1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.

Slides:



Advertisements
Similar presentations
18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.
Advertisements

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.
P3P Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.
Back to Table of Contents
WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.
P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Database Administration
The RDF meta model: a closer look Basic ideas of the RDF Resource instance descriptions in the RDF format Application-specific RDF schemas Limitations.
Computer Security Fundamentals
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
Web services A Web service is an interface that describes a collection of operations that are network-accessible through standardized XML messaging. A.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
1 Simple Object Access Protocol (SOAP) by Kazi Huque.
Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.
OASIS TECHNICAL COMMITTEE FORMAT OF AUTOMOTIVE REPAIR INFORMATION SC2-D5 Architecture and Specifications.
Lecturer: Ghadah Aldehim
NAHAM Guide to Up-front Collections Welcome to the NAHAM Guide to Up-front Collections Demo CD! Please remember that this is only a demo of the Guide.
Chapter 16 The World Wide Web Chapter Goals ( ) Compare and contrast the Internet and the World Wide Web Describe general Web processing.
P3P A New Standard in Online Privacy Overview and Demos from Summer 2000.
16-1 The World Wide Web The Web An infrastructure of distributed information combined with software that uses networks as a vehicle to exchange that information.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 P3P I Week 6 - October.
Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
The Future of P3P Ari Schwartz Center for Democracy and Technology Lorrie Faith Cranor AT&T Labs-Research November 2002.
How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002
ZLOT Prototype Assessment John Carlo Bertot Associate Professor School of Information Studies Florida State University.
Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002.
Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology
ICS (072)Database Systems: An Introduction & Review 1 ICS 424 Advanced Database Systems Dr. Muhammad Shafique.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
Semantic based P2P System for local e-Government Fernando Ortiz-Rodriguez 1, Raúl Palma de León 2 and Boris Villazón-Terrazas 2 1 1Universidad Tamaulipeca.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
The Platform for Privacy Preferences (P3P) Workshop on the Relationship between Privacy and Security Lorrie Faith Cranor P3P Specification Working Group.
AT&T Privacy Bird Screen Shots For more information see
The RDF meta model Basic ideas of the RDF Resource instance descriptions in the RDF format Application-specific RDF schemas Limitations of XML compared.
Ethical and Legal Issues Information Systems 337 Prof. Harry Plantinga.
Introducing XLink and XPointer ©NIITeXtensible Markup Language/Lesson 10/Slide 1 of 23 Objectives In this lesson, you will learn to: * Identify the types.
Website Design, Development and Maintenance ONLY TAKE DOWN NOTES ON INDICATED SLIDES.
Community Pharmacy Summary Care Record (SCR) Privacy Officer End-user.
Week 7 Lecture Part 2 Introduction to Database Administration Samuel S. ConnSamuel S. Conn, Asst Professor.
WHY DO YOU NEED IT? What is a wireframe?. A wireframe is… A wireframe is a simple visual guide to show you what a Web page would look like. Wireframes.
PROGRESS REPORT LECTURE 7. What is a Progress Report? A Progress Report : documents the status of a project describes the various tasks that make up the.
NATIONAL IT AUTHORITY MODULE 5 PROCESS HANDLING SKILLS AND KNOWLEDGE.
CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ
Impact Of Online Advertising On Consumer Behaviour By Thatipalli Sagar 10cqcma108 Under The Guidance Of Dr. Maruthi Ram. R.
1104B – Dr. Jackie. Copyright © 2010 Certification Partners, LLC -- All Rights Reserved  Remember we are driving toward a complete, cohesive e-Commerce.
Essential tools for implementing and testing websites
WEB SERVICES From Chapter 19 of Distributed Systems Concepts and Design,4th Edition, By G. Coulouris, J. Dollimore and T. Kindberg Published by Addison.
How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February
UNIT 15 Webpage Creator.
Three Reasons Why Land Solutions Should be Open and Interoperable
Buy Button Technical Working Group
Chapter 16 The World Wide Web.
WEB SERVICES From Chapter 19, Distributed Systems
Recitation on AdFisher
Chapter 9: Configuring Internet Explorer
The Platform for Privacy Preferences Project
STEPS Site Report.
Presentation transcript:

