- From: Lorrie Cranor <lorrie@cs.cmu.edu>
- Date: Mon, 29 Mar 2004 14:12:22 -0500
- To: "Gammel, Denise" <Denise.Gammel@rrb.gov>
- Cc: www-p3p-policy@w3.org
The idea behind P3P is to have a standard computer readable format for web site privacy policies. The text you refer to is the human-readable translation of the computer-readable code. The whole point of P3P is to have standardized policies that a computer can read. There are some fields such as "consequence" that allow people to provide free form text, but mostly it is expected that you will use your full human-readable policy for detailed explanations (in addition to your P3P policy). Regards, Lorrie Cranor On Mar 29, 2004, at 12:48 PM, Gammel, Denise wrote: > > Hello, > > To what extent can a P3P policy be customized? We have looked at P3P > compliant websites from the list offered on the W3C > (<http://www.w3.org/P3P/compliant_sites>). It seems there is very > little customizing. Is this because the text of a policy must be > standard in order for the P3P to be recognized by the user agents? > > We understand that each Statement must have the following components: > "why is this information collected", "who has access to this > information", and "how long is this information retained". We would > like to have a customized response to the question "Who has access to > this information", but it seems all we can do is create the response > everyone else has, namely, "This Web site, entities for whom it is > acting as an agent, and/or entities acting as its agent. An agent in > this instance is defined as a third party that processes data only for > the completion of the stated purpose, such as a shipping firm or > printing service." > > We are using IBM's P3P Policy Editor. Other than providing a unique > name for each policy statement, we do not believe customization is an > option. The P3P text that displays is a result of options we select > in the P3P Editor's Group Properties tab. You don't get a chance to > write your own text. Can anyone confirm? > > Denise Gammel > Web Manager > Railroad Retirement Board > www.rrb.gov > (312) 751-4671 > > -- Lorrie Faith Cranor <http://lorrie.cranor.org/> (Note, as of Dec 2003 I'm at Carnegie Mellon University) P3P Specification Working Group Chair <http://www.w3.org/p3p/> Book: Web Privacy with P3P <http://p3pbook.com/>
Received on Monday, 29 March 2004 14:12:26 UTC