Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab

More documents

Recommendations

Info

1 M i c r o s o f t Way< /DATA> Redmond WA USA 98052−6399 homepage@microsoft . com h t t p : // support . m i c r o s o f t . com/ contactus /?ws=mscom < a l l /> I f f o r some reason you b e l i e v e m i c r o s o f t . com has not adhered to t h e s e p r i n c i p l e s , p l e a s e n o t i f y us by e−mail at homepage@microsoft . com M i c r o s o f t i s a premier sponsor o f TRUSTe and a member o f the TRUSTe privacy program , an independent , non− p r o f i t i n i t i a t i v e whose mission i s to b u i l d u s e r s ’ t r u s t and c o n f i d e n c e in the I n t e r n e t by promoting TRUSTe ’ s p r i n c i p l e s o f f a i r i n f o r m a t i o n p r a c t i c e s . Listing 3.7: microsoft.com’s P3P policy - general assertions Besides general assertions, there are also six data specific assertions which are encapsulated by a STATEMENT element. This enables websites to group data elements they collect in a statement. If a website for example collects user-data in the logfiles of their 26
webservers for administrative purposes as well as data to process customer orders, it might have two statements. These data specific assertions are: • A consequence should provide the users with information specifying why their data is actually collected and why it may be valuable for a certain service, transaction or feature. It is stated in a human-readable form using the CONSEQUENCE element. This element is optional, its usage however is strongly recommended. • If a websites does not collect identifiable data (so called non-identifiable data) or if it anonymizes this data, it may set an indicator accordingly using the NON- IDENTIFIABLE element. However, websites should note that the P3P specification provides a strict definition of anonymized: ’In order to consider the data ”anonymized”, there must be no reasonable way for the entity or a third party to attach the collected data to the identity of a natural person’ [W3Ca]. This element is optional. • How the data a website collects is going to be used has to be provided using the PURPOSE element. The P3P vocabulary defines twelve purposes whereas the twelfth provides a possibility to provide human-readable information. The other eleven purposes have a predefined meaning. Table 3.1 recites the “Plain Language Translations of P3P Vocabulary Elements” of the P3P specification for these twelve elements according to [W3Ca]. • The RECIPIENT element states with which parties collected data will be shared. P3P specifies six types of recipients which are listed in Table 3.2. • The data-retention policy in effect must be defined using the RETENTION element. Although no specific time is indicated, the five sub-elements can give users an indication about the websites’ retention policy which can be supported by a human-readable retention policy. Table 3.3 lists all sub-elements including their meaning. As with policy reference files, P3P policies can be assigned a language by using the xml:lang attribute. This attribute is used to identify the language of human-readable fields. Another feature already highlighted is the policy lifetime. By setting the EXPIRE element, website can provide information on how long a certain policy is valid, that is when user-agents have to re-fetch a policy for a website or certain content elements. Besides “normal” P3P policies, one can also define compact policies (CP) which represent a summary of a websites’ P3P policy for a cookie. Compact policies are transmitted via an additional HTTP response header CP. As the name suggests, compact policies do not provide the same details as P3P policies. However, compact policies are heavily used especially by Microsoft’s Internet Explorer which decides if a cookie is going to be blocked or not solely based on compact policies [Cra02]. 27
Page 1: Wirtschaftsuniversität Wien Magist
Page 4 and 5: Contents Abbreviations vii Listings
Page 6 and 7: II. Applied part 53 6. Development
Page 8 and 9: Listings viii 3.1. HTTP response he
Page 10 and 11: List of Tables x 3.1. PURPOSE sub-e
Page 12 and 13: 1. Introduction This thesis address
Page 14 and 15: In addition, the applied part of th
Page 16 and 17: 2. Privacy Threats Privacy is the
Page 18 and 19: term friendly fraud relates to legi
Page 20 and 21: over iGoogle, search Wikipedia via
Page 22 and 23: collect a lot of personal data abou
Page 24 and 25: 2.4. Privacy sensitive technologies
Page 26 and 27: • Data necessary to identify the
Page 28 and 29: 3. Privacy Standards The following
Page 30 and 31: The well-known location method (whi
Page 32 and 33: • User Preferences: User-agents m
Page 34 and 35: Another important issue for policy
Page 38 and 39: 28 PURPOSE Plain Language Translati
Page 40 and 41: Finally, an example should be provi
Page 42 and 43: • There is a commercial P3P polic
Page 44 and 45: Element Value ruling allow user cat
Page 46 and 47: 3.3.1. XACML - an introduction Simi
Page 48 and 49: 3.3.3. Summary The introduced priva
Page 50 and 51: specified conditions” [ISO01a]. T
Page 52 and 53: applied to this characteristic too,
Page 54 and 55: Figure 5.1.: Microsoft Internet Exp
Page 56 and 57: 5.1.2. Firefox The Mozilla Foundati
Page 58 and 59: shortcuts and context-menu, users s
Page 60 and 61: 5.3. Proxies In this section, proxi
Page 62 and 63: 52 Figure 5.10.: The settings dialo
Page 64 and 65: 6. Development of a Privacy Plug-In
Page 66 and 67: • components directory: this dire
Page 68 and 69: Speaking of information it has to b
Page 70 and 71: Figure 6.2.: Displaying the P3P pol
Page 72 and 73: matches the users preferences befor
Page 74 and 75: Figure 6.4.: The privacy policy of
Page 76 and 77: is different from the one available
Page 78 and 79: access elements in a policy which i
Page 80 and 81: implementation available although t
Page 82 and 83: [Dro06] Dennis Drotar, Rachel Green
Page 84 and 85: [Kob07] Alfred Kobsa. Privacy-enhan
Page 86 and 87:
[Oli04] Nadia Olivero and Peter Lun
Page 88 and 89:
[Woo06] Jisuk Woo. The right not to
Page 90 and 91:
M i c r o s o f t i s a premier spo
Page 92 and 93:
82
Page 94 and 95:
B. E-Mail correspondence Subject :
Page 96:
the Thank you , Renukesh M i c r o
show all

Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?