W3C home > Mailing lists > Public > public-p3p-ws@w3.org > December 2002

Future work proposal P3P - area 13 (XML Dig Sig)

From: Giles Hogben <giles.hogben@jrc.it>
Date: Fri, 13 Dec 2002 14:33:51 +0100
To: <public-p3p-ws@w3.org>
Message-ID: <GAEKIJGJBJOBBJEFAHMLKEOBCEAA.giles.hogben@jrc.it>

XML signed policy specification. (Item 13)

A serious problem for P3P is that if a company's practices contravene its
stated privacy policy, there is little technical or legal framework to prove
that a company made the statements, which existed on its server at a given
time. I.e. it is too easy for a company to repudiate its policy statements.
While P3P does increase the level of trust felt by consumers by providing
more transparent and unambiguous information, it does not however provide
any assurance as to the authenticity and integrity of this information.
The aim of this item is to provide a watertight route of legal recourse and
thereby to increase trust in consumers.
Probably the biggest obstacle in achieving these objectives is in driving
the adoption of any measures taken. However, a prerequisite to this is to
provide hooks within the P3P standard by which signed policies may be
referenced, validated and later used as legal evidence.

Joseph Reagle of W3C has already gone some way towards outlining the detail
of this solution and the solution would build on the document "A P3P
Assurance Signature Profile".
Building on this, the requirements for the P3P specification are as follows:
1. A mechanism for locating a signed version of a policy within a standard
P3P policy. It has been suggested that the verification attribute should be
used to identify the location of the signed policy. However it may be
valuable to create another attribute so that user agents may easily identify
the need to verify a signature. In any case, it needs to be clearly
specified within the spec document where the signed version of a particular
policy should be specified.
2. A similar element needs to be created within PRF files to verify the
binding to the policy. This should be optional but recommended (a SHOULD)
where a signed policy is referenced.
3. A full specification for the format of XML signed policies such as that
specified within Reagle's P3P assurance profile document and Giles Hogben,
Tom Jackson, Marc Wilikens (Joint Research Centre of the EC, I). A fully
compliant research implementation of the P3P standard for privacy
protection: experiences and recommendations
There is little further work necessary.
4. If possible a sample tool for creating signed policies.
5. Description of verification process for user agents. The problem of how
to automate this should be visited. For example if a certificate is provided
for a domain, which does not match the domain of the signed policy, what
should the agent do - should there be a checksum repository to help user
agents verify certificates?
6. An addition to the APPEL specification so that signatures may be required
under certain circumstances (e.g. "signaturerequired" attribute in a rule).

The JRC has already developed a prototype specification for this
functionality. This specification will be used to create a demonstrator
module to be integrated within the JRC proxy architecture. Further resources
for integrating this into the P3P specification can also be provided by the

Time Frame:
It is expected that the development of the architecture, specification and
demonstrator will be finished by January 2004.

Giles Hogben
CyberSecurity Unit
Institute for the Protection and Security of the Citizen (IPSC)
European Commission - Euratom Centro Comune di Ricerca
Via Enrico Fermi 1
21020 Ispra,   Italy
Received on Friday, 13 December 2002 08:33:07 EST

This archive was generated by hypermail pre-2.1.9 : Monday, 22 September 2003 06:04:21 EDT