WS-Privacy Paul Bui Ryan Dickey
Agenda • WS-Privacy • Introduction to P3P • How P3P Works • P3P Details • A P3P Scenario • Conclusion • References
Introduction to WS-Privacy • Organizations create, manage and use web services • These organizations need to state their privacy policies • They also need to require that incoming requests adhere to these policies
P3P Still Under Development • The specification will describe a model for how a privacy language may be embedded into WS-Policy descriptions • WS-Security will associate privacy claims with a message • WS-Trust mechanisms can be used to evaluate these privacy claims for both user preferences and organizational practice claims
New Name! • WS-Privacy is currently implemented as the Platform for Privacy Preferences Project 1.0 Specification (P3P1.0) • This provides a model for how privacy preferences and organizational privacy practices are conveyed.
Platform for PrivacyPreferences Project • Also known as P3P • A simple, automated way for users to gain more control over the use of their personal information on websites • Basically a set of multiple-choice questions covering all major aspects of a website’s privacy policies
How P3P Works • P3P-enabled websites state their privacy policies in a standard, machine-readable format (XML) • P3P-enabled browsers can "read" this snapshot automatically and compare it to the consumer's own set of privacy preferences
A P3P Scenario homepage catalog checkout P3P Policy
P3P Policy Elements • <ENTITY> gives a precise description of the legal entity making the representation of the privacy practices. • <ACCESS> indicates whether the site provides access to various kinds of information.
P3P Policy Elements cont’d • <DISPUTES> describes dispute resolution procedures that may be followed for disputes about a services' privacy practices, or in case of protocol violation. • Each <DISPUTES> element SHOULD contain a <REMEDIES> element that specifies the possible remedies in case a policy breach occurs.
P3P Policy Elements (cont’d) • <STATEMENT> is a container that groups together a <PURPOSE>, a <RECIPIENT>, a <RETENTION>, a <DATA-GROUP>, and optionally a <CONSEQUENCE> • A statement concerns the data practices as applied to data elements (e.g., data collection)
P3P Policy Elements cont’d • A <STATEMENT> may contain <NON-IDENTIFIABLE>, signifying that there is no data collected under this <STATEMENT>, or that all of the data referenced by that <STATEMENT> will be anonymized upon collection • <CONSEQUENCE> explains why the suggested practice may be valuable in a particular instance
P3P Policy Elements cont’d • A <PURPOSE> must contain one or more purposes for data collection • E.g. • <current/> to complete current activity (e.g. web search results) • <admin/> to administrate the site • <historical/> historical preservation • <telemarketing/> used to contact individual about promotions and etc.
P3P Policy Elements cont’d • <RECEPIENT> is the legal entity, or domain, beyond the service provider and its agents where data may be distributed • <RETENTION> is the type of retention policy of the data • <no-retention/> • <indefinitely/>
P3P Policy Elements cont’d • <CATEGORIES> are elements inside data elements that provide hints to users and user agents as to the intended uses of the data. • <physical/> physical contact info • <online/> online contact info • <purchase/> method of payment • <demographic/> gender, age, income, etc. • <health/> to aid purchasing of healthcare products • etc.
P3P Example • http://www.w3.org/TR/P3P/ #Example_policy a step by step example of implementing p3p
P3P-Enabled Examples • Yahoo! • About • Angelfire • Dell • Netscape 7 • IE 6 (cookie element only)
Demo 1 • Show the P3P documents in action at a live site
Demo 2 • Show the P3P policies in action at a live site • Demonstrate a policy of requiring cookies to be enabled (e.g., PayPal) running against a browser with cookie settings turned on and off
P3P Adoption • Ernst & Young report (Jan. 2004) on P3P adoption rates: • 23% of the Top 500 web domains • 31% of the Top 100 web domains • 50% of the top health domains • 64% of the top ___ domains
P3P Caveats • P3P does not enforce adherence to privacy policies • P3P cannot monitor whether sites adhere to their own stated practices • Thus users do not know whether their policy preferences are actually being enforced
Conclusion • P3P is a system for making Web site privacy policies machine-readable • P3P enhances user control by putting privacy policies where users can find them, in a form users can understand, and enables users to act on what they see. (e.g., a popup)
Primary References • http://www.w3.org/P3P/ the comprehensive page for P3P • http://www.w3.org/TR/P3P/ the current P3P technical specification
Secondary References • http://www.serviceoriented.org/ ws-privacy.html • a summary of WS-privacy • http://wdvl.internet.com/Internet/Security/P3P/ • a sample P3P page • http://www.ey.com/global/download.nsf/US/P3P_Dashboard_-_January_2004/$file /E&YTop500P3PDashboard.pdf • statistical information
Tools • tool1 • tool2 • tool3