Ergebnis für URL: http://www.w3.org/P3P/ [1]W3C [2]P3P T & S
Platform for Privacy Preferences (P3P) Project
Enabling smarter Privacy Tools for the Web
PLING - W3C Policy Languages Interest Group
3 October 2007: The [3]Policy Languages Interest Group (PLING) was created.
Chaired by Marco Casassa-Mont (HP Labs) and Renato Iannella (NICTA), the group is
[4]chartered to discuss interoperability, requirements and related needs for
integrating and computing the results when different policy languages used
together, for example, [5]OASIS XACML (eXtensible Access Control Markup
Language), [6]IETF Common Policy, and [7]P3P (W3C Platform for Privacy
Preferences). Participation is open to [8]W3C Members and the public.
Status: P3P Work suspended
After a successful Last Call, the P3P Working Group decided to publish the [9]P3P
1.1 Specification as a Working Group Note to give P3P 1.1 a provisionally final
state.
The P3P Specification Working Group took this step as there was insufficient
support from current Browser implementers for the implementation of P3P 1.1.
[10]The P3P 1.1 Working Group Note contains all changes from the P3P 1.1 Last
Call. The Group thinks that P3P 1.1 is now ready for implementation. It is not
excluded that W3C will push P3P 1.1 until Recommendation if there is sufficient
support for implementation.
On the other hand, P3P keeps being the basis of a number of research directions
in the area of privacy world wide. One might cite the [11]PRIME Project as well
as the [12]Policy aware Web. Many other approaches also follow the descriptive
metadata approach started by P3P. Such projects are invited to send email to
[13] to be listed here.
What is P3P?
The Platform for Privacy Preferences Project (P3P) enables Websites to express
their privacy practices in a standard format that can be retrieved automatically
and interpreted easily by user agents. P3P user agents will allow users to be
informed of site practices (in both machine- and human-readable formats) and to
automate decision-making based on these practices when appropriate. Thus users
need not read the privacy policies at every site they visit. Have a look at the
[14]list of P3P software.
Why is P3P useful?
P3P uses machine readable descriptions to describe the collection and use of
data. Sites implementing such policies make their practises explicit and thus
open them to public scrutiny. Browsers can help the user to understand those
privacy practises with smart interfaces. Most importantly, Browsers can this way
develop a predictable behavior when blocking content like cookies thus giving a
real incentive to eCommerce sites to behave in a privacy friendly way. This
avoids the current scattering of cookie-blocking behaviors based on individual
heuristics imagined by the implementer of the blocking tool which will make the
creation of stateful services on the web a pain because the state-retrievel will
be unpredictable.
The P3P 1.1 Working Group Note
A number of changes were made in P3P version 1.1. Those are supposed to be
backwards compatible with P3P 1.0. The way to achieve compatibility is described
in the P3P 1.1 Specification. The most significant changes are summarized here:
* All the [15]errata from P3P 1.0 have been incorporated into this
specification.
* In [16]Section 1.3, definitions are now provided for identified,
identifiable, linked, and linkable data
* In [17]Section 2.3.2.9 an optional OUR-HOST element has been added for
declaring domain relationships, allowing user agents to recognize when hosts
in different domains are owned by the same entity or entities acting as
agents for one another.
* In [18]Section 2.5 a new P3P generic attribute for XML applications has been
added. This is a new mechanism for binding P3P policies to XML elements that
describe interfaces, for example, in [19]XForms or [20]WSDL.
* In [21]Section 3.2.3 and [22]Section 3.3.2 a mechanism has been added for
naming P3P STATEMENT elements and grouping STATEMENT elements together. This
allows user agents to better organize the summary display of P3P policies.
* In [23]Section 3.2.7 and [24]Section 3.2.8 new definitions are provided for
the DISPUTES and REMEDIES elements and their sub-elements.
* In [25]Section 3.36 a new definition is provided for the RECIPIENT element.
* In [26]Section 3.4 a new definition is provided for the demographic element.
* In [27]Section 3.3.5.1 an optional ppurpose element has been added added to
allow user agents to determine the primary reason why the data recipient is
collecting data.
