Ambiguities in P3P 1.0

The following is a proposal for future work on P3P submitted following the November 2002 Workshop on the Future of P3P

Purpose

A P3P policy should make clear what recipient is allowed to perform what purpose on which data element. In addition, it should define what data can be collected, whether it needs to be anonymized at collection, and how long can it be retained.

A P3P policy should make clear what recipient is allowed to perform what purpose on which data element. In addition, it should define what data can be collected, whether it needs to be anonymized at collection, and how long can it be retained.

Scope

The following issues should be clarified:

1. Overlapping Statements: What is the meaning of overlapping statements. In particular if some have opt-in opt-out, some haven't.
2. Meaning of non-identifiable: It is unclear what an non-identifiable element means.

Resources

1. Matthias Schunter
2. Review and proposed changes to the P3P 1.0 Specification
3. Aiming at an addenum to 1.0 that clarifies these issues.

Time Frame

N/A

Last update $Date: 2003/03/17 09:50:38 $ by $Author: rigo $