1 WS-Privacy Paul Bui Ryan Dickey

2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References

3 Introduction to WS-Privacy  Organizations create, manage and use web services  These organizations need to state their privacy policies  They also need to require that incoming requests adhere to these policies

4 P3P Still Under Development  The specification will describe a model for how a privacy language may be embedded into WS-Policy descriptions  WS-Security will associate privacy claims with a message  WS-Trust mechanisms can be used to evaluate these privacy claims for both user preferences and organizational practice claims

5 New Name!  WS-Privacy is currently implemented as the Platform for Privacy Preferences Project 1.0 Specification (P3P1.0)  This provides a model for how privacy preferences and organizational privacy practices are conveyed.

6 Platform for Privacy Preferences Project  Also known as P3P  A simple, automated way for users to gain more control over the use of their personal information on websites  Basically a set of multiple-choice questions covering all major aspects of a website’s privacy policies

7 How P3P Works  P3P-enabled websites state their privacy policies in a standard, machine-readable format (XML)  P3P-enabled browsers can "read" this snapshot automatically and compare it to the consumer's own set of privacy preferences

8 Making Your Website P3P Compliant

9 An HTTP Transaction With P3P Added

10 A P3P Scenario P3P Policy homepage catalog checkout

11 P3P Policy Elements  gives a precise description of the legal entity making the representation of the privacy practices.  indicates whether the site provides access to various kinds of information.

12 P3P Policy Elements cont’d  describes dispute resolution procedures that may be followed for disputes about a services' privacy practices, or in case of protocol violation.  Each element SHOULD contain a element that specifies the possible remedies in case a policy breach occurs.

13 P3P Policy Elements (cont’d)  is a container that groups together a, a, a, a, and optionally a  A statement concerns the data practices as applied to data elements (e.g., data collection)

14 P3P Policy Elements cont’d  A may contain, signifying that there is no data collected under this, or that all of the data referenced by that will be anonymized upon collection  explains why the suggested practice may be valuable in a particular instance

15 P3P Policy Elements cont’d  A must contain one or more purposes for data collection  E.g. to complete current activity (e.g. web search results) to administrate the site historical preservation used to contact individual about promotions and etc.

16 P3P Policy Elements cont’d  is the legal entity, or domain, beyond the service provider and its agents where data may be distributed  is the type of retention policy of the data

17 P3P Policy Elements cont’d  are elements inside data elements that provide hints to users and user agents as to the intended uses of the data. physical contact info online contact info method of payment gender, age, income, etc. to aid purchasing of healthcare products etc.

18 P3P Example  #Example_policy #Example_policy a step by step example of implementing p3p

19 P3P-Enabled Examples  Yahoo!  About  Angelfire  Dell  Netscape 7  IE 6 (cookie element only)

20 Demo 1  Show the P3P documents in action at a live site

21 Demo 2  Show the P3P policies in action at a live site  Demonstrate a policy of requiring cookies to be enabled (e.g., PayPal) running against a browser with cookie settings turned on and off

22 P3P Adoption  Ernst & Young report (Jan. 2004) on P3P adoption rates:  23% of the Top 500 web domains  31% of the Top 100 web domains  50% of the top health domains  64% of the top ___ domains

23 P3P Caveats  P3P does not enforce adherence to privacy policies  P3P cannot monitor whether sites adhere to their own stated practices  Thus users do not know whether their policy preferences are actually being enforced

24 Conclusion  P3P is a system for making Web site privacy policies machine-readable  P3P enhances user control by putting privacy policies where users can find them, in a form users can understand, and enables users to act on what they see. (e.g., a popup)

25 Primary References  the comprehensive page for P3P  the current P3P technical specification

26 Secondary References  ws-privacy.html ws-privacy.html a summary of WS-privacy  Security/P3P/ Security/P3P/ a sample P3P page  US/P3P_Dashboard_-_January_2004/$file /E&YTop500P3PDashboard.pdf US/P3P_Dashboard_-_January_2004/$file /E&YTop500P3PDashboard.pdf statistical information

27 Tools  tool1  tool2  tool3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.