Re: P3P Generic Attribute for XML Applications

Am Wednesday 26 May 2004 01:01 verlautbarte Mark Nottingham :
> I agree that there are different models; if one were to generalise
> them, they might be
>    Entity X will honour policy P when handling data D.
> for "policy" (e.g., P3P), and
>    Entity Y requires entity X to honour policy P when handling data
> D. for "preferences (e.g., EPAL).
>
> My original point was slightly different; in both cases, the data is
> identified as D; P3P specifies this by associating policy with "data
> that is submitted to resource R" but this is really just a
> referential way to identify D.

This is part of the issue Giles is working on. If we would be able to 
identify data D with an XML Schema, it would make integration more 
decent. In Lorrie' s head, P3P works with data categories, so we 
haven't been down to that level of detail. We also don't address the 
issue of identifiers as in DRM. P3P does not say _that specific_ piece 
of data but rather this genre/type of data associated with your name 
and personal info.
>
> Would you agree that the vocabulary for describing the policy and
> means of specifying it could be the same for either application, with
> the only difference being the assertions about who is requiring or
> committing to do what with them?

In an EU Project, Giles is working on a privacy ontology for the reasons 
you give here. IBM has tried to accomplish both applications with the 
P3P vocabulary. Guenter Karjoth has written several presentations on 
the shortcomings of P3P in EPAL-like applications. EPAL is simply P3P + 
APPEL in one application and then simplified at max. The simplification 
does not take too much power, as we learned a lot during the past two 
years about the benefit of different approaches.

See the P3P Workshop in Kiel for more details:

http://www.w3.org/2003/p3p-ws/

Best, 

Rigo