FW: Call for Implementation: Platform for Privacy Preferences 1.0 (P3P 1.0) Becomes a W3C Candidate Recommendation

Web site and software developers:

We expect the December 15 specification announced below to be
stable for quite some time. Please update your sites and software
according to this specification. And we are very interested in your
feedback.

Lorrie Cranor
P3P Specification Working Group Chair

----- Original Message -----
From: Daniel J. Weitzner <djweitzner@w3.org>
To: <w3c-p3p-ig@w3.org>
Sent: Sunday, December 17, 2000 11:29 AM
Subject: FW: Call for Implementation: Platform for Privacy Preferences 1.0 (P3P 1.0) Becomes a W3C Candidate
Recommendation


Dear Colleagues,

P3P has been advanced to W3C Candidate Recommendation Status. This indicates
that the Consortium believes P3P is ready for widespread implementation by
the Web community, in user agents, on Web servers, and in server-side
software tools.

Congratulations to everyone who has worked hard to reach this important
milestone. And thanks to all those along the way who have provided
constructive, even skeptical, criticism. :-) All of these efforts have
contributed to making the P3P specification responsive to the diverse needs
of the Web community as a whole.

What should you expect next? Watch for implementations. The P3P Working
Groups will be looking closely at the experience of implementers and users
when we consider advancing P3P the final Recommendation status.

Best regards,

Danny Weitzner

-----Original Message-----
From: w3t-request@w3.org [mailto:w3t-request@w3.org]On Behalf Of Janet
Daly
Sent: Friday, December 15, 2000 6:31 PM
To: w3c-ac-members@w3.org
Cc: Lorrie Cranor; djw@w3.org; rigo@w3.org
Subject: Call for Implementation: Platform for Privacy Preferences 1.0
(P3P 1.0) Becomes a W3C Candidate Recommendation



Dear W3C Advisory Committee Representative,

W3C is pleased to announce the advancement of the The Platform for
Privacy Preferences 1.0 (P3P 1.0) to Candidate Recommendation status.

The Platform for Privacy Preferences 1.0 (P3P 1.0) Specification
http://www.w3.org/TR/2000/CR-P3P-20001215

Editor:
   Massimo Marchiori, W3C/MIT/UNIVE, (massimo@w3.org)
Authors:
   Lorrie Cranor, AT&T
   Marc Langheinrich, ETH Zurich
   Massimo Marchiori, W3C/MIT/UNIVE
   Martin Presler-Marshall, IBM
   Joseph Reagle, W3C/MIT

1 Overview of P3P

(from the Abstract and Introduction to P3P 1.0)
This is the specification of the Platform for Privacy Preferences (P3P).
This document, along with its normative references, includes all the
specification necessary for the implementation of interoperable P3P
applications.

The Platform for Privacy Preferences Project (P3P) enables Web sites to
express their privacy practices in a standard format that can be
retrieved automatically and interpreted easily by user agents. P3P user
agents will allow users to be informed of site practices (in both
machine- and human-readable formats) and to automate decision-making
based on these practices when appropriate. Thus users need not read
the privacy policies at every site they visit.

P3P provides a way for a Web site to encode its data-collection and
data-use practices in a machine-readable XML format known as a P3P
policy. The P3P specification defines:

* A standard schema for data a Web site may wish to
  collect, known as the "P3P base data schema"
* A standard set of uses, recipients, data categories,
  and other privacy disclosures
* An XML format for expressing a privacy policy
* A means of associating privacy policies with Web pages or
  sites, and cookies
* A mechanism for transporting P3P policies over HTTP

The goal of P3P version 1.0 is twofold. First, it allows Web sites to
present their data-collection practices in a standardized,
machine-readable, easy-to-locate manner. Second, it enables Web users to
understand what data will be collected by sites they visit, how that
data will be used, and what data/uses they may "opt-out" of or "opt-in"
to.

