CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ

Outline Overview of P3P Privacy Policies Privacy Preferences Current P3P implementations P3P Tools Conclusion

Overview of P3P Developed by the World Wide Web Consortium (W3C) Provides an a formal way for web sites to release their privacy policies in a standard format Policies let web users know about site’s privacy practices Web users gain control over their private information Enables the development of P3P user agents (built into browsers or separate applications) that Summarize privacy policies Compare policies with user preferences Alert and advise users on conflicts

Privacy Policies An XML format in which a web site can release its data usage privacy policies Contains the following information: Name and contact information for site The kind of access provided Mechanisms for resolving privacy disputes The kinds of data collected How collected data is used Whether/when data may be shared Data retention policy (The time to preserve data) A web site can use a policy for the whole site or can specify different policies for different parts of the site A policy reference file is needed for specifying different policies

Sample Policy

Policy Description P3P policies are described as a sequence of STATEMENT elements CONSEQUENCE: the purpose for collecting information in human-readable text PURPOSE: purposes for which information is collected. Consists of 12 predefined values, some examples: current: completion and support of activity for which data was provided individual-decision: inferring habits, interests, and other characteristics of individuals contact: contacting visitors for marketing of services or products through a communication channel other than voice telephone RECIPIENT: the users of the collected information Consists of 6 predefined values, some examples: ours: ourselves same: legal entities following our practices, and unrelated: legal entities whose practices are unknown to us.

Policy Description(2) A policy can provide opt-in or opt-out values for the required attribute of PURPOSE and RECIPIENT elements opt-in : says that the user must provide explicit consent to the stated purpose/recipient opt-out : gives the user flexibility to reject the specified purpose/recipient, but user needs to take additional action for the opt-out to take effect RETENTION: the duration for which the collected information will be kept Consists of 12 predefined values, some examples: stated-purpose: discarded at the earliest time possible business-practice: long term retention with a destruction time- table Indefinitely DATA-GROUP and DATA: the list of individual data items that are collected for stated purposes in the statement. CATEGORIES: provide hints to users as to the intended data usage (inside a DATA) Ex:,,

Privacy Preferences Users should not have to trust privacy defaults set by software vendors A P3P Preference Exchange Language (APPEL) is used to define user privacy preferences Privacy preferences can be expressed in APPEL as a list of RULEs Rule behavior: specifies the action to be taken if the rule fires  request or block Rule body: Provides the pattern that is matched against a policy An Apple Engine is used to test the rules defined in the body section against the privacy policy of a web site

Sample Preference File

P3P with HTTP GET /w3c/p3p.xml HTTP/1.1 Host: Request Policy Reference File Send Policy Reference File GET /index.html HTTP/1.1 Host: Request web page HTTP/ OK Content-Type: text/html... Send web page Request P3P PolicySend P3P Policy Web Server

Sample Policy Reference /news/* /news/top/* /news/top/* /photos/* /ads/*

Current P3P implementations Client-Centric Architecture Web sites create and install policy files at their sites. The users browse a web site, their preferences are checked against a site’s policy before they access the site Server-Centric Architecture A website deploys P3P, and installs its privacy policies in a database system Database querying at the server is used for matching a user’s preferences against privacy policies Actually Client-Centric Architecture are used. Server- Centric Architecture is just a proposal. We will discuss tools related to Client-Centric Architecture

Client-Centric Preference Matching

Server-Centric Preference Matching

Client-Centric Architecture Implementations IE6 implementation:IE6 allows a user to specify her privacy preference for handling cookies When the user requests a page from a web site, IE6 allows the website to place a cookie only if: The site provides a compact version of the applicable P3P privacy policy That policy is compatible with the user’s preference The user can manually override this decision by specifying websites whose cookies should always be allowed Privacy Bird: AT&T Privacy Bird is a browser extension to IE It accepts user-defined APPEL privacy preferences Includes an APPEL engine to compare a user’s APPEL preference with a web site’s P3P policy Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences Reads P3P policies at all P3P-enabled sites automatically

P3P Tools P3P validator W3C P3P Validator Creating Policies P3PEdit: web-based privacy policy generator IBM Tivoli Privacy Wizard: web-based GUI tool to define privacy policies Creating APPEL Preferences JRC APPEL Preference Editor: Java-based editor for preparing APPEL preferences Checking APPEL Preferences JRC P3P Proxy: Centralized proxy service that conducts P3P privacy policy checking on behalf of subscribed users

Conclusion P3P’s goal is to provide: Web sites to express their policies Users to compare their preferences with web site policies The presence of privacy policies increases web users trust P3P does not solve all privacy issues, but it can be part of a larger, more comprehensive set of technical and legal solutions.

Questions? THANKS A LOT !