Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
• There is a commercial P3P policy generator available at 5<br />
• When it comes to the validation of P3P policies, there is a W3C validator available<br />
at 6<br />
The P3PToolbox also mentions other tools which are not listed here 7 as well as the W3C<br />
P3P website 8 . Although P3P 1.1 is compatible with P3P 1.0, it should be highlighted<br />
that some of the tools mentioned have not been updated in the last few years and<br />
therefore do not necessarily generate strict P3P 1.1 compatible XML.<br />
3.1.7. Future of P3P<br />
The future of the P3P project is uncertain. At the homepage of the project itself it<br />
is written that “there was insufficient support from current Browser implementers for<br />
the implementation of P3P 1.1” [W3Ce]. That is the reason why the work on P3P 1.1<br />
has been suspended and P3P 1.1 was not published as a recommendation but rather<br />
as a working group note. W3C’s statement that it “is not excluded that W3C will<br />
push P3P 1.1 until Recommendation if there is sufficient support for implementation”<br />
[W3Ce] sound rather half-heartedly when considering the next entry on the project’s<br />
homepage: A new group (called “PLING” - Policy Languages Interest Group) has been<br />
created “to discuss interoperability, requirements and related needs for integrating and<br />
computing the results when different policy languages [are] used together” [W3Ce]. It<br />
can be questioned whether a group which discusses the interoperability of standards<br />
which have never been broadly accepted and implemented will create additional value.<br />
3.2. The Enterprise Privacy Authorization Language<br />
(EPAL)<br />
The Enterprise Privacy Authorization Language was developed by International Business<br />
Machines Corporation (IBM) and is described by IBM as “a formal language for<br />
writing enterprise privacy policies to govern data handling practices in IT systems according<br />
to fine-grained positive and negative authorization rights. It concentrates on<br />
the core privacy authorization while abstracting data models and user-authentication<br />
from all deployment details such as data model or user-authentication” [IBM03]. Unless<br />
mentioned otherwise, the following section about EPAL is based on IBM’s EPAL 1.2<br />
specification available at [IBM03].<br />
5 http://p3pedit.com/<br />
6 http://www.w3.org/P3P/validator/20010928/<br />
7 http://www.p3ptoolbox.org/tools/resources1.shtml<br />
8 http://www.w3.org/P3P/implementations.html<br />
32