original idea behind p3p original idea behind p3p
play

Original Idea behind P3P Original Idea behind P3P n A framework for - PDF document

Apr 07, 2024 •347 likes •700 views

P3P: Introduction Original Idea behind P3P Original Idea behind P3P n A framework for automated privacy discussions Web sites disclose their privacy practices in standard machine-readable formats Web browsers automatically retrieve P3P

  1. P3P: Introduction Original Idea behind P3P Original Idea behind P3P n A framework for automated privacy discussions ´ Web sites disclose their privacy practices in standard machine-readable formats ´ Web browsers automatically retrieve P3P privacy policies and compare them to users’ privacy preferences ´ Sites and browsers can then negotiate about privacy terms 1 P3P: Introduction P3P history P3P history n Idea discussed at November 1995 FTC meeting n Ad Hoc “Internet Privacy Working Group” convened to discuss the idea in Fall 1996 n W3C began working on P3P in Summer 1997 ´ Several working groups chartered with dozens of participants from industry, non-profits, academia, government ´ Numerous public working drafts issued, and feedback resulted in many changes ´ Early ideas about negotiation and agreement ultimately removed ´ Automatic data transfer added and then removed ´ Patent issue stalled progress, but ultimately became non-issue n P3P issued as official W3C Recommendation on April 16, 2002 ´ http://www.w3.org/TR/P3P/ 2 1

  2. P3P: Introduction P3P1.0 – – A first step A first step P3P1.0 n Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format ´ Can be deployed using existing web servers n This will enable the development of tools that: ´ Provide snapshots of sites’ policies ´ Compare policies with user preferences ´ Alert and advise the user 3 P3P: Introduction The basics The basics n P3P provides a standard XML format that web sites use to encode their privacy policies n Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site n Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set n No special server software required n User software to read P3P policies called a “P3P user agent” 4 2

  3. P3P: Introduction P3P1.0 Spec Defines P3P1.0 Spec Defines n A standard vocabulary for describing set of uses, recipients, data categories, and other privacy disclosures n A standard schema for data a Web site may wish to collect (base data schema) n An XML format for expressing a privacy policy in a machine readable way n A means of associating privacy policies with Web pages or sites n A protocol for transporting P3P policies over HTTP 5 P3P: Introduction A simple HTTP transaction A simple HTTP transaction Web Server GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page 6 3

  4. P3P: Introduction … with P3P 1.0 added with P3P 1.0 added … GET /w3c/p3p.xml HTTP/1.1 Web Host: www.att.com Server Request Policy Reference File Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page 7 P3P: Introduction Transparency Transparency n P3P clients can http://www.att.com/accessatt/ check a privacy policy each time it changes n P3P clients can check privacy policies on all objects in a web page, including ads and invisible images http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE 8 4

  5. P3P: Introduction P3P in IE6 P3P in IE6 Automatic processing of compact policies only; third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears 9 P3P: Introduction Users can click on privacy icon for list of cookies; privacy summaries are available at sites that are P3P-enabled 10 5

  6. P3P: Introduction Privacy summary report is generated automatically from full P3P policy 11 P3P: Introduction P3P in Netscape 7 P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie 12 6

  7. P3P: Introduction Users can view English translation of (part of) compact policy in Cookie Manager 13 P3P: Introduction A policy summary can be generated automatically from full P3P policy 14 7

  8. P3P: Introduction AT&T Privacy Bird AT&T Privacy Bird n Free download of beta from http://www.privacybird.com/ n “Browser helper object” for IE 5.01/5.5/6.0 n Reads P3P policies at all P3P-enabled sites automatically n Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences n Clicking on bird icon gives more information n Current version is information only – no cookie blocking 15 P3P: Introduction Users select warning conditions Users select warning conditions 16 8

  9. P3P: Introduction Bird checks policies for embedded content Bird checks policies for embedded content 17 P3P: Introduction Why web sites adopt P3P Why web sites adopt P3P n Demonstrate corporate leadership on privacy issues ´ Show customers they respect their privacy ´ Demonstrate to regulators that industry is taking voluntary steps to address consumer privacy concerns n Distinguish brand as privacy friendly n Prevent IE6 from blocking their cookies n Anticipation that consumers will soon come to expect P3P on all web sites n Individuals who run sites value personal privacy 18 9

