W3C P3PTechnology and Society Domain

Activity Proposal: Privacy Activity renewal in the Technology and Society Domain

1. Executive Summary

This document sets the stage for the continuation of development and support for the World Wide Web Consortium (W3C) ongoing work on Platform for Privacy Preferences (P3P) technologies. In the first phase of this work, W3C released one Recommednation Platform for Privacy Preferences (P3P) 1.0 and provided materials in support of the technical, business, and legal issues associated with P3P deployment. This is a proposal to cover work and allocation of resources for a P3P 1.1 Specification and related work items.

P3P 1.0 provides a solid foundation for the expression of privacy practices of Web-sites. However, a number of critical requirements dating back to the original P3P Working Group Charter of 1997 remain to be accomplished, and other goals developed as a result of P3P implementations, of feedback from the community and from our recent Workshop on the future of P3P remain to be met. The Privacy Activity was already renewed in 1998. With P3P 1.0 in hand, we see effective transparency emerging on the Web. The Privacy Activity will allow users to control the flow of data to Web sites, based on their privacy preferences and on the Web sites' privacy policies. It seems very desirable to maintain the present P3P 1.0 Recommendation, and to further develop this technology.

The work-items will include the development of complementary vocabulary, notably to cover needs from the EU Data Protection Directive. The Activity will also take up new challenges to privacy by emerging technologies like Web Services, the underlying SOAP - layer, and single-sign-on systems like Liberty Alliance or MS Passport - to the extent that there is a quick solution.

2. Current Status

W3C issued P3P 1.0 as a Recommendation on 16 April 2002. In the time since P3P 1.0 Recommendation was released, we have seen P3P deployment reach over 25% of the top 100 websites. Over 85% of Web users have access to P3P features through their user agents. Information gathered at the first of two workshops on the Future of P3P indicates need to continue the development of P3P specifications. The first workshop yielded three important motivations for continued work:

Addressing these needs will help increase the deployment and utility of P3P, and provide both businesses and indivldual users with a common framework for addressing privacy across a growing range of Web-related technologies.

3. Activity Proposal

The implementation experience collected by the Specification WG and supported by presentations at the recent workshop showed a need for some minor additions and adjustments to the vocabulary. Most importantly, the group continues to receive feedback for fixes on the compact policy format. Furthermore, there is some more work to be done to write some of the data-structure of P3P in XML-Schema. New challenges to privacy come from a set of emerging technologies and have to be covered quickly to be taken up from the beginning of their implementation. Web Services have to be privacy aware as well as the underlying SOAP - Layer. Efforts such as Liberty Alliance indicate that the growing interest in single-sign-on has to be addressed. To make a wide range of XML-Specification privacy-aware, it is proposed to develop a generic binding mechanism outside the only HTTP-binding existing nowadays. In addition, we plan a second workshop on long-term goals and major challenges will take place in Kiel, Germany, in June 2003.

The proposed activity includes:

4. Duration

The Privacy Activity will run 16 months from March 2003 until July 2004.

5. Resource Statement

W3C Resource Commitment

The Privacy Activity will use one staff-person years and some time from the domain lead for the duration of this briefing package. Here is the resource allocation:

Activity Lead: 80%
Staff Editor: 20%
Domain leader: 20%

These staff resources are contingent upon there being sufficient member participation in the various working groups to justify this level of W3C resource commitment.


Rigo Wenning (rigo@w3.org), Privacy Activity Lead