Presentation is loading. Please wait.

Presentation is loading. Please wait.

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002 http://lorrie.cranor.org/

Published byAda Carpenter Modified over 6 years ago

Similar presentations

Presentation on theme: "How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002 http://lorrie.cranor.org/"— Presentation transcript:

1 How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002

2 The Basics P3P provides a standard XML format that web sites use to encode their privacy policies Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set No special server software required

3 A simple HTTP transaction
Web Server GET /index.html HTTP/1.1 Host: . . . Request web page HTTP/ OK Content-Type: text/html . . . Send web page

4 … with P3P 1.0 added GET /w3c/p3p.xml HTTP/1.1 Web Server
Host: Request Policy Reference File Web Server Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: . . . Request web page HTTP/ OK Content-Type: text/html . . . Send web page

5 P3P deployment overview
Create a privacy policy Determine whether you want to have one P3P policy for your entire site or different P3P policies for different parts of your site Create a P3P policy (or policies) for your site Create a policy reference file for your site Configure your server for P3P Test your site to make sure it is properly P3P enabled

6 Creating a privacy policy
Name and contact information for your site The kind of access you provide Mechanisms for resolving privacy disputes The kinds of data you collect How collected data is used, and whether individuals can opt-in or opt-out of any of these uses Whether/when data may be shared Data retention policy Opt-in or opt-out opportunities

7 Generating a P3P policy and policy reference file
Edit by hand Cut and paste from an example Make sure you use P3P validator to check for errors Use a P3P policy generator IBM P3P policy editor

8 Helping user agents find your policy reference file
Place policy reference file in “well known location” /w3c/p3p.xml Most sites will do this Use special P3P HTTP header Recommended only for sites with unusual circumstances, such as those with many P3P policies Embed link tags in HTML files Recommended only for sites that exist as a directory on somebody else’s server (for example, a personal home page)

9 Compact policies Provide very short summary of full P3P policy for cookies Not required Must be used in addition to full policy May only be used with cookies Must commit to following policy for lifetime of cookies IE6 relies heavily on compact policies for cookie filtering – especially an issue for third-party cookies

10 AT&T Privacy Bird Free download of beta from “Browser helper object” for IE 5.01/5.5/6.0 Reads P3P policies at all P3P-enabled sites automatically Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences Clicking on bird icon gives more information Current version is information only – no cookie blocking

11 Chirping bird is privacy indicator

12 Click on the bird for more info

13 Privacy policy summary - mismatch

14 Users select warning conditions

15 Bird checks policies for embedded content

Download ppt "How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002 http://lorrie.cranor.org/"

Similar presentations

What Companies Need to Know about P3P

What Companies Need to Know about P3P
Web Privacy with P3P Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research July 2002

Web Privacy with P3P Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research July 2002
The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.

The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.
U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.
P3P 20031030 Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.

P3P Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.

Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Introduction to Privacy January.

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Introduction to Privacy January.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Introduction.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Introduction.
Coursework 2: getting started (4) – using PhoneGap to build mobile applications (optional) Chris Greenhalgh G54UBI / 2011-02-24.

Coursework 2: getting started (4) – using PhoneGap to build mobile applications (optional) Chris Greenhalgh G54UBI /
Lorrie Cranor 1 Introduction to P3P Lorrie Faith Cranor.

Lorrie Cranor 1 Introduction to P3P Lorrie Faith Cranor.
Different Streaming Technologies. Three major streaming technologies include:

Different Streaming Technologies. Three major streaming technologies include:
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Deploying P3P on Web Sites October 7, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Deploying P3P on Web Sites October 7, 2008.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Deploying P3P.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Deploying P3P.
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.

Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
An Analysis of P3P Deployment Hyun Jin Kim Sensitive Information in a Wired World November 11, 2003.

An Analysis of P3P Deployment Hyun Jin Kim Sensitive Information in a Wired World November 11, 2003.

Similar presentations

Ads by Google