Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Slides:



Advertisements
Similar presentations
Web Privacy with P3P Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research July 2002
Advertisements

DC2001, Tokyo DCMI Registry : Background and demonstration DC2001 Tokyo October 2001 Rachel Heery, UKOLN, University of Bath Harry Wagner, OCLC
Online Privacy A Module of the CYC Course – Personal Security
The creation of "Yaolan.com" A Site for Pre-natal and Parenting Education in Chinese by James Caldwell DAE Interactive Marketing a Web Connection Company.
1 Long term changes to P3P Long Term Future of P3P Workshop Giles Hogben Joint Research Centre European Commission.
1 WSDL: Web Service Description Language Gary Sharp Mike Breakiron.
Asynchronous Web Services Jaliya N. Ekanayake. Basics of Web Services.
CS 5511 Introduction to WS Authorization Brian P. Barrett.
METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Elder L. Lionel Kendrick Of the First Quorum of the Seventy It has been from the beginning and it will be till the end that the natural man will have a.
P3P - Platform for Privacy Preference Barkha J. Herman Florida Atlantic University.
U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.
CASL Computer Programs Provisions and Challenges in Specific Vertical Sectors Michael Fekete (Osler) Howard Fohr (BlackBerry Limited) April 30, 2014.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.
1 CS 502: Computing Methods for Digital Libraries Lecture 2 The Nomadic Computing Experiment Object Models.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Microsoft Passport Waldemar Swiercz.
Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Search Engines.
Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University.
Web Privacy Topics Andy Zeigler Senior Program Manager, Internet Explorer Microsoft.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Design for Privacy February.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Deploying P3P.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
11 CONFIGURE INTERNET EXPLORER Chapter 5. Chapter 5: Configure Internet Explorer2 CHAPTER OVERVIEW AND OBJECTIVES  Configuring Accessibility and Language.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Privacy Self-Regulation.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
Website Development & Management Introduction & Overview CIT Fall Instructor: John Seydel, Ph.D.
EDUCATION YOU CAN TRUST ® Windows SharePoint Services Course Review Review provided by: DNS Computing Services, LLC
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 P3P 2 Week 6 - October 12,
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 P3P I Week 6 - October.
Creating a Web Site to Gather Data and Conduct Research.
Professor Brian R Banho.  Design, create, and publish web sites  Learn Microsoft Expression Web software  Explore Web design resources  Create a portfolio.
Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.
How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics.
Lesson 12: Working with Code-editing Features Introduction to Adobe Dreamweaver CS6 Adobe Certified Associate: Web Communication using Adobe Dreamweaver.
Legal localization of P3P as a requirement for its privacy enhancing effect 1 W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages.
© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June © 2003 IBM Corporation Shortcomings.
® IBM Software Group Appendix C - Code Reuse - Program Templates - Code Snippets - Code Templates.
1 Portal Groups Studio Mohammed Firasat Ali. 2 Agenda Group Studio Overview Requesting a group Create and manage Group Announcements Create and manage.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Data Privacy Week 9 - October.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
The Platform for Privacy Preferences (P3P) Workshop on the Relationship between Privacy and Security Lorrie Faith Cranor P3P Specification Working Group.
How to create a SharePoint site MICROSOFT OFFICE SHAREPOINT DESIGNER.
CS562 Advanced Java and Internet Application Introduction to the Computer Warehouse Web Application. Java Server Pages (JSP) Technology. By Team Alpha.
WEB SERVER SOFTWARE FEATURE SETS
Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.
Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor
CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ
Enforcing Privacy Policies for RFID Data Collection and Processing
How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February
Browsing and Searching the Web
E-commerce Infrastructure Web Servers / Web Clients / Web Browsers
Shibboleth and uApprove at University of Michigan
Course Overview CS 4640 Programming Languages for Web Applications
The Platform for Privacy Preferences Project
Presentation transcript:

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages Week 7 - October 10, 12

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 2 Privacy languages serve many roles Specify organization’s privacy policy to end users and their agents Specify users’ privacy preferences to users’ agent Specify organization’s privacy policy to gatekeeper server that can approve or deny requests to access database Specify policy associated with particular data elements to parties that buy or rent data

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 3 Can one privacy language do it all? Maybe… But so far none have emerged We’ve found over a dozen privacy languages (including several access control and rule languages used for privacy applications) Languages have different audiences, specify policies at different levels of granularity, and have different strengths and weaknesses

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 4 User privacy preferences P3P 1.0 agents may (optionally) take action based on user preferences Users should not have to trust privacy defaults set by software vendors User agents that can read APPEL (A P3P Preference Exchange Language) files can offer users a number of canned choices developed by trusted organizations Preference editors allow users to adapt existing preferences to suit own tastes, or create new preferences from scratch For more info on APPEL see or Chapter 13 in Web Privacy with P3P

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 5 APPEL rule <appel:RULE behavior="limited" prompt="yes" description="Warning! Data may be shared."> Behavior - request - block - limited description connective - or - and - non-or - non-and - and-exact - or-exact pattern

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 6 What does this APPEL ruleset do? <appel:RULESET xmlns:appel=" xmlns:p3p= crtdby="Lorrie Cranor" >

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 7 APPEL question in HW7 What are your personal privacy preferences? a) First express them in English as a set of 3 to 5 rules. For example one rule might be "I don't want companies to share my data." If you can't capture all of your privacy preferences in 5 rules, just write down the 5 rules you consider most important. b) Translate your rules into P3P vocabulary elements (for example, the above rule would translate to "RECIPIENT=ours") c) Create an APPEL ruleset that represents your set of 3 to 5 privacy preference rules (plus a catch-all rule)

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 8 Microsoft privacy template language See Appendix D of Web Privacy with P3P ty/privacy/overview/privacyimportxml.asp ty/privacy/overview/privacyimportxml.asp Specifies rules for user agents to handle various types of cookies Based on P3P compact policy tokens Allows policies for specific web sites

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 9 Microsoft example <site domain=" action="accept">

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 10 EPAL Enterprise Privacy Authorization Language Developed by IBM, submitted to W3C Allows enterprises to develop granular rules to check whether data access is authorized Similar to P3P syntax but not identical Includes Data-categories User-categories - administrators, doctors, etc. Purposes Actions - disclose, read, etc. Obligations - delete after 30 days, get consent, etc. Conditions - user category = doctor Allow and deny rules

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 11 Announcements Bring laptop (with wireless card if possible) to class on Wednesday Project proposal due Oct 19 Homework 7/8 due Oct 26

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 12 Homework 4 Discussion Privacy software reviews Why do sites use web bugs?

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 13 Homework 5 Discussion Similarities and differences of P3P user agents What did you like or dislike about them? Experience creating bank P3P policies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.