Download P3P Roadshow

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
Document related concepts

URL redirection wikipedia , lookup

Transcript 
P3P
A New Standard in
Online Privacy
Overview and Demos from Summer 2000
http://www.w3.org/P3P/
P3P1.0 – A first step
 Offers an easy way for web sites to
communicate about their privacy policies in a
standard machine-readable format
Can be deployed using existing web servers
 This will enable the development of tools
(built into browsers or separate applications)
that:
Provide snapshots of sites’ policies
Compare policies with user preferences
Alert and advise the user
2
P3P is part of the solution
P3P1.0 helps users understand privacy policies
but is not a complete solution
 Seal programs and regulations
help ensure that sites comply with their policies
 Anonymity tools
reduce the amount of information revealed while
browsing
 Encryption tools
secure data in transit and storage
 Laws and codes of practice
provide a base line level for acceptable policies
3
Using P3P on your Web site
1. Formulate privacy policy
2. Translate privacy policy into P3P format
 Use a policy generator tool
3. Place P3P policy on web site
 One policy for entire site or multiple policies for different parts of
the site
4. Associate policy with web resources:
 Place P3P policy reference file (which identifies location of
relevant policy file) at well-known location on server;
 Configure server to insert P3P header with link to P3P policy
reference file; or
 Insert link to P3P policy reference file in HTML content
4
P3P policies
 Machine-readable (XML) version of web site
privacy policies
 Use P3P Vocabulary to express data
practices
 Use P3P Base Data Set to express type of
data collected
 Capture common elements of privacy policies
but may not express everything (sites may
provide further explanation in humanreadable policies)
5
The P3P vocabulary
 Who is collecting data?
 What data is collected?
 For what purpose will
data be used?
 Is there an ability to optin or opt-out of some
data uses?
 Who are the data
recipients (anyone
beyond the data
collector)?
 To what information
does the data collector
provide access?
 What is the data
retention policy?
 How will disputes about
the policy be resolved?
 Where is the humanreadable privacy
policy?
6
P3P informs Web surfers
privacy
manager
button
7
Transparency
 P3P clients can
check a privacy
policy each time it
changes
http://www.att.com/accessatt/
 P3P clients can
check privacy
policies on all
objects in a web
page, including ads
and invisible images
http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE
8
A simple HTTP transaction
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
Web
Server
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
9
… with P3P 1.0 added
GET /w3c/p3p.xml HTTP/1.1
Host: www.att.com
Request Policy Reference File
Web
Server
Send Policy Reference File
Request P3P Policy
Send P3P Policy
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
10
P3P today
 Intuitive – promotes a seamless browsing experiences
while addressing privacy concerns
 Transparent – makes privacy policies clear to Web users
 Flexible – compatible with both regulatory and selfregulatory approaches, and with other technology tools
 Global – developed with international diversity in mind
 End-to-End – provides tools to more easily create
policies and checks sites for privacy assurance seals
 Expandable – future versions could support automatic
negotiation of privacy agreements and digital signaturebased authentication
 Available – demos currently available
11
P3P enabled web sites
 www.aol.com
 www.microsoft.com
 www.att.com
 www.pg.com
 www.cdt.org
 www.ttuhsc.edu
 www.engage.com
 www.youpowered.com
 www.hp.com
 www.vineyard.net
 www.ibm.com
 www.w3.org
 www.idcide.com
 www.whitehouse.gov
And many more….
12
P3P User Agent Demos
 Microsoft/AT&T P3P Browser
Helper Object
 Idcide Privacy Companion
 YOUpowered Orby Privacy Plus
Microsoft/AT&T P3P browser helper object
A prototype tool designed to work with
Microsoft Internet Explorer Browser
Not yet fully tested, still missing some
features
14
Preference settings
15
16
When preferences are changed to
Disallow profiling, the privacy check
warns us that this site profiles visitors
17
IDcide Privacy Companion
 A browser plug-in that adds functionality to Netscape
or Internet Explorer browsers
 Includes icons to let users know that sites use firstand/or third-party cookies
 Enables users to select a privacy level that controls
the cookie types allowed (1st or 3rd party)
 Prevents data spills to 3rd parties through “referer”
 Let’s users view tracking history
 Prototype P3P-enabled Privacy Companion allows for
more fine-grained automatic decision making based
on P3P policies
 http://www.idcide.com
18
IDcide P3P Icons
Searching for
a P3P policy
No P3P policy found
P3P policy is
NOT acceptable
P3P policy is
acceptable
19
Double clicking on the P3P icon indicates where
the site’s policy differs from the user’s preferences
20
YOUpowered Orby Privacy Plus
A tool bar that sits at the top of a user’s
desktop and allows a user to
Accept or deny cookies while surfing
Decide how, when and where to share
personal information
Store website passwords
Enjoy the convenience of "one-click" form-fill
P3P features in prototype automatically
rate web sites based on their P3P
policies
21
Trust
Meter
22
Orby cookie prompt
23
Orby preference setting menu
24
Policy Generator Demos
IBM P3P Policy Editor
PrivacyBot.com
YOUPowered Consumer Trust Policy
Manager Wizard
IBM P3P Policy Editor
Allows web sites to create privacy
policies in P3P and human-readable
format
Drag and drop interface
Available from IBM AlphaWorks site:
http://www.alphaworks.ibm.com/tech/p3peditor
26
Sites can
list the types
of data they
collect
And view the
corresponding
P3P policy
27
Properties
windows allows
sites to specify
detailed information
about how each
type of data is
used.
28
PrivacyBot.com
Allows
webmasters to
fill out an
online
questionnaire to
automatically
create a
human-readable
privacy policy
and a P3P
policy
29
YOUpowered Consumer Trust Policy Manager wizard
30
For more information
about P3P, please visit our
web site
http://www.w3.org/P3P/
Related documents
Implementing P3P Using Database Technology Rakesh Agrawal
Implementing P3P Using Database Technology Rakesh Agrawal
Lewis Dot Structures
Lewis Dot Structures
Computer Science 9616a, Fall 2011 Project Description Your project
Computer Science 9616a, Fall 2011 Project Description Your project
Misc. Privacy Topics (concluding)
Misc. Privacy Topics (concluding)
Computer Science 9616b, Fall 2016 Project Description Your project
Computer Science 9616b, Fall 2016 Project Description Your project
Slide 1 - Arovista
Slide 1 - Arovista
8th Grade Math CCSS Key Standards
8th Grade Math CCSS Key Standards
HIPPA Compliance Form
HIPPA Compliance Form
Mastering the Internet, XHTML, and JavaScript
Mastering the Internet, XHTML, and JavaScript
Donor Privacy Policy
Donor Privacy Policy