Presentation is loading. Please wait.

Presentation is loading. Please wait.

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002

Published bySherman Harold McLaughlin Modified over 8 years ago

Similar presentations

Presentation on theme: "How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002"— Presentation transcript:

1 How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002 http://lorrie.cranor.org/

2 2 The Basics P3P provides a standard XML format that web sites use to encode their privacy policies Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set No special server software required

3 3 A simple HTTP transaction Web Server GET /index.html HTTP/1.1 Host: www.att.com... Request web page HTTP/1.1 200 OK Content-Type: text/html... Send web page

4 4 … with P3P 1.0 added Web Server GET /w3c/p3p.xml HTTP/1.1 Host: www.att.com Request Policy Reference File Send Policy Reference File GET /index.html HTTP/1.1 Host: www.att.com... Request web page HTTP/1.1 200 OK Content-Type: text/html... Send web page Request P3P PolicySend P3P Policy

5 5 P3P deployment overview 1.Create a privacy policy 2.Determine whether you want to have one P3P policy for your entire site or different P3P policies for different parts of your site 3.Create a P3P policy (or policies) for your site 4.Create a policy reference file for your site 5.Configure your server for P3P 6.Test your site to make sure it is properly P3P enabled

6 6 Creating a privacy policy Name and contact information for your site The kind of access you provide Mechanisms for resolving privacy disputes The kinds of data you collect How collected data is used, and whether individuals can opt-in or opt-out of any of these uses Whether/when data may be shared Data retention policy Opt-in or opt-out opportunities

7 7 Generating a P3P policy and policy reference file Edit by hand  Cut and paste from an example  Make sure you use P3P validator to check for errors http://www.w3.org/P3P/validator/ Use a P3P policy generator  IBM P3P policy editor http://www.alphaworks.ibm.com/tech/p3peditor

8 8 Helping user agents find your policy reference file Place policy reference file in “well known location” /w3c/p3p.xml  Most sites will do this Use special P3P HTTP header  Recommended only for sites with unusual circumstances, such as those with many P3P policies Embed link tags in HTML files  Recommended only for sites that exist as a directory on somebody else’s server (for example, a personal home page)

9 9 Compact policies Provide very short summary of full P3P policy for cookies Not required Must be used in addition to full policy May only be used with cookies Must commit to following policy for lifetime of cookies IE6 relies heavily on compact policies for cookie filtering – especially an issue for third- party cookies

10 10 AT&T Privacy Bird Free download of beta from http://www.privacybird.com/ “Browser helper object” for IE 5.01/5.5/6.0 Reads P3P policies at all P3P-enabled sites automatically Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences Clicking on bird icon gives more information Current version is information only – no cookie blocking

11 11 Chirping bird is privacy indicator

12 12 Click on the bird for more info

13 13 Privacy policy summary - mismatch

14 14 Users select warning conditions

15 15 Bird checks policies for embedded content

Download ppt "How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002"

Similar presentations

What Companies Need to Know about P3P

What Companies Need to Know about P3P
Web Privacy with P3P Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research July 2002

Web Privacy with P3P Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research July 2002
The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.

The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.
U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.
P3P 20031030 Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.

P3P Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.
P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.

P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.

Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Introduction to Privacy January.

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Introduction to Privacy January.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Introduction.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Introduction.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Introduction to Privacy January.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Introduction to Privacy January.
Lorrie Cranor 1 Introduction to P3P Lorrie Faith Cranor.

Lorrie Cranor 1 Introduction to P3P Lorrie Faith Cranor.
Lorrie Faith Cranor AT&T Labs-Research Online Privacy Promise or Peril?

Lorrie Faith Cranor AT&T Labs-Research Online Privacy Promise or Peril?
HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.

HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.
Different Streaming Technologies. Three major streaming technologies include:

Different Streaming Technologies. Three major streaming technologies include:
EValid Getting Started. Agenda Introduction to eValid First experience of using eValid Recording and Site Analysis in eValid.

EValid Getting Started. Agenda Introduction to eValid First experience of using eValid Recording and Site Analysis in eValid.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Deploying P3P on Web Sites October 7, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Deploying P3P on Web Sites October 7, 2008.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Similar presentations

Ads by Google