P3P - Platform for Privacy Preference Barkha J. Herman Florida Atlantic University
Download
Report
Transcript P3P - Platform for Privacy Preference Barkha J. Herman Florida Atlantic University
P3P - Platform for Privacy
Preference
Barkha J. Herman
Florida Atlantic University
Introduction
W3C Emerging standard
Allows users to control how personal info is
used by web sites
Uses XML and RDF to express policies
HTTP for transport
Background
Recommendation proposed by W3C
Issue with usage of cookies / data
collection by web sites.
Working group est. 1997.
Specification 1.0 published April 2002
Future – CC/PP, XML Signatures.
Why P3P?
Privacy - top concern of individuals
Privacy issues impeding growth
Early attempts on disclosure lengthy
and confusing
Need for consistency, simplicity,
transparency
Global solution for global market
What does it address?
Who is collecting this data?
Exactly what information is being collected?
For what purposes?
Which information is being shared with others?
And who are these data recipients?
Can users make changes in how their data is used?
How are disputes resolved?
What is the policy for retaining data?
And finally, where can the detailed policies be found
in "human readable" form?
How does it work
Policies are expressed in XML – machine
readable
Policies are transferred over HTTP
Retrieval can be automated
Policy verification is seamless
Privacy Reports are viewable by client –
human readable
How does it work?
Enabling – Server side
Create a policy file
Publish it in the default directory
(/w3c/p3p.xml)
Optionally, include reference in the
HTTP header
Optionally, include compact notation in
the http header
Enabling – Client side
User Agent checks for policy
User agent compares against set policy
If match, user agent gets page and
displays
If no match, page (or cookie) is
rejected
User Agent displays privacy report
P3P reference in http header
HTTP/1.1 200 OK
Date: Wed, 17 Mar 2004 20:23:59 GMT
Server: Apache/1.3.28 (Unix) PHP/4.2.3
Content-Location: Overview.html
Vary: negotiate,accept
TCN: choice
P3P:
policyref="http://www.w3.org/2001/05/P3P/p3p.xml"
Cache-Control: max-age=600
Expires: Wed, 17 Mar 2004 20:33:59 GMT
Last-Modified: Tue, 16 Mar 2004 14:59:42 GMT
Compact notation in Http header
HTTP/1.0 200 OK
Date: Wed, 17 Mar 2004 20:22:13 GMT
Content-Length: 428
Content-Type: text/html
Expires: Wed, 17 Mar 2004 20:52:13 GMT
Cache-Control: max-age=1800
Server: Microsoft-IIS/5.0
P3P: CP="CAO CURa ADMa PSAo PSDo IVAo IVDo OUR BUS
PHY ONL PUR COM NAV INT DEM CNT STA PRE“
IISExport: This web site was exported using IIS Export v2.2
Content-Location: http://www.oldnavy.com/taghtml/default.html
Last-Modified: Tue, 03 Jun 2003 20:35:10
Example Policy File
<?xml version="1.0" ?>
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
<EXPIRY max-age="604800" />
<POLICY name="public"
discuri="http://www.w3.org/Consortium/Legal/privacystatement#Public">
<ENTITY>
<DATA-GROUP>
<DATA ref="#business.name">World Wide Web Consortium</DATA>
<DATA ref="#business.contact-info.postal.name">MIT/LCS</DATA>
<DATA ref="#business.contact-info.postal.street">545 Technology
Square</DATA>
<DATA ref="#business.contactinfo.postal.postalcode">02143</DATA>
<DATA ref="#business.contact-info.postal.city">Cambridge
MA</DATA>
<DATA ref="#business.contact-info.postal.country">USA</DATA>
<DATA ref="#business.contact-info.postal.name">INRIA/Sophia
Antipolis</DATA>
…Continued
<DATA ref="#business.contact-info.postal.street">2004 Routes des
Lucioles</DATA>
<DATA ref="#business.contact-info.postal.postalcode">F06902</DATA>
<DATA ref="#business.contact-info.postal.city">Sophia
Antipolis</DATA>
<DATA ref="#business.contact-info.postal.country">FRANCE</DATA>
<DATA ref="#business.contact-info.postal.name">Keio
University</DATA>
<DATA ref="#business.contact-info.postal.street">Shonan Fujisawa
Campus</DATA>
<DATA ref="#business.contact-info.postal.postalcode">2528520</DATA>