* In [28]Section 3.3.6.1 an optional JURSIDICTION element has been added for
declaring the jurisdiction of data recipients.
* In [29]Section 4 language was added to explain the use of compact policies as
a performance optimization, and to emphasize their optional nature and
non-authoritative status.
* In [30]Section 4.2.10 new syntax has been added to provide a compact version
of the STATEMENT element for use in compact policies. This allows for the
creation of compact policies that make more granular statements about data
practices than is possible with the P3P 1.0 syntax.
* In [31]Section 5, the format for specifying P3P data schemas has been changed
substantially so that it is now simpler and more standardized than the format
used in P3P 1.0. The new format uses the XML Schema Definition Standard (XSD)
format, which can be validated against an XML schema. In [32]Appendix 3 the
P3P base data schema definition has been updated to reflect this change.
* In [33]Section 6 new user agent guidelines have been added to assist user
agent implementers. These guidelines include a set of plain language
translations of P3P vocabulary elements.
* The XML DTD definition for P3P has been removed from the Specification.
Background
P3P 1.1 is a direct consequence of the first [34]Privacy Workshop that took place
2002 in Dulles/Virginia and targets short term improvements like the [35]User
Agent Guidelines.
Discussions about longer term goals were held in Kiel during the second
[36]Workshop on the long-term future of Web Privacy.Those were more focused on
privacy in the back end.
Most research activities around privacy enhancing technologies today are based on
P3P. They advance the general idea to express privacy practices in a machine
readable way. But they add a lot of missing features. W3C staff is involved in
two projects worth mentioning:
[37]PRIME is a European IST research project that explores the future of privacy
enabled Identity Management. The PRIME project addresses the widening gap between
privacy laws on the one hand and the 'real life' in networks on the other hand
through an integrative approach of the legal, social, economic and technical
areas.
[38]TAMI is a project of the [39]Decentralized Information Group that is part of
MIT's [40]Computer Science and Artificial Intelligence Laboratory. The TAMI
Project is creating technical, legal, and policy foundations for transparency and
accountability in large-scale aggregation and inferencing across heterogeneous
information systems. The incorporation of transparency and accountability into
decentralized systems such as the Web is critical to help society manage the
privacy risks arising from the explosive progress in communications, storage, and
search technology.
[41]Policy Aware Web (PAW) is a rule-based policy management system that can be
deployed in the open and distributed milieu of the World Wide Web. It creates a
system of a "Policy Aware infrastructure" for the Web using a Semantic Web rules
language (N3) with a theorem prover designed for the Web (Cwm). This is designed
to enable a scalable mechanism for the exchange of rules and, eventually proofs,
for access control on the Web.
Documents
P3P 1.1:
* [42]Final P3P 1.1 Working Group Note
P3P 1.0:
* [43]P3P 1.0 Recommendation
[[44]Japanese] [[45]French]
Implementing P3P
* [46]P3P Implementation Guide
* [47]P3P Deployment Guide
* [48]6 easy steps to implement P3P
* [49]Privacy Finder, a search engine that ranks according to privacy
preferences.