2 Request for publication and outstanding issues

The publication is in response to the Working Group Chair's request,
archived in W3C member space at:

  http://lists.w3.org/Archives/Member/chairs/2000OctDec/0111.html

The last-call issues which remain open are listed (along with the other
issues raised during last call) in the Working Group chairs' summary of
last-call issues at

  http://www.w3.org/P3P/Group/Specification/p3p-issues.html
  (W3C Member only)

  http://www.w3.org/P3P/p3p-issues-public.html
  (public document)

The Director is satisfied that all issues raised during the Last Call
period have received sufficient review and consensus in the community.

Since the close of the Last Call period, questions regarding
requirements for user agent handling of syntactically-incorrect policies
have been raised. Exit criteria have been added which will establish how
to address this open issue before the specification becomes a
Recommendation.

3 Exit criteria

The Candidate Recommendation period ends once the milestones below are
achieved. Input from implementors will be accepted at least through 15
March 2001.

Milestones to be achieved before exiting Candidate Recommendation
status:

1. At least one P3P user agent implementation integrated into
   an HTTP user agent capable of fetching HTML files that
   includes all of the functionality required and recommended
   by this specification

2. A second P3P user agent implementation of each specified
   function (these functions may be demonstrated across several
   partial P3P implementations or they may be demonstrated in a
   second full P3P implementation)

3. At least one special-purpose tool for generating P3P policies
   and policy reference files

4. At least one tool for converting full P3P policies to compact
   policies

5. At least 10 P3P-enabled production Web sites

6. At least one web site that illustrates each of the example
   scenarios in Section 2.5 of the P3P1.0 specification as well
   as at least one Web site that uses mini-policies (these may
   be either production web sites or demonstration sites)

Furthermore during the Candidate Recommendation review period, the
Working Group will:

1. Prepare a W3C Note describing RDF data models representing
   P3P policies and policy reference files.

2. Submit an Internet Draft to the IETF describing the P3P header
   and request that an RFC be issued documenting this header.

3. Prepare a set of test policies and policy reference files
   that user agent implementers can use to demonstrate that their
   implementations behave correctly. This should include examples
   of policies that contain syntax errors.

4. Specify the appropriate behavior for user agents upon
   encountering a policy with invalid syntax.

The working group also encourages implementors to explore the
possibility of implementations in web proxies and mobile devices, as
well as implementations that can import user preferences using the
[APPEL] language.

Please send review comments to:

www-p3p-public-comments@w3.org
(publicly archived)

Should this specification prove very difficult or impossible to
implement, the Working Group will return the document to Working Draft
status and make necessary changes. Otherwise, the Working Group
anticipates asking the W3C Director to advance this document to Proposed
Recommendation.

Implementors are invited to contact the Working Group chair to
participate in the final report.

4 Description of what Candidate Recommendation status means

The W3C Process Document describes the Candidate Recommendation status
of a specification in Section 6.2.3:
http://www.w3.org/Consortium/Process/Process-19991111/tr.html#RecsCR


   A Candidate Recommendation has received significant review from its
   immediate technical community (resulting from the Last Call).
   Advancement of a document to Candidate Recommendation is an explicit
   call to those outside of the related Working Groups or the W3C itself
   for implementation and technical feedback. There is no requirement
   that a Working Draft have two independent and interoperable
   implementations to become a Candidate Recommendation. Instead, this
   is the phase at which the Working Group is responsible for formally
   acquiring that experience or at least defining the expectations of
   implementation.


5 Status of This Document

The "status of this document" section for the Candidate Recommendation
reads:

This section describes the status of this document at the time of its
publication. Other documents may supersede this document. The latest
status of this document series is maintained at the W3C.

This is the 15 December 2000 Candidate Recommendation of the Platform
for Privacy Preferences 1.0 (P3P1.0) Specification. This means that the
P3P Specification Working Group (Members-only) considers the
specification to be stable and encourages implementation and comment on
the specification during this period.

for Tim Berners-Lee, W3C Director;
Janet Daly, Head of Communications

Received on Sunday, 17 December 2000 13:21:31 UTC