  10. P3P: Introduction P3P early adopters P3P early adopters n News and information sites – CNET, About.com, BusinessWeek n Search engines – Yahoo, Lycos n Ad networks – DoubleClick, Avenue A n Telecom companies – AT&T n Financial institutions – Fidelity n Computer hardware and software vendors – IBM, Dell, Microsoft, McAfee n Retail stores – Fortunoff, Ritz Camera n Government agencies – FTC, Dept. of Commerce, Ontario Information and Privacy Commissioner n Non-profits - CDT 19 P3P: Enabling your web site – overview and options P3P deployment overview P3P deployment overview 1. Create a privacy policy 2. Analyze the use of cookies and third-party content on your site 3. Determine whether you want to have one P3P policy for your entire site or different P3P policies for different parts of your site 4. Create a P3P policy (or policies) for your site 5. Create a policy reference file for your site 6. Configure your server for P3P 7. Test your site to make sure it is properly P3P enabled 20 10

  11. P3P: Enabling your web site – overview and options What’ ’s in a P3P policy? s in a P3P policy? What n Name and contact information for site n The kind of access provided n Mechanisms for resolving privacy disputes n The kinds of data collected n How collected data is used, and whether individuals can opt-in or opt-out of any of these uses n Whether/when data may be shared and whether there is opt-in or opt-out n Data retention policy 21 P3P: Enabling your web site – overview and options One policy or many? One policy or many? n P3P allows policies to be specified for individual URLs or cookies n One policy for entire web site (all URLs and cookies) is easiest to manage n Multiple policies can allow more specific declarations about particular parts of the site n Multiple policies may be needed if different parts of the site have different owners or responsible parties (universities, CDNs, etc.) 22 11

  12. P3P: Enabling your web site – overview and options Third-party content Third-party content n Third-party content should be P3P- enabled by the third-party n If third-party content sets cookies, IE6 will block them by default unless they have P3P compact policy n Your first-party cookies may become third-party cookies if your site is framed by another site, a page is sent via email, etc. 23 Cookies and P3P Cookies and P3P n P3P policies must declare all the data stored in a cookie as well as any data linked via the cookie n P3P policies must declare all uses of stored and linked cookie data n Sites should not declare cookie-specific policies unless they are sure they know where their cookies are going! ´ Watch out for domain-level cookies ´ Most sites will declare broad policy that covers both URLs and cookies 24 12

  13. P3P: Enabling your web site – overview and options Generating a P3P policy Generating a P3P policy n Edit by hand ´ Cut and paste from an example n Use a P3P policy generator ´ Recommended: IBM P3P policy editor http://www.alphaworks.ibm.com/tech/p3peditor n Generate compact policy and policy reference file the same way (by hand or with policy editor) n Get a book ´ Web Privacy with P3P by Lorrie Faith Cranor http://p3pbook.com/ 25 P3P: Enabling your web site – overview and options VI. P3P Deployment – Client Examples IBM P3P Policy Editor IBM P3P Policy Editor Sites can list the types of data they collect And view the corresponding P3P policy 26 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TDD of toEnglish Justin Pearson 1 Introduction This is not an original idea. I found the idea on

TDD of toEnglish Justin Pearson 1 Introduction This is not an original idea. I found the idea on

TDD of toEnglish Justin Pearson 1 Introduction This is not an original idea. I found the idea on the web in an article 1 written by Colin Angus Mackay. The idea is to write a function that given a number between 0 and 999 inclusive returns a

348 views • 14 slides
Held Hostage? The Influence of Major ASes and CDNs on the Internet Original Idea The

Held Hostage? The Influence of Major ASes and CDNs on the Internet Original Idea The

Held Hostage? The Influence of Major ASes and CDNs on the Internet Original Idea The Internet is strongly hierarchical Original maps ( Rexford 2001 ) show the Inner Core lies in fs ee - speech countries US, France, Sweden But the

557 views • 16 slides
The single biggest mistake writers make is that the story idea the writer comes up with is not

The single biggest mistake writers make is that the story idea the writer comes up with is not

The single biggest mistake writers make is that the story idea the writer comes up with is not original. The 1 st key to success: an original idea professionally told is an unbeatable combination. 1. No clear goal for the hero, with a specific

591 views • 20 slides
A mind once stretched by a new idea never regains its original dimensions . Thank You! For

A mind once stretched by a new idea never regains its original dimensions . Thank You! For

