PLING - W3C Policy Languages Interest Group

The Policy Languages Interest Group (PLING) was created. Chaired by Marco Casassa-Mont (HP Labs) and Renato Iannella (NICTA), the group is chartered to discuss interoperability, requirements and related needs for integrating and computing the results when different policy languages used together, for example, OASIS XACML (eXtensible Access Control Markup Language), IETF Common Policy, and P3P (W3C Platform for Privacy Preferences). Participation is open to W3C Members and the public.

Status: P3P Work suspended

After a successful Last Call, the P3P Working Group decided to publish the P3P 1.1 Specification as a Working Group Note to give P3P 1.1 a provisionally final state.

The P3P Specification Working Group took this step as there was insufficient support from current Browser implementers for the implementation of P3P 1.1. The P3P 1.1 Working Group Note contains all changes from the P3P 1.1 Last Call. The Group thinks that P3P 1.1 is now ready for implementation. It is not excluded that W3C will push P3P 1.1 until Recommendation if there is sufficient support for implementation.

On the other hand, P3P keeps being the basis of a number of research directions in the area of privacy world wide. One might cite the PRIME Project as well as the Policy aware Web. Many other approaches also follow the descriptive metadata approach started by P3P. Such projects are invited to send email to <rigo@w3.org> to be listed here.

What is P3P?

The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. Have a look at the list of P3P software.

Why is P3P useful?

P3P uses machine readable descriptions to describe the collection and use of data. Sites implementing such policies make their practises explicit and thus open them to public scrutiny. Browsers can help the user to understand those privacy practises with smart interfaces. Most importantly, Browsers can this way develop a predictable behavior when blocking content like cookies thus giving a real incentive to eCommerce sites to behave in a privacy friendly way. This avoids the current scattering of cookie-blocking behaviors based on individual heuristics imagined by the implementer of the blocking tool which will make the creation of stateful services on the web a pain because the state-retrievel will be unpredictable.

The P3P 1.1 Working Group Note

A number of changes were made in P3P version 1.1. Those are supposed to be backwards compatible with P3P 1.0. The way to achieve compatibility is described in the P3P 1.1 Specification. The most significant changes are summarized here:

Background

P3P 1.1 is a direct consequence of the first Privacy Workshop that took place 2002 in Dulles/Virginia and targets short term improvements like the User Agent Guidelines.

Discussions about longer term goals were held in Kiel during the second Workshop on the long-term future of Web Privacy.Those were more focused on privacy in the back end.

Most research activities around privacy enhancing technologies today are based on P3P. They advance the general idea to express privacy practices in a machine readable way. But they add a lot of missing features. W3C staff is involved in two projects worth mentioning:

PRIME is a European IST research project that explores the future of privacy enabled Identity Management. The PRIME project addresses the widening gap between privacy laws on the one hand and the 'real life' in networks on the other hand through an integrative approach of the legal, social, economic and technical areas.

TAMI is a project of the Decentralized Information Group that is part of MIT's Computer Science and Artificial Intelligence Laboratory. The TAMI Project is creating technical, legal, and policy foundations for transparency and accountability in large-scale aggregation and inferencing across heterogeneous information systems. The incorporation of transparency and accountability into decentralized systems such as the Web is critical to help society manage the privacy risks arising from the explosive progress in communications, storage, and search technology.