Re: Customize P3P Policy from Lorrie Cranor on 2004-03-29 (www-p3p-policy@w3.org from March 2004)

From: Lorrie Cranor <lorrie@cs.cmu.edu>
Date: Mon, 29 Mar 2004 14:12:22 -0500
To: "Gammel, Denise" <Denise.Gammel@rrb.gov>
Cc: www-p3p-policy@w3.org
Message-Id: <01FBED0A-81B5-11D8-A7A7-000A95DA3F5A@cs.cmu.edu>

The idea behind P3P is to have a standard computer readable format for 
web site privacy policies. The text you refer to is the human-readable 
translation of the computer-readable code. The whole point of P3P is to 
have standardized policies that a computer can read. There are some 
fields such as "consequence" that allow people to provide free form 
text, but mostly it is expected that you will use your full 
human-readable policy for detailed explanations (in addition to your 
P3P policy).

Regards,

Lorrie Cranor


On Mar 29, 2004, at 12:48 PM, Gammel, Denise wrote:

>
> Hello,
>
> To what extent can a P3P policy be customized?  We have looked at P3P 
> compliant websites from the list offered on the W3C 
> (<http://www.w3.org/P3P/compliant_sites>).  It seems there is very 
> little customizing.  Is this because the text of a policy must be 
> standard in order for the P3P to be recognized by the user agents?
>
> We understand that each Statement must have the following components:  
> "why is this information collected", "who has access to this 
> information", and "how long is this information retained".  We would 
> like to have a customized response to the question "Who has access to 
> this information", but it seems all we can do is create the response 
> everyone else has, namely, "This Web site, entities for whom it is 
> acting as an agent, and/or entities acting as its agent. An agent in 
> this instance is defined as a third party that processes data only for 
> the completion of the stated purpose, such as a shipping firm or 
> printing service."
>
> We are using IBM's P3P Policy Editor.   Other than providing a unique 
> name for each policy statement, we do not believe customization is an 
> option.  The P3P text that displays is a result of options we select 
> in the P3P Editor's Group Properties tab.  You don't get a chance to 
> write your own text.  Can anyone confirm?
>
> Denise Gammel
> Web Manager
> Railroad Retirement Board
> www.rrb.gov
> (312) 751-4671
>
>
--
Lorrie Faith Cranor <http://lorrie.cranor.org/>
(Note, as of Dec 2003 I'm at Carnegie Mellon University)
P3P Specification Working Group Chair <http://www.w3.org/p3p/>
Book: Web Privacy with P3P <http://p3pbook.com/>

Received on Monday, 29 March 2004 14:12:26 UTC