W3C WD-P3P-19981109



Platform for Privacy Preferences (P3P1.0)

W3C Working Draft 9-November-1998


This Version 
Latest Version: 
Previous Version 
Massimo Marchiori, W3C, (massimo@w3.org)
Joseph Reagle, W3C, (reagle@w3.org)
Dan Jaye, Engagetech (djaye@engagetech.com)

Status of This Document 

This is the third W3C public working draft for review by W3C members and other interested parties. This document has been produced as part of the P3P Activity, and will eventually be advanced toward W3C Recommendation status. It is inappropriate to use W3C Working Drafts as reference material or to cite them as other than "work in progress." The underlying concepts of the draft are fairly stable and we encourage the development of experimental implementations and prototypes so as to provide feedback on the specification. However, this Working Group will not allow early implementations to affect their ability to make changes to future versions of this document.

This draft document will be considered by W3C and its members according to W3C process. This document is made public for the purpose of receiving comments that inform the W3C membership and staff on issues likely to affect the implementation, acceptance, and adoption of P3P.

Send comments to www-p3p-public-comments@w3.org (archived at http://lists.w3.org/Archives/Public/www-p3p-public-comments).


Copyright ©  1998 W3C (MIT, INRIA, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply.

Attention is called to the possibility that implementation of this Technical Report may require use of subject matter covered by patent rights. By publication of this Technical Report, no position is taken with respect to the existence or validity of any patent rights in connection therewith. The W3C shall not be responsible for identifying patent rights for which a license may be required to implement a W3C Technical Report or for conducting inquiries into the existence, legal validity or scope of those patent rights that are brought to its attention.

The P3P 1.0 specification consists of three documents. P3P1.0 compliant implementations must abide by the conformance requirements of each.

Syntax  Specification
This is the core and lengthiest specification; it documents the requirements, assumptions, and specifies the P3P protocols, transport methods, and the data structures' syntax and encoding.  http://www.w3.org/TR/1998/WD-P3P-19981109/syntax
The actual attribute values for privacy disclosures and data element (names of the information exchanged, like "User.Name")  are specified in the following two documents.
Harmonized Vocabulary Specification
This document specifies the English language semantics for privacy related disclosures such as categories, purpose, identifiable use, recipients, and access.
Base Data Set Specification
This document specifies the names of base P3P data elements, sets, and their data types.

We have seperated this specification into three documents for readability purposes and for version migration. For instances, if changes were made to the harmonized vocabulary in the beginning of 1999, version P3P1.1 could be specified with a document akin to this one, but with:

  1. Its own URI (name space):
  2. A different URI (name space) for the Harmonized vocabulary:
  3. The same URIs  (namespaces) for the Syntax and Base Data Set:


Master Table of Contacts

Syntax Specification

  1. Introduction
    1. Problem space
    2. About this specification
    3. Conformance requirements
    4. Operational description and design
    5. Terminology
    6. Assumptions
  2. Agreement scenarios
    1. No existing agreement, site sends proposal and requests PUID
    2. Existing realm agreement
    3. Existing realm agreement, new proposal
    4. Service wants data from client repository
  3. Transport, primitives and reason codes
    1. Data transport
    2. P3P requests
    3. Negotiation primitives
      1. Success (OK)
      2. Here's A Proposal (PROP)
      3. Sorry (SRY)
      4. Transmit Data (TXD)
      5. Ending negotiation with final
      6. Syntax of negotiation primitives
    4. Reason codes definition
      1. Success codes
      2. Rejection codes
      3. Error codes
  4. P3P markup and processing
    1. Example proposal
      1. English language proposal
      2. XML/RDF encoding
    2. Proposals
      1. Proposal structure: the PROP element:
      2. Processing Realms and URI's
      3. Soliciting user info: the source attribute
      4. Attesting to a proposal: the ASSURANCE element:
    3. Statements
      1. Privacy statements: the STATEMENT element
      2. General disclosures: the VOC:DISCLOSURE element
    4. Data References
      1. Referencing data: the REF element
      2. Prefixing references: the <WITH><PREFIX> elements
      3. Describing references: the category attribute
      4. Client side writes: the action attribute
      5. Unambiguous optional elements and purposes
      6. Creating new data sets
        1. Data definition
        2. Data schema format
  5. Appendices
    Appendix 1: References (Normative)
    Appendix 2: Fingerprints and Canonicalization (Normative)
    Appendix 3: Line-flow Scenario (Non-normative)
    Appendix 4: ABNF Notation (Non-normative)
    Appendix 5: Working Group Contributors (Non-normative)

Harmonized Privacy Vocabulary Specification

  1. Introduction
  2. Compliance Requirements
  3. Definitions
  4. Data Categories: a type, or quality of specific data element such as last_name.
  5. Data Collection Purposes:  the purpose of the data collection
  6. Qualifications on Purposes: additional information on how the purpose is realized
  7. General Disclosures: describe the user's capabilities to further understand a service provider's practices
  8. References
  9. Acknowledgements

Base Data Set and Data Types Specification

  1. Required (Base) Data Elements and Sets
  2. Data Types
  3. Abstract Elements
  4. The Data Schema