W3C home > Mailing lists > Public > public-p3p-ws@w3.org > December 2002

Future Work Proposal: P3P Consent/Choices Definition Mechanism

From: Matthias Schunter <mts@zurich.ibm.com>
Date: Fri, 13 Dec 2002 16:54:07 +0100
Message-Id: <>
To: <public-p3p-ws@w3.org>
Cc: wmi@zurich.ibm.com, evh@zurich.ibm.com


Currently, data subjects opt-in or opt-out to elements within a
statement. For example, they can opt-out of a certain recipient for a given
set of statements and retention policies. This implies that they
automatically opt-in or opt-out to the resulting cross product with
this recipient and all purposes and retentions. This is usually not
what a user wants. In practice, a customer usually opts in for a
abstract textual description that reflects many uses.

Since opt-in and opt-out usually corresponds to certain business
processes in an organization that require multiple data elements for
multiple purposes, it is advisable to introduce `consent blocks' that
enable to opt-in or opt-out to a set of statements.  This can be
formalized by named consent descriptors that can be opt-in or opt-out
and describe (in text) what the consent means. Each statement can then
specify a consent descriptor.  If this particular consent has been
given, the statement is applicable.  Otherwise, it is not applicable.

- Matthias Schunter
- Elaborate our proposal to express consent choices in P3P 1.1
- Discussions with the P3P 1.1 working group

If P3P wants to specify a format for _collecting_ consent in P3P 2.0,
we'd be willing to contribute as well. Collecting consent would require
elements that fix primary and secondary recipients and purposes.

-- Dr. Matthias Schunter <mts (at) zurich.ibm.com> ---
IBM Zurich Research Laboratory,   Ph. +41 (1) 724-8329
Fax +41-1-724 8953; More info at www.semper.org/sirene
PGP Fingerprint    989AA3ED 21A19EF2 B0058374 BE0EE10D
Received on Friday, 13 December 2002 11:00:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:37:54 UTC