The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Created: December 05, 2001.
News: Cover StoriesPrevious News ItemNext News Item

W3C Publishes Updated Platform for Privacy Preferences 1.0 Deployment Guide.

A new release of the W3C's Platform for Privacy Preferences 1.0 Deployment Guide is designed to help web site operators "deploy the Platform for Privacy Preferences (P3P) on their sites, and provides information on the tasks required." The Platform for Privacy Preferences (P3P) defines a way for Web sites to publish their privacy policies in a machine-readable syntax. Relevant XML Schemas and XML DTDs are presented in the appendices of the P3P 1.0 working draft specification, published September 28, 2001. A Web site will deploy P3P in order to make its privacy practices more transparent to the site's visitors. A visitor's Web browser can download the machine-readable privacy statements, and compare the contents of those statements to the user4s preferences. This way, the user4s browser can automatically notify the user when they visit a site whose practices match the user4s preferences. or warn the user if the practices and preferences don't match... A P3P policy file contains a description of data collection, use, and sharing practices; it does not, however, declare what that policy applices to. P3P uses a separate file, called a policy reference file, to list the P3P policies in use at a site (or portion of a site), and what portions of the site and what cookies are covered by each policy."

The Platform for Privacy Preferences Project (P3P) "enables Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. The P3P1.0 specification defines the syntax and semantics of P3P privacy policies, and the mechanisms for associating policies with Web resources. P3P policies consist of statements made using the P3P vocabulary for expressing privacy practices. P3P policies also reference elements of the P3P base data schema -- a standard set of data elements that all P3P user agents should be aware of. The P3P specification includes a mechanism for defining new data elements and data sets, and a simple mechanism that allows for extensions to the P3P vocabulary. P3P version 1.0 is a protocol designed to inform Web users of the data-collection practices of Web sites. It provides a way for a Web site to encode its data-collection and data-use practices in a machine-readable XML format known as a P3P policy. The P3P specification defines: (1) A standard schema for data a Web site may wish to collect, known as the 'P3P base data schema' (2) A standard set of uses, recipients, data categories, and other privacy disclosures (3) An XML format for expressing a privacy policy (4) A means of associating privacy policies with Web pages or sites, and cookies (5) A mechanism for transporting P3P policies over HTTP The goal of P3P version 1.0 is twofold. First, it allows Web sites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner. Second, it enables Web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may 'opt-out' of or 'opt-in' to..." [from the W3C P3P version 1.0 specification 28-September-2001]

Bibliographic information: "The Platform for Privacy Preferences 1.0 Deployment Guide." W3C Note 30-November-2001. Author/Editor: Martin Presler-Marshall (IBM). This release updates the version of 2001-07-24. Version URL: Latest VersionURL: "This is a guide to help site operators deploy the Platform for Privacy Preferences (P3P) on their site."

Principal document revisions in the P3P Deployment Guide: [1] Addition of a new section describing restrictions in the use of the compact policy format. "In addition to the full XML privacy statements defined by P3P, P3P also defines a compact policy format. The compact policy summarizies the portion of the P3P policy which applies to the cookies in a response. The summary is sent in a simple, compact syntax. The compact policy is returned as an HTTP response header. This means that the client will have the compact policy available to it when it considers any cookies sent by the site. The use of compact policies is optional for Web sites; however, their use is strongly encouraged. Due to their location and simple syntax, compact policies can be quickly processed by clients, allowing them to make decisions on processing the cookies in that response. [2] An updated Appendix section A.3 'Microsoft Internet Information Server' which covers Microsoft Internet Information Server (IIS) on a Microsoft Windows 2000 Server platform; the P3P header can be added through the IIS snap-in from the Computer Management console (MMC) on a Microsoft Windows 2000 server. This section shows how to associated a web page with its P3P privacy policy.

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Bottom Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: