
  • Introduction to P3P
  • P3P Goals
  • P3P Specification
  • Referencing Policies
  • Additional Requirements
  • Tools Resources
  • Questions

3
Introduction
  • XML Namespace
  • Sites can have multiple policies
  • Can apply to a site, page, and/or cookies
  • Positive declarations
  • Must cover all relevant data items
  • Full and compact policies
  • Example of Full Policy

4
P3P Goals
  • Ability to express privacy practices in standard
    format
  • Automatically retrieved and interpreted easily by
    user agents
  • Technical mechanism for informing users of
    policies
  • Does not enforce policies
  • No mechanism for transferring or securing
    personal data in transit
  • Complimentary to laws and self-regulatory programs

5
Specification
  • Defines Syntax and Semantics
  • P3P base data schema
  • A standard set of uses, recipients, data
    categories, and other privacy disclosures
  • An XML format for expressing a privacy policy
  • A means of associating privacy policies with Web
    pages or sites, and cookies
  • A mechanism for transporting P3P policies over
    HTTP

6
Implementing P3P on Servers
  • Policy Editors (Demo)
  • Well known location
  • http//yourdomainname/w3c/policy.xml
  • Or Reference

7
User Agents
  • IE 6 and Netscape 7
  • User agents built-in
  • IE Privacy Levels
  • Can be set in ADs group policies
  • Compare policy to user preferences
  • Matched - Authorize release of data
  • Unmatched inform user
  • IE 6.0 and Privacy Bird Demo

8
Referencing Policies
  • URI where P3P Policy is found
  • URIs or regions covered by this policy
  • Or not covered
  • Embedded content on other servers
  • Cookies not covered
  • Applicable access methods
  • Expiry

9
Locating Reference Files
  • Well known location
  • Or document may reference through HTML/XHTML tag
  • Or through HTTP Header
  • Example
  • Including Cookies

10
Additional Requirements
  • Non-ambiguity
  • The Safe Zone
  • Must be well formed XML
  • Security of policy transport

11
Tools Resources
  • W3C P3P Home Page
  • http//www.w3c.org/p3p/
  • Specifications
  • http//www.w3.org/TR/P3P/
  • Privacy Bird
  • http//privacybird.com/
  • GigaLaw Article
  • http//www.gigalaw.com/articles/2002-all/cranor-20
    02-04-all.html

12
Questions
Write a Comment
User Comments (0)
About PowerShow.com