Abstract
This document describes the Platform for Privacy
Preferences (P3P). P3P enables Web sites to express their privacy
practices and enables users to exercise preferences over those practices. P3P compliant products will allow users to be informed of site practices (in
both machine and human readable formats), to delegate decisions to their computer when appropriate, and to tailor their
relationship to specific sites. Site practices that are compatible with a user's preferences can, at the user's option, be
accessed "seamlessly". Otherwise users will be notified of a site's practices and have the opportunity to agree to those
terms or other terms and continue browsing if they wish.
P3P gives users the ability to make informed decisions regarding their Web experience and the ability to control the use
of their information. Sites can use P3P to increase the level of confidence users place in their services, as well as improve
the quality of the services offered, customize content, and simplify site access, offering facilities like auto fill-in of forms, customized profiles,
automatic electronic commerce transactions.
Status of This Document
This is the fourth W3C public working draft for review by W3C members
and other interested parties. This document has been produced as part of
the P3P Activity, and will eventually
be advanced toward W3C Recommendation status. It is inappropriate to use
W3C Working Drafts as reference material or to cite them as other than "work
in progress." The underlying concepts of the draft are fairly stable and
we encourage the development of experimental implementations and prototypes
so as to provide feedback on the specification. However, this Working Group
will not allow early implementations to affect their ability to make changes
to future versions of this document.
This draft document will be considered by W3C and its members according to
W3C process. This document is made public for the purpose of receiving comments
that inform the W3C membership and staff on issues likely to affect the
implementation, acceptance, and adoption of P3P.
Please send comments to
www-p3p-public-comments@w3.org (archived
at
http://lists.w3.org/Archives/Public/www-p3p-public-comments/).
W3C members can access the updated
list of pending
issues.
Attention is called to the possibility that implementation of this Technical
Report may require use of subject matter covered by patent rights. By publication
of this Technical Report, no position is taken with respect to the existence
or validity of any patent rights in connection therewith. The W3C shall not
be responsible for identifying patent rights for which a license may be required
to implement a W3C Technical Report or for conducting inquiries into the
existence, legal validity or scope of those patent rights that are brought
to its attention.
The P3P 1.0 specification consists of three documents. P3P1.0 compliant
implementations must abide by the conformance requirements of each.
-
Syntax Specification
-
This is the core and lengthiest specification; it documents the requirements,
assumptions, and specifies the P3P protocols, transport methods, and the
data structures' syntax and encoding.
http://www.w3.org/TR/1999/WD-P3P-19990407/syntax
The actual attribute values for privacy disclosures and data element (names
of the information exchanged, like "User.Name") are specified in the
following two documents.
-
Harmonized Vocabulary Specification
-
This document specifies the English language semantics for privacy related
disclosures such as categories, purpose, identifiable use, recipients, and
access.
http://www.w3.org/TR/1999/WD-P3P-19990407/vocab
-
Base Data Set Specification
-
This document specifies the names of base P3P data elements, sets, and their
data types.
http://www.w3.org/TR/1999/WD-P3P-19990407/basedata
We have seperated this specification into three documents for readability
purposes and for version migration. For instances, if changes were made to
the harmonized vocabulary in the beginning of 2000, version P3P1.1 could
be specified with a document akin to this one, but with:
-
Its own URI (namespace):
http://www.w3.org/TR/2000/WD-P3P-20000101/
-
A different URI (namespace) for the Harmonized vocabulary:
http://www.w3.org/TR/2000/WD-P3P-20000101/vocab/
-
The same URIs (namespaces) for the Syntax and Base Data Set:
http://www.w3.org/TR/1999/WD-P3P-19990407/syntax
http://www.w3.org/TR/1999/WD-P3P-19990407/vocab
Master Table of Contents
-
Introduction
-
Problem space
-
About this specification
-
Operational description
-
Operational design
-
Assumptions
-
Terminology
-
Conformance requirements
-
Scenarios
-
Data Transport
-
Protocol Model
-
Client Actions
-
Server Actions
-
HTTP Extension Framework and P3P
-
Protocol Actions
-
Client requests proposal from the
server
-
Client returns repository data referencing
a specific policy
-
Server suggests proposal (location)
to the client
-
Server accepts a proposal /data required
by the client or reports an error
-
Reason codes definition
-
Agreement scenario
-
P3P markup and processing
-
Example proposal
-
English language proposal
-
XML/RDF encoding of proposal
-
Proposals
-
The PROP element
-
The REALM element
-
The VOC:DISCLOSURE element
-
The ASSURANCE element
-
Data Transmission
-
Statements
-
The STATEMENT element
-
The DATA:REF element
-
Creating New Data Sets
-
Appendices
Appendix 1: References (Normative)
Appendix 2: ABNF Notation
(Non-normative)
Appendix 3: Working Group
Contributors (Non-normative)
-
Introduction
-
Compliance Requirements
-
Definitions
-
Data Categories: a type, or quality of
specific data element such as last_name.
-
Data Collection Purposes: the purpose
of the data collection
-
Qualifications on Purposes: additional
information on how the purpose is realized
-
General Disclosures: describe the user's
capabilities to further understand a service provider's practices
-
References
-
Acknowledgements
-
Required (Base)
Data Elements and Sets
-
Data Types
-
Abstract Elements
-
The Data Schema
