TY - GEN
T1 - A formal semantics for P3P
AU - Yu, Ting
AU - Li, Ninghui
AU - Antón, Annie I.
N1 - Publisher Copyright:
Copyright 2004 ACM.
PY - 2015/10/29
Y1 - 2015/10/29
N2 - The Platform for Privacy Preferences (P3P), developed by the W3C, provides an XML-based language for websites to encode their datacollection and data-use practices in a machine-readable form. To fully deploy P3P in enterprise information systems and over the Web, a well-defined semantics for P3P policies is a must, which is lacking in the current P3P framework. Without a formal semantics, a P3P policy may be semantically inconsistent and may be interpreted and represented differently by different user agents; it is difficult to determine whether a P3P policy is indeed enforced by an enterprise; and privacy policies from different corporations cannot be formally compared before information exchange. In this paper, we propose a relational formal semantics for P3P policies, which precisely and intuitively models the relationships between different components of P3P statements (i.e., collected data items, purposes, recipients and retentions) during online information collection. The proposed formal semantics is an important step towards improving P3P, making it more appropriate to be integrated with business practice and ultimately accelerating the large-scale adoption of P3P across the Internet.
AB - The Platform for Privacy Preferences (P3P), developed by the W3C, provides an XML-based language for websites to encode their datacollection and data-use practices in a machine-readable form. To fully deploy P3P in enterprise information systems and over the Web, a well-defined semantics for P3P policies is a must, which is lacking in the current P3P framework. Without a formal semantics, a P3P policy may be semantically inconsistent and may be interpreted and represented differently by different user agents; it is difficult to determine whether a P3P policy is indeed enforced by an enterprise; and privacy policies from different corporations cannot be formally compared before information exchange. In this paper, we propose a relational formal semantics for P3P policies, which precisely and intuitively models the relationships between different components of P3P statements (i.e., collected data items, purposes, recipients and retentions) during online information collection. The proposed formal semantics is an important step towards improving P3P, making it more appropriate to be integrated with business practice and ultimately accelerating the large-scale adoption of P3P across the Internet.
UR - http://www.scopus.com/inward/record.url?scp=84954090557&partnerID=8YFLogxK
U2 - 10.1145/1111348.1111349
DO - 10.1145/1111348.1111349
M3 - Conference contribution
AN - SCOPUS:84954090557
T3 - Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004
SP - 1
EP - 8
BT - Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004
A2 - Damiani, Ernesto
A2 - Maruyama, Hiroshi
PB - Association for Computing Machinery, Inc
T2 - Workshop on Secure Web Service, SWS 2004
Y2 - 29 October 2015
ER -