REFEREE Sample Policy 3

Scenario: This time we are not worried about the content of URLs but instead about what a remote host will do with information we submit. Therefore we consult PICS labels in rating services that rate URLs according to the site's treatment of private information submitted by users. In the following, a value less than 2 in in the "data-exchange" dimension of "http://www.e-trust.org/privacy-descriptions" indicates that the remote host gives no user-submitted data to anyone else. A value of 0 in the "personal-data-collected" dimension of "http://w3.org/privacy" indicates that no information at all is retained.
Policy in English: Get the PICS labels from the label bureau "http://label.com" about the document in two rating services. Allow viewing this URL only if 'data-exchange' rating is less than 2 and 'personal-data-collected' is equal to 0.
Output: FALSE because data-exchange is greater than 2. That PICS label is returned to justify the answer to be false.
Explanation: This policy uses labels from two services. In the first step, we load labels for URL by invoking "load-label" twice, once for each rating service; "load-label" adds statements to the statement-list. We then search the returned statements for labels using two rating services, E-Trust and w3.org's privacy service. Each pattern-match uses criteria specific to one rating service, and then the results of those two pattern-matches are combined using and. Thus, in order for the policy to be satisfied, there must be labels in both rating services.
In the previous sample policies, the requested document was downloaded and scanned for embedded labels, which would be used to decide whether or not to display the document. In a privacy application, what is at stake is our private information that could be passed to the remote host, including the fact that we accessed the site at all. For this reason, the user here has decided not to scan the document for labels (which would involve connecting to the remote site), but only to request labels separately from the document (from the bureau "http://labels.com," which the user trusts for this purpose). Using this policy, we won't even connect to the originally-requested remote site unless we've first decided that it is safe.
DIY: Do-It-Yourself: First you can change the 'data-exchange' rating to 1 to get a TRUE answer. Easy enought. Now change the rating back to 3 and change the combine operator from 'and' to 'or'. 'Or' operator returns true if any match returns true. So what should you get? 'TRUE' of course!

Action: URL:

Corresponding Profiles-0.92 policy for the action:
(invoke "load-label" STATEMENT-LIST "http://www.e-trust.org/privacy-descriptions" URL ("http://labels.com")) (invoke "load-label" STATEMENT-LIST "http://w3.org/privacy" URL ("http://labels.com")) (false-if-unknown (and (match (("load-label" *) (* ((version "PICS-1.1") * (service "http://www.e-trust.org/privacy-descriptions/") * (ratings (RESTRICT < data-exchange 2))))) STATEMENT-LIST) (match (("load-label" *) (* ((version "PICS-1.1") * (service "http://w3.org/privacy/") * (ratings (RESTRICT = personal-data-collected 0))))) STATEMENT-LIST)))

PICS labels being fetched:
(PICS-1.1 "http://www.e-trust.org/privacy-descriptions/" labels ratings (data-exchange 1)) (PICS-1.1 "http://w3.org/privacy/" labels ratings (personal-data-collected 0))

Yang-Hua Chu

Last modified: Fri Dec 13 14:32:33 EST