Re: P3P question

I don't believe it would be correct to say that a current goal of the P3P
effort is to relieve users of the need to re-type their data in response
to each request. I think it would be correct to say that a goal of P3P
is to interoperate with a variety of other tools so that individuals have an
opportunity to use P3P regardless of whether they choose to type
in their data manually, use an automated system, or not provide
any data at all.

The paragraph you quoted from the November 1998 note would no
longer be entirely true because the P3P specification no longer provides
the ability to reach explicit agreements and the P3P specification no
longer defines a data transfer mechanism. But P3P could interoperate
with other mechanisms for a similar effect.

Basically P3P1.0 is now a mechanism for web sites to associate
standard machine-readable privacy policies with web content and for
user agents to automatically fetch those policies.

Lorrie

----- Original Message -----
From: Karen Coyle <kcoyle@ix.netcom.com>
To: Lorrie Cranor <lorrie@research.att.com>; Joseph M. Reagle Jr.
<reagle@w3.org>
Cc: <www-p3p-public-comments@w3.org>; <massimo@w3.org>; <dll@w3.org>
Sent: Wednesday, November 24, 1999 2:04 PM
Subject: Re: P3P question


> Thanks. So the bottom line is that P3P still facilitates the exchange of
> user data by providing a data standard, it just no longer defines the
> protocol for the transfer. Is this correct? What I'm trying to reconcile
is
> the earlier stated goal of relieving users of the need to re-type their
> data in response to each request. Is that still a goal, even though the
> mechanism may not be contained within the P3P protocol?
>
> So, for example, this statement from the November 1998 Note would still be
> true?
>
> "Some P3P implementations will likely support a data repository where
users
> store information they are willing to release to certain services. If they
> reach an agreement that allows the collection of specific data elements,
> such information can be transferred automatically from the repository.
> Services may also request to store data in the user's repository."
>
> kc
>
> At 12:01 PM 11/24/99 -0500, Lorrie Cranor wrote:
> >Karen,
> >
> >The working group tried to explain our intentions regarding the
> >removal of the data transport mechanism in:
> >http://www.w3.org/P3P/data-transfer.html
> >
> >The last call working draft (http://www.w3.org/TR/P3P)
> >also explains:
> >
> >  1.1.2 P3P User Agents
> >
> >  P3P1.0 user agents can be built into web broswers, browser plug-ins,
> >  or proxy servers. They can also be implemented as Java applets or
> >  Javascript; or built into electronic wallets, automatic form-fillers,
or
> >  other user data management tools. P3P user agents look for P3P
> >  headers in HTTP responses and in P3P LINK tags embedded in
> >  HTML content. These special headers and tags indicate the location
> >  of a relevant P3P policy. User agents can fetch the policy from the
> >  indicated location, parse it, and display symbols, play sounds, or
> >  generate user prompts that reflect a site's P3P privacy practices.
> >  They can also compare P3P policies with privacy preferences set
> >  by the user and take appropriate actions. P3P can perform a sort
> >  of "gate keeper" function for data transfer mechanisms such as
> >  electronic wallets and automatic form fillers. A P3P user agent
> >  integrated into one of these mechanisms would retrieve P3P policies,
> >  compare them with user's preferences, and authorize the release of
> >  data only if a) the policy is consistent with the user's preferences
and
> >  b) the requested data transfer is consistent with the policy. If one of
> >  these conditions is not met, the user might be informed of the
> >  discrepancy and given an opportunity to authorize the data release
> >  themselves.
> >
> >In general, the base data set is still there for two main reasons:
> >1. We wanted to have a way for web sites to talk precisely about the
> >kinds of data they collect in order to better inform visitors about their
> >practices
> >2. We wanted P3P to be able to easily interoperate with other tools that
> >will focus on the actual data collection. It has been the group's feeling
> >that if users are going to take advantage of the many tools that seem to
> >be emerging that help them manage their data and automate data
> >collection, than P3P must be able to directly interoperate with these
> >tools if it is to prove useful to a consumer. We don't want people to
have
> >P3P only in their web browser and feel they are protected, and then have
> >their electronic wallet blindly disseminating their information without
> >regard for privacy policies.
> >
> >In order to meet these goals we are currently reviewing whether we can
> >substitute the vcard data schema for our user data set for even better
> >interopeability.
> >
> >Regards,
> >
> >Lorrie Cranor
> >P3P Specification Group Chair
> >
> >----- Original Message -----
> >From: Joseph M. Reagle Jr. <reagle@w3.org>
> >To: Karen Coyle <kcoyle@ix.netcom.com>
> >Cc: <www-p3p-public-comments@w3.org>; Lorrie Cranor
> ><lorrie@research.att.com>; <massimo@w3.org>; <dll@w3.org>
> >Sent: Wednesday, November 24, 1999 11:50 AM
> >Subject: Re: P3P question
> >
> >
> >> Karen,
> >>
> >> I'm forwarding your email to the comment list and the other contacts
since
> >I
> >> think they can answer this question better than I can.
> >>
> >> At 07:23 99/11/23 -0800, Karen Coyle wrote:
> >>  >Hi. I'm trying to get a grasp on the lastest P3P draft and the
removal
> >of
> >>  >the data transport portion of the protocol. Some people are
interpreting
> >>  >this as meaning that there will not be any uploading of data during a
> >>  >P3P-managed transaction. That would only make sense to me if there
were
> >no
> >>  >data elements associated with P3P, but the mandatory data elements
> >remain
> >>  >in the protocol.
> >>  >
> >>  >Is it still expected that the user's data may/will be conveyed to the
> >>  >requesting site, but just using some other mechanism? In other words,
> >what
> >>  >is the purpose of the mandatory data elements in the current draft?
> >>  >
> >>  >If I missed something on the P3P site that explains all of this,
don't
> >>  >hesitate to point me to it.
> >>  >
> >>  >Thanks,
> >>  >
> >>  >Karen Coyle
> >>  >http://www.kcoyle.net
> >>  >
> >>
> >> _________________________________________________________
> >> Joseph Reagle Jr.
> >> Policy Analyst           mailto:reagle@w3.org
> >> XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
> >>
> >>
> >
>
>

Received on Wednesday, 24 November 1999 14:33:29 UTC