<DATA ref="#business.contact-info.postal.city">5322 Endo, Fujisawashi, Kanagawa</DATA>
<DATA ref="#business.contact-info.postal.country">JAPAN</DATA>
<DATA ref="#business.contact-info.online.email">[email protected]</DATA>
<DATA ref="#business.contactinfo.telecom.telephone.intcode">1</DATA>
<DATA ref="#business.contactinfo.telecom.telephone.loccode">617</DATA>
<DATA ref="#business.contactinfo.telecom.telephone.number">2532613</DATA>
…Continued
<DATA ref="#business.contact-info.online.email">[email protected]</DATA>
<DATA ref="#business.contactinfo.online.uri">http://www.w3.org/</DATA>
<DATA ref="#business.contactinfo.telecom.telephone.intcode">1</DATA>
<DATA ref="#business.contactinfo.telecom.telephone.loccode">617</DATA>
<DATA ref="#business.contactinfo.telecom.telephone.number">2532613</DATA>
</DATA-GROUP>
</ENTITY>
<ACCESS>
<nonident />
</ACCESS>
<DISPUTES-GROUP>
<DISPUTES resolution-type="service" service="http://www.w3.org/"
short-description="[email protected]">
<LONG-DESCRIPTION>The Webmaster and our Communications Team
will carefully consider the input and correct errors. If you discover
privacy invasive behavior, please don't hesitate to contact
us.</LONG-DESCRIPTION>
…Continued
<<IMG src="http://www.w3.org/Icons/WWW/w3c_home" width="72"
height="48" alt="Logo World Wide Web Consortium" />
<REMEDIES> <correct /> </REMEDIES> </DISPUTES> </DISPUTESGROUP>
<STATEMENT>
<CONSEQUENCE>We collect normal Web-Logs. They are used for
Server administration, Web protocol research, Statistics of usage
and Security.</CONSEQUENCE>
<PURPOSE> <current /> <admin /> <develop /> </PURPOSE>
<RECIPIENT> <ours /> </RECIPIENT> <RETENTION> <indefinitely />
</RETENTION> <DATA-GROUP>
<DATA ref="#dynamic.clickstream" />
<DATA ref="#dynamic.http.useragent" />
<DATA ref="#dynamic.http.referer" />
</DATA-GROUP>
</STATEMENT>
</POLICY>
</POLICIES>
User Agent support
IE 6.0 – supports compact notation
only
Netscape 7.0 – complete support for
1.0
AT&T Privacy bird plugin – 1.0
support
Editors
P3PEdit
P3PEditor
PrivacyBot
Privacy Policy Editor – web based
AlphaWorks P3P Editor
Validators
http://www.w3.org/P3P/validator.html
(only game in town)
APPEL – A P3P Preference Exchange
Language 1.0 (APPEL1.0)
W3C working draft that specifies a language for
describing sets of preferences about P3P policies.
Rule-set for expressing P3P
<appel:RULE behavior="request" description="My Bank collects data only for itself
and its agents">
<appel:REQUEST-GROUP>
<appel:REQUEST uri="http://www.my-bank.com/*"/>
</appel:REQUEST-GROUP>
<p3p:POLICY>
<p3p:STATEMENT>
<p3p:RECIPIENT appel:connective="or-exact"> <p3p:ours/>
</p3p:RECIPIENT>
</p3p:STATEMENT>
</p3p:POLICY>
</appel:RULE>
P3P vs. OPS
The Open Profiling Standard - proposal co-authored
by Netscape, Firefly, and VeriSign.
This specification proposed a means for the exchange
of user profile information -- how to store and
release, under the user's permission, data which is
often requested or required by a Web site.
Eventually, the P3P working groups decided not to
include a data transfer protocol as part of P3Pv1.
P3P – Digital Signature assurance
W3C Note – Not a specification
The design philosophy and requirements of this
specification are to:
Define what it means for a P3P Policy to be assured via an XML
Signature.
Provide detached signatures for P3P Policies and Assurances.
Enveloping signatures MAY contain the P3P Policy Reference. This
can be convenient in that all the files are included together, but this
has the following two disadvantages: the Signature is the root
element, and XPointer is required to select portions of the
document.
Enveloped signatures are prohibited by P3P's content model.
Be concise and unambiguous.
Critiques
Weak on Company data
Lack of Enforcement
Policy changes do not reflect collected
data
Future…
Version 1.x
Allow policy choice
Explicit agreement
Non repudiation (DSig?)
CC/PP – now Device Independent WG
Composite Capability Preference Profiles