Article
Getting Started with XML Security
Privacy: Platform for Privacy Preferences (P3P)
Purpose and Benefits
Privacy is about controlling access to personally identifiable information, and, to a large degree, this is a human policy issue of ensuring that organizations and individuals with legitimate access to that information do not misuse that privilege. To give an example, although a medical office staff may have knowledge of a persons medical records, this does not mean they should share this information with others for profit or other purposes.
Features
The Platform for Privacy Preferences [ P3P ] defines:
- An XML vocabulary for expressing user privacy preferences
- An XML vocabulary for expressing site privacy policies
- Mechanisms for retrieving site policies
- Processing rules
One of the goals is to provide machine-readable user preferences and site policies so that a P3P enabled client can alert users to sites that do not conform to their privacy expectations and help manage privacy.
Key Concepts
A P3P site policy indicates what information is collected and for what purpose, where to locate a human-readable policy, how the site manager may be contacted, and what assurances are made regarding privacy. P3P defines categories of data to be collected and provides the means to associate policy information with portions of a web site, URLs, and other information (such as cookies).
A site may associate privacy policies with different portions of the site. This is done by defining privacy meta information using an XML language defined in the P3P specification and either storing it at a well known location on the site, linking to it from an HTML or XHTML document using the link tag, or by referring to it in a special HTTP header defined in the P3P specification.
Examples
An example meta file from the P3P specification is:
<META xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY-REFERENCES>
<EXPIRY max-age="172800" />
<POLICY-REF about="/P3P/Policy.xml#first">
<INCLUDE>/*</INCLUDE>
<EXCLUDE>/catalog/*</EXCLUDE>
<EXCLUDE>/cgi-bin/*</EXCLUDE>
<EXCLUDE>/servlet/*</EXCLUDE>
</POLICY-REF>
<POLICY-REF about="/P3P/Policies.xml#second">
<INCLUDE>/catalog/*</INCLUDE>
</POLICY-REF>
<POLICY-REF about="/P3P/Policies.xml#third">
<INCLUDE>/cgi-bin/*</INCLUDE>
<INCLUDE>/servlet/*</INCLUDE>
<EXCLUDE>/servlet/unknown</EXCLUDE>
</POLICY-REF>
</POLICY-REFERENCES>
</META>
Example 17 - P3P Site Policy
The P3P specification also defines an XML language for writing a privacy policy, such as the following:
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY name="forBrowsers" xml:lang="en"
discuri="http://www.catalog.example.com/PrivacyPracticeBrowsing.html">
<ENTITY>
<DATA-GROUP>
<DATA ref="#business.name">CatalogExample</DATA>
<DATA ref="#business.contact-info.postal.street">
4000 Lincoln Ave.
</DATA>
...
<DATA
ref="#business.contact-info.telecom.telephone.number">
3926753
</DATA>
</DATA-GROUP>
</ENTITY>
<ACCESS><nonident /></ACCESS>
<DISPUTES-GROUP>
<DISPUTES resolution-type="independent"
service="http://www.PrivacySeal.example.org"
short-description="PrivacySeal.example.org">
<IMG src="http://www.PrivacySeal.example.org/Logo.gif"
alt="PrivacySeal's logo" />
<REMEDIES><correct /></REMEDIES>
</DISPUTES>
</DISPUTES-GROUP>
<STATEMENT>
<PURPOSE>
<admin />
<develop />
</PURPOSE>
<RECIPIENT><ours /></RECIPIENT>
<RETENTION><stated-purpose /></RETENTION>
<!-- Note also that the site's human-readable
privacy policy MUST mention that
data is purged every two weeks, or
provide a link to this information. -->
<DATA-GROUP>
<DATA ref="#dynamic.clickstream" />
<DATA ref="#dynamic.http" />
</DATA-GROUP>
</STATEMENT>
</POLICY>
</POLICIES>
Example 18 - P3P Privacy Policy Statement