How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002 http://lorrie.cranor.org/

Slides:

Advertisements

Similar presentations

What Companies Need to Know about P3P

Advertisements

Web Privacy with P3P Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research July 2002

The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.

P3P Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Introduction to Privacy January.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Introduction.

Coursework 2: getting started (4) – using PhoneGap to build mobile applications (optional) Chris Greenhalgh G54UBI /

Lorrie Cranor 1 Introduction to P3P Lorrie Faith Cranor.

Different Streaming Technologies. Three major streaming technologies include:

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Deploying P3P on Web Sites October 7, 2008.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Deploying P3P.

Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.

An Analysis of P3P Deployment Hyun Jin Kim Sensitive Information in a Wired World November 11, 2003.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

Introduction to Nvu Jing Fu. What is nVu? Free web design and development tool WYSIWYG (/wiziwig/) software Other similar tools: Dreamweaver, Googlepages.

Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

P3P A New Standard in Online Privacy Overview and Demos from Summer 2000.

Create Your Own Webpage. Fun with images Today we’ll cover –Working with images Including an image on your page Making the image a link Editing images.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 P3P I Week 6 - October.

1 Session 1: Introduction to HTML Spring Today’s Agenda Cover useful terminology for today’s session HTML, browsers, servers, etc. HTML Tags Get.

Computers and Society Carnegie Mellon University Spring 2005 Lorrie Cranor and Dave Farber 1 Privacy Week 9 - March.

Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.

The Future of P3P Ari Schwartz Center for Democracy and Technology Lorrie Faith Cranor AT&T Labs-Research November 2002.

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002

P3P & Internet Explorer 6.0 New York – Feb. 4, 2002.

CPSC 203 Introduction to Computers Lab 23 By Jie Gao.

1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.

User Interfaces for Privacy Design and Evaluation of the AT&T Privacy Bird P3P User Agent Lorrie Faith Cranor AT&T Labs-Research

P3P: User Empowerment Tools for Web Privacy Daniel J. Weitzner World Wide Web Consortium 23 April 2001 National Association of Attorneys General.

Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Introduction to P3P Week.

U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.

Integrating and Troubleshooting Citrix Access Gateway.

The Platform for Privacy Preferences (P3P) Workshop on the Relationship between Privacy and Security Lorrie Faith Cranor P3P Specification Working Group.

AT&T Privacy Bird Screen Shots For more information see

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Introduction to P3P October 2, 2008.

Module: Software Engineering of Web Applications Chapter 2: Technologies 1.

 A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests.

Session 1: Introduction to HTML Fall Today’s Agenda Talk about the functions of the Internet Cover useful terminology for today’s session HTML,

Create Course with video lesson. Course Coverage What covered in this course? Video lesson creation – Using external site embed iframe tag – Using third.

CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.

Emdeon Office Batch Management Services This document provides detailed information on Batch Import Services and other Batch features.

4.01 How Web Pages Work.

4.01 How Web Pages Work.

Essential tools for implementing and testing websites

Chapter 8 Browsing and Searching the Web

Visualizing Privacy I March 7, 2006.

Browsing and Searching the Web

Latest Updates on BlackHawk Mines Music : Privacy Policy

Web Caching? Web Caching:.

Using SSL – Secure Socket Layer

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Configuring Internet-related services

HTTP Request Method URL Protocol Version GET /index.html HTTP/1.1

Kevin Harville Source: Webmaster in a Nutshell, O'Rielly Books

4.01 How Web Pages Work.

4.01 How Web Pages Work.

The Platform for Privacy Preferences Project

Presentation transcript:

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002 http://lorrie.cranor.org/

The Basics P3P provides a standard XML format that web sites use to encode their privacy policies Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set No special server software required

A simple HTTP transaction Web Server GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page

… with P3P 1.0 added GET /w3c/p3p.xml HTTP/1.1 Web Server Host: www.att.com Request Policy Reference File Web Server Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page

P3P deployment overview Create a privacy policy Determine whether you want to have one P3P policy for your entire site or different P3P policies for different parts of your site Create a P3P policy (or policies) for your site Create a policy reference file for your site Configure your server for P3P Test your site to make sure it is properly P3P enabled

Creating a privacy policy Name and contact information for your site The kind of access you provide Mechanisms for resolving privacy disputes The kinds of data you collect How collected data is used, and whether individuals can opt-in or opt-out of any of these uses Whether/when data may be shared Data retention policy Opt-in or opt-out opportunities

Generating a P3P policy and policy reference file Edit by hand Cut and paste from an example Make sure you use P3P validator to check for errors http://www.w3.org/P3P/validator/ Use a P3P policy generator IBM P3P policy editor http://www.alphaworks.ibm.com/tech/p3peditor

Helping user agents find your policy reference file Place policy reference file in “well known location” /w3c/p3p.xml Most sites will do this Use special P3P HTTP header Recommended only for sites with unusual circumstances, such as those with many P3P policies Embed link tags in HTML files Recommended only for sites that exist as a directory on somebody else’s server (for example, a personal home page)

Compact policies Provide very short summary of full P3P policy for cookies Not required Must be used in addition to full policy May only be used with cookies Must commit to following policy for lifetime of cookies IE6 relies heavily on compact policies for cookie filtering – especially an issue for third-party cookies

AT&T Privacy Bird Free download of beta from http://www.privacybird.com/ “Browser helper object” for IE 5.01/5.5/6.0 Reads P3P policies at all P3P-enabled sites automatically Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences Clicking on bird icon gives more information Current version is information only – no cookie blocking

Chirping bird is privacy indicator

Click on the bird for more info

Privacy policy summary - mismatch

Users select warning conditions

Bird checks policies for embedded content