W3C home > Mailing lists > Public > public-p3p-ws@w3.org > December 2002

Future Work Proposal: P3P Spec. Ambiguities

From: Matthias Schunter <mts@zurich.ibm.com>
Date: Fri, 13 Dec 2002 16:04:27 +0100
Message-Id: <5.1.0.14.2.20021213155846.02e09c18@popsrv1.zurich.ibm.com>
To: <public-p3p-ws@w3.org>
Cc: wmi@zurich.ibm.com, evh@zurich.ibm.com

SCOPE

A P3P policy should make clear  what recipient is allowed to perform
what purpose on which data element. In addition, it should define what
data can be collected, whether it needs to be anonymized at
collection, and how long can it be retained.

Unfortunately, the P3P specification only describes the meaning of a
policy that restricts itself to the most primitive case. Complicated
cases, like conflicts, are not sufficiently addressed.

The following issues should be clarified:
- Overlapping Statements: What is the meaning of overlapping statements
   In particular if some have opt-in opt-out, some haven't.
- Meaning of non-identifiable: It is unclear what an non-identifiable element
   means.

RESOURCES
- Matthias Schunter
- Review and proposed changes to the spec.
- Aiming at an addenum to 1.0 that clarifies these issues.

-- Dr. Matthias Schunter <mts (at) zurich.ibm.com> ---
IBM Zurich Research Laboratory,   Ph. +41 (1) 724-8329
Fax +41-1-724 8953; More info at www.semper.org/sirene
PGP Fingerprint    989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Friday, 13 December 2002 10:54:44 EST

This archive was generated by hypermail pre-2.1.9 : Monday, 22 September 2003 06:04:21 EDT