A mind once stretched by a new idea never regains its original dimensions . Thank You! For all the minds you have shaped! Wheatland J1 School District Retiree Recognition 2013 Dian Lynch Joined Wheatland 11-17-2004 Served as Title

110 views • 9 slides
BLESSINGS N O E M I A N D J O J O ORIGINAL IDEA Originally we were going to make a card game

BLESSINGS N O E M I A N D J O J O ORIGINAL IDEA Originally we were going to make a card game

BLESSINGS N O E M I A N D J O J O ORIGINAL IDEA Originally we were going to make a card game that would just be used in the guidance office. In this game it would focus more on mediation and helping out kids who were depressed, anxious, or

299 views • 11 slides
CHOC COATED LIQUORICE CHOC COATED LIQUORICE THE ORIGINAL LAKRIDS A was the fj rst product

CHOC COATED LIQUORICE CHOC COATED LIQUORICE THE ORIGINAL LAKRIDS A was the fj rst product

CHOC COATED LIQUORICE CHOC COATED LIQUORICE THE ORIGINAL LAKRIDS A was the fj rst product developed when Johan Blow had the original idea to coat liquorice with chocolate. People was at fj rst skeptic about the idea, but the popular product a

461 views • 33 slides
Tranquil Hans Hu, John Hu, Injay Song The original idea was to make a robot that finds the

Tranquil Hans Hu, John Hu, Injay Song The original idea was to make a robot that finds the

Tranquil Hans Hu, John Hu, Injay Song The original idea was to make a robot that finds the quietest spot in the room. There would be 3 sound sensors to direct the robot to the quietest place. The input from an ultrasonic sensor would override

356 views • 10 slides
Photoshop Workshop By Nate Kong Original Cropped Original Filters Original B&W Original

Photoshop Workshop By Nate Kong Original Cropped Original Filters Original B&W Original

Photoshop Workshop By Nate Kong Original Cropped Original Filters Original B&W Original With Text Picture 1 Picture 2 Combined My Picture Multi-Layers Original Diamond Mask My Short Movie, Starring Tyler Mangini Sources

367 views • 11 slides
Class Imbalance Multiclass Problems General Idea Original D Training data .... Step 1:

Class Imbalance Multiclass Problems General Idea Original D Training data .... Step 1:

Ensemble Learning Class Imbalance Multiclass Problems General Idea Original D Training data .... Step 1: Create Multiple D 2 D 1 D t-1 D t Data Sets Step 2: Build Multiple C 1 C 2 C t -1 C t Classifiers Step 3: Combine C *

865 views • 35 slides
Vision Tracking Benjamin Newman 3pm, 28 April 2011 Cofrin Hall, rm 209 Original idea A robot

Vision Tracking Benjamin Newman 3pm, 28 April 2011 Cofrin Hall, rm 209 Original idea A robot

Vision Tracking Benjamin Newman 3pm, 28 April 2011 Cofrin Hall, rm 209 Original idea A robot that tracks faces CMUcam3 Camera and microcontroller Programmable Code and compile on PC Code Compile Flash to CMUcam3 spoonBot

399 views • 36 slides
What is abstraction? What is abstraction? Workable answer a blurring of details Idea:

What is abstraction? What is abstraction? Workable answer a blurring of details Idea:

What is abstraction? What is abstraction? Workable answer a blurring of details Idea: agree to ignore certain details ( for now ) e.g., with procedural abstraction idea is to convert original problem to a series of simpler

229 views • 12 slides
G2-1 Two Key Features Further details: void 1. The name of the function and The keyword void has

G2-1 Two Key Features Further details: void 1. The name of the function and The keyword void has

Big Idea for Code: Functions Deceptively Simple Big Idea One idea One definition, many uses One idea One definition, many uses One idea Identify a sub-problem that has to be solved in your One idea One definition, many uses

380 views • 6 slides
PIPs guide to COVID-19 for early years children Based on an original idea by Maneula Molina

PIPs guide to COVID-19 for early years children Based on an original idea by Maneula Molina

PIPs guide to COVID-19 for early years children Based on an original idea by Maneula Molina @mindheart.kids www.mindheart.co HELLO! My name is PIP You may have seen me before out and about in town. I like to help children and their

204 views • 16 slides
Why Feynman Feynmans Approach: . . . First Idea: An . . . Second Idea: . . . Path

