Understanding P3P - Private Thoughts (Page 2 of 5 )
Currently, privacy policies (when they exist) tend to be written in non-standard ways - some sites publish extremely precise privacy policies, crammed with so much legalese and fine print that reading it makes your head hurt, while others favour the spartan approach, providing next to no information on how they use personal information. Some sites merely log each client request, with no specific user information collected, while others ask for demographic data or track user clicks to generate a user profile. Similarly, some sites save user information to provide better service to the user when (s)he comes back the next time, while others collect user information and share it with other agencies in either aggregate or individual form.
P3P attempts to bring some standards and structure to the party, enabling sites to clearly and effectively communicate to users exactly how the information they provide will be used, and leaving it to the user to decide how to proceed.
Typically, a P3P-compliant Web site creates and publishes a privacy policy, using standard P3P-defined constructs, and places it on its Web site. This policy specifies, in clear and simple terms, the type of information collected by the site during the user's visit, as well as how the site plans to use the information. When a P3P-enabled Web browser connects to the Web site, it first looks for the site's privacy policy, analyzes it and then, depending on whether or not the site's published policy matches the user's comfort level, consummates or aborts the transaction.
This isn't necessarily a perfect solution - it implies, for one thing, that a user needs to specify his or her personal privacy preferences before attempting to access any Web site - but it does have merits. It allows the user to be aware of how personal information is going to be used *before* submitting it, offers him or her greater control over the process, and, by forcing a site to make its privacy policies public, implies greater accountability and transparency than is currently prevailing.
It's important to note, though, that P3P does not provide any mechanism to enforce the statements made in a site's privacy policy. Its focus is more on communicating stated policy accurately, thereby allowing for more knowledgeable decisions on the part of the user, and less on verifying the implementation of the policy. Enforcement of a site's privacy policy has more to do with the current legal framework than with P3P. As the W3C's P3P FAQ clearly states, "... P3P is intended to be complementary to legislative and self-regulatory programs...there is no reason why P3P and legislation should be exclusionary of each other..." (P3P and Privacy FAQ, W3C, 06/2001)
As a W3C project that is likely to impact Web users across the planet, P3P is a pretty important effort. Consequently, the W3C's P3P Working Group has solicited input from a large number of organizations to ensure that the specification is balanced and fair to all parties involved. Contributors to this process include some of the world's largest corporations, including AT&T, Citibank, Microsoft, IBM, and HP, as well as privacy advocates like Trust, and Privacy Alliance and TRUSTe. As a result of all this input, P3P has taken a while to come to fruition...and the effort hasn't been helped by the rapid changes in XML-based technologies (P3P uses XML as its expression language), which have in turn necessitated changes to the P3P specification.{mospagebreak title=A Matter Of Policy} P3P is implemented via two types of files, both expressed in XML: a policy reference, and one or more policy statements. Each of these file types has a distinct and unique role to play in the P3P paradigm.
The policy reference file specifies the location of the site's P3P policy (or policies), and provides information on which sections of the site are covered by which policy. This policy reference file is usually placed in a standard location on the Web server - currently defined as /w3c/p3p.xml - and the P3P specification also allows for the location of this file to be specified within HTTP header responses or embedded as part of the URL reference within a hyperlink.
The real meat, though, lies in the policies specified within the policy reference file. These policies, which are again expressed using P3P-specific XML elements, contain detailed information on the type of information collected by the site, the manner in which it is used, the types of people who have access to it, and the period for which it is retained. It also provides information on the legal measures available to users who feel that their privacy has been violated, together with details of the remedies available.
In order to illustrate how this works, consider the following simple example of a policy reference file:
<meta xmlns="http://www.w3.org/2000/12/P3Pv1">
<policy-references>
<policy-ref about="/w3c/policy.xml#all">
<include>/*</include>
</policy-ref>
</policy-references>
</meta>
This file specifies the name and location of the site's
policy statement(s), enclosing each one within <policy-ref> tags. Within these tags, <include> and <exclude> tags are used to identify which areas of the site are covered by each policy. The example above specifies that the entire site is covered by a single policy, named "general.xml"; however, it's also possible to build a more complex policy reference file, as demonstrated by the next example:
<meta xmlns="http://www.w3.org/2000/12/P3Pv1">
<expiry max-age="604800" />
<policy-references>
<policy-ref about="/w3c/policy.xml#gen">
<include>/*</include>
<exclude>/account/*</include>
<exclude>/feedback/*</include>
</policy-ref>
<policy-ref about="/w3c/policy.xml#account">
<include>/account/*</include>
</policy-ref>
<policy-ref about="/w3c/policy.xml#feedback">
<include>/feedback/*</include>
</policy-ref>
</policy-references>
</meta>
In this case, we have three different policies, each one
covering a different area of the site. Note also the <expiry> element at the beginning of the file, which specifies how long the policies are valid (in this example, seven days).
When a user attempts to access a URL on a P3P-compliant site, a P3P-compatible Web browser (like Internet Explorer 6.0, which includes primitive P3P support) will first look for the policy reference file (either in the standard location, the location specified in the HTTP response header, or the location stated in the referring hyperlink) to find out which policy applies to that URL. The policy reference file, which maps a specific policy statement to a particular section of the site, provides the browser with the location of the policy statement; the browser can then read this statement, evaluate whether the user's privacy will be violated by accessing the URL, and make a decision on how to proceed.
So that's the policy reference file. Next, let's look at an actual policy statement.
Next: Data Overload >>
More Administration Articles
More By Vikram Vaswani, (c) Melonfire
/ 1 
