7th European Symposium on Research in Computer Security (ESORICS 2002)
A Fully Compliant Research Implementation of the P3P Standard for Privacy Protection: Experiences and Recommendations
Giles Hogben, Tom Jackson, Marc Wilikens
Keywords : privacy enhancing technologies, P3P, XML digital signatures, secure electronic commerce, transaction management, security verification
Abstract : This paper describes experiences gained from development of a fully compliant implementation of the W3C's XML based P3P standard. P3P aims to make privacy policies of web sites transparent for automated agents, and thereby to improve transactions of personal data on the Internet. We look at some of the most important issues that have arisen from our development work, including problems with the privacy preference standard, APPEL, before concentrating on issues related to end user assurance. We look at P3P usage scenarios to show that the current P3P standard has weaknesses in this area. The paper then considers possible extensions to P3P, which could provide greater assurance to end users and facilitate dispute resolution. In particular, we present an overview of a way for increasing assurance of a privacy policy's validity using signed XML.
(Pages 104-125)