Why Feynman Feynmans Approach: . . . First Idea: An . . . Second Idea: . . . Path

Why Use Quantum . . . Need for Quantization Why Feynman Feynmans Approach: . . . First Idea: An . . . Second Idea: . . . Path Integration? Third Idea: Maximal . . . Fourth Idea: . . . Jaime Nava 1 , Juan Ferret 2 , and Vladik Kreinovich 1

402 views • 15 slides
Idea Pitch Each of you will pitch one idea 60

Idea Pitch Each of you will pitch one idea 60

1/19/15 Background for January 27/28 classes IDEA SELECTION AND TEAM FORMATION Idea Pitch Each of you will pitch one idea 60 seconds

452 views • 6 slides
Davis & Putnam Procedure (DP) dp Revision: 1.11 1 dates back to the 50ies: original

Davis & Putnam Procedure (DP) dp Revision: 1.11 1 dates back to the 50ies: original

Davis & Putnam Procedure (DP) dp Revision: 1.11 1 dates back to the 50ies: original version is resolution based (less successful) idea: case analysis (try x = 0 , 1 in turn and recurse) most successful SAT solvers (autumn 2003)

475 views • 20 slides
Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology

Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology

Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor http://lorrie.cranor.org/courses/sp04/ Current events Current events n Gmail

883 views • 31 slides
Accelerating Resilient Power in Connecticut and New York Hosted by Todd Olinsky-Paul, Project

Accelerating Resilient Power in Connecticut and New York Hosted by Todd Olinsky-Paul, Project

Clean Energy States Alliance State Leadership in Clean Energy Webinar Series Accelerating Resilient Power in Connecticut and New York Hosted by Todd Olinsky-Paul, Project Director, CESA Tuesday, December 16, 2014 About CESA Clean Energy

745 views • 51 slides
A Low-Latency Multi-Version Key-Value Store Using B-tree on an FPGA-CPU Platform Yuchen Ren ,

A Low-Latency Multi-Version Key-Value Store Using B-tree on an FPGA-CPU Platform Yuchen Ren ,

A Low-Latency Multi-Version Key-Value Store Using B-tree on an FPGA-CPU Platform Yuchen Ren , Jinyu Xie, Yunhui Qiu, Hankun Lv, Wenbo Yin, Lingli Wang State Key Laboratory of ASIC and System, Fudan University Bowei Yu, Hua Chen, Xianjun He,

495 views • 13 slides
(Online) Search and Competition Justus Haucap Rome, 25 June 2015 The

(Online) Search and Competition Justus Haucap Rome, 25 June 2015 The

(Online) Search and Competition Justus Haucap Rome, 25 June 2015 The Google Case(s) - Allegations Search Bias: Organic search results are biased so that Googles

563 views • 10 slides
SOFTWARE ENGINEERING I 1st lecture Contact info Page: http://kimutis.lt Emails:

SOFTWARE ENGINEERING I 1st lecture Contact info Page: http://kimutis.lt Emails:

SOFTWARE ENGINEERING I 1st lecture Contact info Page: http://kimutis.lt Emails: donataskimutis@gmail.com Vytautas.Aseris@gmail.com In the subject of the email, provide this: string.Concat( PSI I: ", Your

841 views • 41 slides
Webinar Participants 2 1 Mechanics of the Seminar 3 The webinar is being recorded, the URL

Webinar Participants 2 1 Mechanics of the Seminar 3 The webinar is being recorded, the URL

Webinar Participants 2 1 Mechanics of the Seminar 3 The webinar is being recorded, the URL will be sent out to participants and posted at www.coe-sufs.org Participants from the US and Canada can: Use Adobe Connect to receive the

627 views • 24 slides
Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet

Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet

Good morning! Internet, Web, Intranets, and Extranets Use and Functioning of the Internet Internet is international scope with users on every continent Asians make up 40% of Internet population Europeans about 20% North America

1.01k views • 56 slides
Educating Consumers on Electric Vehicles: What Utilities Have Learned Advanced Energy Economy

Educating Consumers on Electric Vehicles: What Utilities Have Learned Advanced Energy Economy

Educating Consumers on Electric Vehicles: What Utilities Have Learned Advanced Energy Economy Webinar September 18, 2019 Transforming Policy. Expanding Markets. 0 Educating Consumers on Electric Vehicles: What Utilities Have Learned

997 views • 31 slides

More recommend