The Platform for Privacy Preferences 1.1 (P3P1.1):
Specification of Statement Grouping (WG.SG)
W3C Working Draft 22 May 2002
- This version:
- TBD
$Revision: 1.1 $ on $Date: 2003/05/22 09:45:31 $ GMT by $Author: rigo $
- Latest version:
- TBD
- Previous version:
- NA
- Editor
- Matthias Schunter, IBM
- Authors
- Lorrie Cranor, AT&T
- Matthias Schunter, IBM
Copyright
©2003 W3C® (MIT, INRIA,
Keio), All Rights Reserved. W3C liability,
trademark,
document
use and software
licensing rules apply.
Abstract
The Statement Grouping task force will consider the creation of a mechanism
that will allow for Web sites to indicate a set of practices that can be grouped
together based on how the user interacts with the Web site (e.g. a register
member, a seller on an auction Web site, etc) and how opt-in or opt-out choices may be applied to these
groups. This document describes a draft proposal how to group consent choices.
The basic idea we propose is to add a
<STATEMENT-GROUP id = "somename" /> extension to the
<STATEMENT> where all statements with the same
statement-group id
can only be displayed and opted in or out of together. The will also be the
addition of a <STATEMENT-GROUP-DEF id="somename"
short-description="somename's description" consent = "opt-in" />
extension to the <POLICY> that
will define the group description to be displayed in the agents P3P viewer and
the consent type for this practice. The numbering of the sections is the
corresponding numbering of the P3P 1.0 Specification.
Status of This Document
This is an editors' draft with no standing.
Table of Contents
- Introduction
- Statement
- Statement that belongs to a Consent Group (P3P
1.1)
This document describes statement and policy extensions that aim at grouping
statements for readability and consent.
This is the output of the P3P 1.1 Working Group on Statement Grouping (SG). The
changes we propose are to add an extension sub-element to statement that
specifies the id for a group of statements and to add an extension sub-element
to policy that specifies the textual description of this grouping and its
consent mechanism.
Editor's Note: I am not sure how we want to specify P3P 1.1. I see two
choices:
- Incremental: The P3P 1.1 Spec describes the differences to the
P3P 1.0 spec
- Revision: The P3P 1.1 spec is a new self-contained specification
that consolidates the bug-fixes, changes and addenums to the P3P 1.0
spec.
Since I feel that the latter is nicer for the readers, I temporarily opted
for this approach, i.e., Section 3.3 is a copy from P3P where I've marked all
P3P 1.1 extensions in red.
[here go the other sub-chapters of the P3P 1.0 spec]
All statements that contain the same id in their statement-group
extensions belong together.
<STATEMENT-GROUP>- an element inside the
<EXTENSION> sub-element of a
<STATEMENT>. This element that identifies a statement
group. Each statement MUST have at most one statement-group extension.
id- This attribute contains a string that identifies a statement group.
| [xx] |
sg-extension
|
=
|
"<EXTENSION>
<STATEMENT-GROUP id=" quotedstring ">
</EXTENSION>"
|
For example, an enterprise allows to choose whether your phone and email
can be used by yourself for marketing. However, once you allow your data to
be used for marketing by itself, the collector requires that you allow it to
forward the data to third parties for telemarketing as well.
<STATEMENT>
<EXTENSION>
<STATEMENT-GROUP id = "fflyer" />
</EXTENSION>
. . .
</STATEMENT>
[here go the other sub-chapters of the P3P 1.0 spec]
All statements-group-def extensions have an id that matches the
statement-group extensions together. This means that these statements will all
be grouped together in the P3P viewer and all elements
with required="opt-in" or with required="opt-out" can
only be opted together. A user may not be allowed by the recipient to opt for a
subset of these elements. When parsing the agent will look for a consent
attribute in the statement-group-def extension and use that as the consent type
even if the required attribute is set on another element in the statement.
<STATEMENT-GROUP-DEF>- an element inside the
<EXTENSION> sub-element of a
<POLICY>. This element that identifies a statement
group and its description and consent method. Each Statement-Group MUST have at
least one statement-group-def extension . It policy can have multiple
Statement-group-def extentions
id- This attribute contains a string that identifies a statement group.
| [xx] |
sg-extension
|
=
|
"<EXTENSION>
<STATEMENT-GROUP-DEF id=" quotedstring "
short-description=" quotedstring "
consent = "opt-in or opt-out" />
</EXTENSION>"
|
<POLICY>
<EXTENSION>
<STATEMENT-GROUP-DEF id="fflyer"
short-description="Frequent Flyer Club"
consent = "opt-in" />
</EXTENSION>
</POLICY>