Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation Shortcomings.

Published byEvangeline Jacobs Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation Shortcomings."— Presentation transcript:

1 © 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation Shortcomings of P3P for Privacy Authorization Lessons Learned when using P3P for Privacy Authorization Paul Ashley, IBM Software Group Günter Karjoth, IBM Research

2 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation Outline 1.The Privacy Pie The Complete Picture The Pieces of the Pie 2.Choices for Enforcing Privacy 3.Practical Experiences with using P3P 4.Conclusions

3 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 1.0 The Complete Picture „The Privacy Pie“ Notice Collect Consent Enforce Privacy Policy Audit Compliance P3P

4 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 1.1. Notice Publishing a Privacy Notice:  Privacy promise  Offered user choices Requirements:  Unified global format  Well-defined semantics and user-agent guidelines  Describes user‘s view of enterprises (= disclosure-oriented) P3P:  Well-suited for Notices Data User Mark the box if we can send your home address to our trusted partners.

5 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 1.2. Collecting Consent Collecting Consent from Data-Subjects:  Consent to a particular privacy policy  Choices for the provided options Requirements:  Well-defined back-channel  User‘s View P3P:  Not applicable  No well-defined format available  Usually integrated into applications Data Subject I agree with this policy and I marked the box.

6 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 1.3. Privacy Enforcement Enforcing Privacy Restrictions within the Enterprise:  Consented privacy promises  Enterprise-internal Privacy Policy Requirements:  Fine-grained; enterprise-view  Compatible with privacy promises  Adoptable to varying enterprises P3P:  Not fine-grained  Identical to promises Personal Data Application Your request is not allowed by the policy!

7 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 1.4a. Audit  in Traditional Access control, logging the access is enough  in Privacy Management, all actions on PII must be justified in terms of authorizations Data Subject Why did you send me spam? Data User Because you opted in to the marketing policy 1 on April 1, 2002.

8 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 1.4b. Reporting Providing Privacy Reports:  What personal data is stored?  What is the applicable policy for each piece of data?  How was a certain piece of data accessed in the past? Requirements:  Extensive logging  Policy and consent management P3P:  Only for promises Inventory Usage Log Policy Report

9 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 2. Choices for Enforcing Privacy  Do nothing and pray  Coding privacy policy into applications –cost of coding and maintenance becomes prohibitive –time to change to a new policy is far too large. –each of the applications has to be modified for each policy change –difficult reporting and auditing  Centralized Enforcement Infrastructure –centralized consent and policy management –centralized auditing and reporting –distributed enforcement

10 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 3. Practical Experiences with Using P3P for an Authorization Language  Use of predefined types  Only action is use  No obligations  No disallow rule  Limited conditions

11 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 3.1 Use of pre-defined types P3P pre-defines a set of types:  Data Categories (17): physical, online, uniqueid, purchase, financial, navigation, demographic, content, health, preference, …  Purpose (12): current, pseudo-analysis, individual-decision, contact, telemarketing, admin, develop, tailoring, …  Recipient (6): ours, same, delivery, unrelated  Retention (5): no-retention, stated-purpose, business-practices, indefinitely,.. u useful for interoperability but not for authorization Useful purposes in health care:  medical_diagnosis, blood_research, statistical_analysis, billing u enterprises want to define their own types !

12 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 3.2 No obligations P3P does not allow the use of an obligation in a policy ! For example, our health care customers wanted to write policy statements of the form: –ALLOW general_practioners to READ medical_records if {some conditions} with obligation {if patient is of VIP category flag alert} –ALLOW sales to WRITE customer_data if {conditions} with obligation {if customer < 18 then get parent approval or delete data within 7 days}  We were unable to implement these policies with our customers.

13 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 3.3 No disallow rule  Policies become much more complicated than necessary ! Engineering: e_assistants, e_managers, e_contractors, e_architects, e_administrative  A customer required a set of rules: –ALLOW engineering to READ customer_engineering_data –DISALLOW e_contractors to READ customer_engineering_data  Not having a DISALLOW rule means that this would have to be rewritten as –ALLOW e_assistants to READ customer_engineering_data –ALLOW e_managers to READ customer_engineering_data –ALLOW e_architects to READ customer_engineering_data

14 IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation 4. Conclusions  P3P is well-suited for formalizing privacy promises that are communicated to end-users  P3P is too coarse-grained  many of the policy statements from our customers required conditions to be evaluated.  P3P lacks some features for enterprise-internal privacy enforcement. => enforceable Privacy Policy Language is Needed

Download ppt "© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June 19-20 2003 © 2003 IBM Corporation Shortcomings."

Similar presentations

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
IBM Zurich Research Lab © 2004 IBM Corporation PART 5 Enterprise Privacy Policies.

IBM Zurich Research Lab © 2004 IBM Corporation PART 5 Enterprise Privacy Policies.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
James Williams – Ontario Telemedicine Network. Objectives: 1. Review policy constraints for EHR systems. 2. Traditional approaches to policies in EHRs.

James Williams – Ontario Telemedicine Network. Objectives: 1. Review policy constraints for EHR systems. 2. Traditional approaches to policies in EHRs.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
Examine Quality Assurance/Quality Control Documentation

Examine Quality Assurance/Quality Control Documentation
Mobility Methods for document access while away from the office.

Mobility Methods for document access while away from the office.
“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.

“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.
Midwest Documentum User Group Harley-Davidson Documentum WCM 10/10/2006.

Midwest Documentum User Group Harley-Davidson Documentum WCM 10/10/2006.

Similar presentations

Ads by Google