Re: Expressing advanced policies in P3P (Was: Policy for an Internet registry [EUreg #2656] from Lorrie Cranor on 2002-08-14 (www-p3p-policy@w3.org from August 2002)

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 14 Aug 2002 09:25:13 -0400
To: "Stephane Bortzmeyer" <bortzmeyer@nic.fr>, <www-p3p-policy@w3.org>
Message-ID: <001f01c24396$05618df0$9816cf87@barbaloot>

> We have certain human-readable policies which I find difficult to
> express in P3P. 
> 
> 1) We plan to allow people to opt-out the disclosure (by whois or
> whois-like services) of all contact information but one (we need to
> publish at least a phone number *or* an email address *or* a fax
> number). If I put all these elements in a STATEMENT which is covered
> by an opt-out policy, how to ensure that at least one remains public?
> 
> 2) We plan to allow people to opt-out the disclosure (by whois or
> whois-like services) of their personal data only if they fulfill some
> roles in the registry database. For instance, we might allow the
> holder ("registrant") of a domain name to remain completely hidden,
> but not the administrative contact (whose purpose is to be contacted,
> after all). Again, I do not know how to express that.
> 
> Lorrie, if your book contain the replies to all my questions, I shut
> up and I buy it :-)
> 
> Conclusions like "P3P is for Web sites only, you should find another
> mean to formally express the privacy policy of an Internet registry"
> are acceptable, too.

No, I'm afraid my book doesn't answer *all* of your questions, you
have come up with some good ones ..... You are
right that P3P was designed primarily for web sites and that we did
not anticipate the level of detail you are trying to express in a policy
for a domain registry. As we say in the spec, your human-readable
policy may be more detailed than your P3P policy, as long as they
are consistent. Any opt-outs declared in the P3P policy must
be fully explained at the opt-uri.

I think what I would do for the P3P policy on your site is
apply the opt-out to all but one data element (pick one not
to apply the opt-out to, say email address). In your human
readable policy you can explan that if you don't opt-out your
phone number you can opt-out your email address instead.

To address the issue of opting out one address but not an
other, I think I would construct a P3P policy with multiple
statements. Include a seperate statement for regstrant, 
administrative contact, etc. You can then put the opt-outs
where appropriate. Use the consequence field to explain
what each statement applies to. If you use the IBM editor
to create your policy, also use the name attribute to give
each statement a meaningful name (or even if you
don't use the IBM editor, use their extension to assign
names to your statement -- this is explained in my book)

Lorrie

Received on Wednesday, 14 August 2002 09:34:04 UTC