Modeling P3P in OWL

Status of this document
This document evolved from some personal tinkering. It represents only the thoughts of the author and not any sort of recommendation or note by the W3C. The author hopes that these notes will be helpful in evaluating the issues and moving toward a popular solution. There is currently no commitment to maintain any particular version of this document. Future revisions are likely to replace this version, $Revision: 1.13 $. The author will maintain anchor tags within this document.
Thomas Roessler <>
A sample implementation.


This document describes an experimental approach for modeling P3P using OWL, i.e., using OWL as a metalanguage for both privacy preferences and policies. A sample implementation of a toy subset of P3P is presented.

Basic modeling

Atomic policies, and the matching approach

An atomic policy is a tuple consisting of a number of properties that identify rights granted by the atomic policy, and obligations that must be fulfilled when the rights are exercised. Policies and preferences are classes of atomic policies. One policy p1 is proven to enforce a policy p2 if and only if the following is proven:

p1 rdfs:subClassOf p2

Hence, the problem of matching policies and preferences is reduced to proving subclass relationships.

Rights and obligations

The properties that an atomic policy has can be divided into obligations and rights: The data that a policy applies to represent a right -- a policy that gives access to less data elements enforces another one that provides access to more data elements, but is otherwise the same. On the other hand, a policy that indicates that a service is willing to enter into more obligations enforces one where the service is willing to enter into less obligations.

The difference between rights and obligations has the following effect on modeling: Every atomic policy corresponds to precisely one access right (e.g., access a single resource for a single purpose), described by a number of functional properties. This enables us to describe the maximum rights granted by a policy by an owl:allValuesFrom restriction. On the other hand, there may be any number of obligations associated with a single such right. We use relational properties to model these rights. To describe the obligations that a service is willing to enter into (or that are required by the user), the intersection of a number of owl:someValuesFrom restrictions can then be used.

A sample implementation

We have prepared a sample implementation that models a toy subset of P3P in OWL.

Toy P3P

Our toy subset of P3P deals with the following aspects of policies, all modeled as classes:

This class represents the access to stored information that is granted to users. Subclasses include #AccessAll, #AccessIdentifiable, #AccessNone. Presently, there are no further structural relationships between these subclasses.
As a placeholder for the elaborate P3P data schema (which could be added here), we have classes #click-stream and #personal.
This class serves to specify the purpose of data collection. There is a subclass #PurposeDelivery (present purposes, and possibly delivery of goods) that in turn has a subclass #PurposeOurs (present purposes).

These aspects are connected to the base class for policies, #Policy, by functional properties #access, #data, and #purpose. Every #Policy has each of these properties.

An example policy

A simple example policy:

<owl:Class rdf:ID="samplePolicy">
      <owl:intersectionOf rdf:parseType="Collection">
	<!-- This is a policy -->
	<owl:Class rdf:about="&toy;Policy"/>

	<!-- We grant access to identifiable information -->
	  <owl:onProperty rdf:resource="&toy;access"/>
	  <owl:someValuesFrom rdf:resource="&toy;AccessIdentifiable"/>

	<!-- It applies to personal information -->
	  <owl:onProperty rdf:resource="&toy;data"/>
	  <owl:allValuesFrom rdf:resource="&toy;personal"/>
	<!-- Collected for "our" purpose -->
	  <owl:onProperty rdf:resource="&toy;purpose"/>
	  <owl:allValuesFrom rdf:resource="&toy;PurposeOurs"/>

Thomas Roessler
$Id: Overview.html,v 1.13 2005/07/21 15:39:11 roessler Exp $