How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002

Slides:

Advertisements

Similar presentations

What Companies Need to Know about P3P

Advertisements

Web Privacy with P3P Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research July 2002

The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.

P3P Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.

P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Introduction to Privacy January.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Introduction.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Introduction to Privacy January.

Lorrie Cranor 1 Introduction to P3P Lorrie Faith Cranor.

Lorrie Faith Cranor AT&T Labs-Research Online Privacy Promise or Peril?

HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.

Different Streaming Technologies. Three major streaming technologies include:

EValid Getting Started. Agenda Introduction to eValid First experience of using eValid Recording and Site Analysis in eValid.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Deploying P3P on Web Sites October 7, 2008.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Deploying P3P.

Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.

An Analysis of P3P Deployment Hyun Jin Kim Sensitive Information in a Wired World November 11, 2003.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

Lorrie Faith Cranor AT&T Labs-Research Online Privacy What are People So Concerned About and What is Being Done About it?

Introduction to Nvu Jing Fu. What is nVu? Free web design and development tool WYSIWYG (/wiziwig/) software Other similar tools: Dreamweaver, Googlepages.

Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.

Presenting Information on WWW using HTML. Presenting Information on the Web with HTML How Web sites are organized and implemented A brief introduction.

M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

P3P Soundbytes : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Ruth Nelson.

P3P A New Standard in Online Privacy Overview and Demos from Summer 2000.

Create Your Own Webpage. Fun with images Today we’ll cover –Working with images Including an image on your page Making the image a link Editing images.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 P3P I Week 6 - October.

1 Session 1: Introduction to HTML Spring Today’s Agenda Cover useful terminology for today’s session HTML, browsers, servers, etc. HTML Tags Get.

Computers and Society Carnegie Mellon University Spring 2005 Lorrie Cranor and Dave Farber 1 Privacy Week 9 - March.

Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.

The Future of P3P Ari Schwartz Center for Democracy and Technology Lorrie Faith Cranor AT&T Labs-Research November 2002.

P3P & Internet Explorer 6.0 New York – Feb. 4, 2002.

1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.

User Interfaces for Privacy Design and Evaluation of the AT&T Privacy Bird P3P User Agent Lorrie Faith Cranor AT&T Labs-Research

Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Introduction to P3P Week.

U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.

Integrating and Troubleshooting Citrix Access Gateway.

The Platform for Privacy Preferences (P3P) Workshop on the Relationship between Privacy and Security Lorrie Faith Cranor P3P Specification Working Group.

AT&T Privacy Bird Screen Shots For more information see

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Introduction to P3P October 2, 2008.

Module: Software Engineering of Web Applications Chapter 2: Technologies 1.

 A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests.

Session 1: Introduction to HTML Fall Today’s Agenda Talk about the functions of the Internet Cover useful terminology for today’s session HTML,

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Getting Your Content in the Penn State Student Portal Presented By James Leous, Program Manager James Vuccolo, Lead Research Programmer.

Create Course with video lesson. Course Coverage What covered in this course? Video lesson creation – Using external site embed iframe tag – Using third.

CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ

Windows Vista Configuration MCTS : Internet Explorer 7.0.

4.01 How Web Pages Work.

Chapter 8 Browsing and Searching the Web

Visualizing Privacy I March 7, 2006.

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February

Latest Updates on BlackHawk Mines Music : Privacy Policy

Web Caching? Web Caching:.

Configuring Internet-related services

HTTP Request Method URL Protocol Version GET /index.html HTTP/1.1

Kevin Harville Source: Webmaster in a Nutshell, O'Rielly Books

4.01 How Web Pages Work.

The Platform for Privacy Preferences Project

Presentation transcript:

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February

2 The Basics P3P provides a standard XML format that web sites use to encode their privacy policies Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set No special server software required

3 A simple HTTP transaction Web Server GET /index.html HTTP/1.1 Host: Request web page HTTP/ OK Content-Type: text/html... Send web page

4 … with P3P 1.0 added Web Server GET /w3c/p3p.xml HTTP/1.1 Host: Request Policy Reference File Send Policy Reference File GET /index.html HTTP/1.1 Host: Request web page HTTP/ OK Content-Type: text/html... Send web page Request P3P PolicySend P3P Policy

5 P3P deployment overview 1.Create a privacy policy 2.Determine whether you want to have one P3P policy for your entire site or different P3P policies for different parts of your site 3.Create a P3P policy (or policies) for your site 4.Create a policy reference file for your site 5.Configure your server for P3P 6.Test your site to make sure it is properly P3P enabled

6 Creating a privacy policy Name and contact information for your site The kind of access you provide Mechanisms for resolving privacy disputes The kinds of data you collect How collected data is used, and whether individuals can opt-in or opt-out of any of these uses Whether/when data may be shared Data retention policy Opt-in or opt-out opportunities

7 Generating a P3P policy and policy reference file Edit by hand  Cut and paste from an example  Make sure you use P3P validator to check for errors Use a P3P policy generator  IBM P3P policy editor

8 Helping user agents find your policy reference file Place policy reference file in “well known location” /w3c/p3p.xml  Most sites will do this Use special P3P HTTP header  Recommended only for sites with unusual circumstances, such as those with many P3P policies Embed link tags in HTML files  Recommended only for sites that exist as a directory on somebody else’s server (for example, a personal home page)

9 Compact policies Provide very short summary of full P3P policy for cookies Not required Must be used in addition to full policy May only be used with cookies Must commit to following policy for lifetime of cookies IE6 relies heavily on compact policies for cookie filtering – especially an issue for third- party cookies

10 AT&T Privacy Bird Free download of beta from “Browser helper object” for IE 5.01/5.5/6.0 Reads P3P policies at all P3P-enabled sites automatically Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences Clicking on bird icon gives more information Current version is information only – no cookie blocking

11 Chirping bird is privacy indicator

12 Click on the bird for more info

13 Privacy policy summary - mismatch

14 Users select warning conditions

15 Bird checks policies for embedded content