Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The P3P1.1 specification defines the syntax and semantics of P3P privacy<br />
policies, and the mechanisms for associating policies with Web resources.<br />
P3P policies consist of statements made using the P3P vocabulary for expressing<br />
privacy practices. P3P policies also reference elements of the P3P<br />
base data schema – a standard set of data elements that all P3P user agents<br />
should be aware of. The P3P specification includes a mechanism for defining<br />
new data elements and data sets, and a simple mechanism that allows for<br />
extensions to the P3P vocabulary.<br />
P3P has two goals: First, it wants to empower websites to provide their privacy policy<br />
in a standardized, machine-readable way. Second, it wants users to understand which<br />
data is collected by websites and in what different ways this data will be used. More<br />
importantly, users should be able to decide whether they want to disclose specific data<br />
or not. That is, websites should be able to provide information on collected data and<br />
reasons why they actually collect that data - but in a way that these reasons can be<br />
automatically matched to the users’ preferences.<br />
To make this happen, the P3P specification defines ways and methodologies to perform<br />
this task. Two important factors are policy reference files and P3P policies. These<br />
policies describe websites’ privacy policies in a machine-readable way. This can be done<br />
by using predefined vocabulary to describe privacy policies in place (via P3P policies<br />
using the P3P XML schema), using a predefined schema for data a website may wish<br />
to collect (the P3P Base Data Schema) and by applying methods to associate privacy<br />
policies to websites, cookies and other content (by using policy reference files).<br />
3.1.2. Requirements<br />
As every other standard, P3P specifies some requirements which need to be fulfilled to<br />
successfully implement P3P on a website and in user-agents. P3P is based on XML-files,<br />
therefore, the basic requirement is that all P3P related XML-files must be well-formed 1 .<br />
Besides this requirement one of the most important specifications is the way the location<br />
of policy reference files is indicated. This is due to the fact that user-agents depend on<br />
the policy reference file to be able find and parse the P3P policies of websites and hence<br />
compare them with users’ privacy settings. According to the P3P specification there are<br />
four mechanisms to indicate the location of a privacy policy reference file:<br />
1. “Well-known location” method<br />
2. HTTP header<br />
3. HTML link tag<br />
4. XHTML link tag<br />
1 W3C provides a P3P validator to validate P3P policies which can be found at<br />
http://www.w3.org/P3P/validator.html. However, as of the time of writing, the validator<br />
was not operational<br />
19