* [50]P3PToolbox.org, with lots of complementary information
* [51]P3P Validator to test the results
* The [52]www-p3p-policy mailing-list to discuss issues
* [53]P3P Software and Tools that may help
Other P3P Documents and Notes
* Working Draft:[54]A P3P Preference Exchange Language 1.0 (APPEL1.0)
* [55]A P3P Assurance Signature Profile
* [56]An RDF Schema for P3P 1.0
Mailing lists
* [57]www-p3p-dev is a mailing list for P3P software developers
* [58]www-p3p-policy is a mailing list for people who are responsible for
creating P3P policies for web sites
Background
* [59]Resources for Developers
* [60]Feedback and Discussions
* [61]Papers & Presentations about P3P
* [62]Critiques of P3P
* [63]Selected P3P Media Coverage
* [64]Historical documents and things
Working Group Pages
* [65]P3P Group page[Member]
* [66]P3P Specification WG Homepage
* [67]Charter
Contact: [68]Lorrie Cranor (Chair) & [69]Rigo Wenning (W3C)
Last updated $Date: 2018/02/02 14:13:43 $ by $Author: rigo $
References
1. https://www.w3.org/
2. https://www.w3.org/P3P/
3. https://www.w3.org/Policy/pling/Overview.html
4. https://www.w3.org/Policy/2007/ig-charter.html
5. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
6. http://www.faqs.org/rfcs/rfc4745.html
7. https://www.w3.org/P3P/Overview.html
8. https://www.w3.org/Consortium/Member/List
9. https://www.w3.org/TR/P3P11/
10. https://www.w3.org/TR/P3P11/
11. https://www.prime-project.eu/
12. http://www.policyawareweb.org/
13. mailto:rigo@w3.org
14. https://www.w3.org/P3P/implementations.html
15. https://www.w3.org/2002/04/P3Pv1-errata
16. https://www.w3.org/TR/P3P11/#def_identity
17. https://www.w3.org/TR/P3P11/#oho
18. https://www.w3.org/TR/P3P11/#generic_attribute
19. https://www.w3.org/TR/xforms/
20. https://www.w3.org/TR/wsdl20/
21. https://www.w3.org/TR/P3P11/#StatementGroupDef
22. https://www.w3.org/TR/P3P11/#statement_group
23. https://www.w3.org/TR/P3P11/#DISPUTES
24. https://www.w3.org/TR/P3P11/#REMEDIES
25. https://www.w3.org/TR/P3P11/#RECPNT
26. https://www.w3.org/TR/P3P11/#Categories
27. https://www.w3.org/TR/P3P11/#ppurpose
28. https://www.w3.org/TR/P3P11/#jurisdiction
29. https://www.w3.org/TR/P3P11/#compact_policies
30. https://www.w3.org/TR/P3P11/#compact_statement
31. https://www.w3.org/TR/P3P11/#Data_Schemas
32. https://www.w3.org/TR/P3P11/#basedataxml
33. https://www.w3.org/TR/P3P11/#ua
34. https://www.w3.org/2002/p3p-ws/Overview.html
35. https://www.w3.org/TR/P3P11/#ua
36. https://www.w3.org/2003/p3p-ws/Overview.html
37. https://www.prime-project.eu/
38. http://dig.csail.mit.edu/TAMI/
39. http://dig.csail.mit.edu/
40. http://www.csail.mit.edu/
41. http://www.policyawareweb.org/
42. https://www.w3.org/TR/P3P11/
43. https://www.w3.org/TR/P3P/
44. http://www.iajapan.org/trans2japanese/w3c/rec-p3p-20020416j.html
45. http://www.yoyodesign.org/doc/w3c/p3p1/index.html
46. https://web.archive.org/web/20160322064857/http://p3ptoolbox.org/guide/
47. https://www.w3.org/TR/p3pdeployment
48. https://www.w3.org/P3P/details.html
49. http://search.privacybird.com/
50. https://web.archive.org/web/20160322045602/http://www.p3ptoolbox.org/
51. https://www.w3.org/P3P/validator.html
52. http://lists.w3.org/Archives/Public/www-p3p-policy/
53. https://www.w3.org/P3P/implementations.html
54. https://www.w3.org/TR/P3P-preferences/
55. https://www.w3.org/TR/xmldsig-p3p-profile/
56. https://www.w3.org/TR/p3p-rdfschema/
57. http://lists.w3.org/Archives/Public/www-p3p-dev/
58. http://lists.w3.org/Archives/Public/www-p3p-policy/
59. https://www.w3.org/P3P/develop.html
60. https://www.w3.org/P3P/background.html#feedback
61. https://www.w3.org/P3P/background.html#papers
62. https://www.w3.org/P3P/background.html#critics
63. https://www.w3.org/P3P/background.html#media
64. https://www.w3.org/P3P/background.html#history
65. https://www.w3.org/P3P/Group/Overview.html
66. https://www.w3.org/P3P/1.1/Overview.html
67. https://www.w3.org/2006/02/19-p3p-specification-charter.html
68. http://lorrie.cranor.org/
69. mailto:rigo@w3.org
Usage: http://www.kk-software.de/kklynxview/get/URL
e.g. http://www.kk-software.de/kklynxview/get/http://www.kk-software.de
Errormessages are in German, sorry ;-)