privacy, p3p and xkms

During the teleconference we discussed the issue of privacy and XKMS,
especially in regard to P3P.

The privacy issue of concern is how registration information is used by the
Trust server. Anonymous service access is an entirely different issue.

The P3P recommendation ( ) defines the syntax and
semantics of a privacy policy (using XML), and also defines mechanisms of
how to associate a policy with a URL.  The implementor of a XKMS trust
server can define their privacy policy for the information collected at
registration by creating a P3P policy document. This policy should be
created according to P3P, but it is up to the server implementor to decide
whether to do this, and what to state in the policy.  Different URLs may be
used for registration and information services, but one policy would apply
to the entire registration service, one to the entire information service.

P3P defines three mechanisms a client may use to obtain privacy statements
from a server when accessing the server using HTTP.
One is to use a well known location, namely /w3c/p3p.xml, another is to
follow HTML link elements with the appropriate rel attribute, and finally to
examine P3P HTTP headers in the response. P3P capable clients are expected
to handle all three.

The implementors of an  XKMS server could thus choose to return the privacy
policy by responding to HTTP GET requests on the well known URL, or could
choose to implement the P3P HTTP headers to provide a policy reference
(URL). Again, we can leave it up to the server implementor as to whether to
do this or not, but if they do it would be sensible to follow the P3P

HTTP messages from a server may also contain compact P3P privacy headers, an
optional P3P feature, designed to provide performance optimization, by
encoding policy information using short tokens. The policy statement in P3P
v1 applies to HTTP  cookie information associated with the current HTTP
response. This could be used with XKMS at server implementor discretion.

To summarize, I think the privacy requirement for XKMS should be stated as

The specification must state in the security section that concerns over the
privacy of registration information may be addressed through server P3P
privacy policies. The definition and retrieval mechanisms for these policies
are defined in the P3P recommendation and do not require definition in the
XKMS specifications [P3P].

Is this appropriate, or are their additional privacy issues that need to be
addressed in the XKMS requirements?


< Frederick

Frederick Hirsch
Zolera Systems,
Information Integrity, XML Security

Received on Thursday, 15 November 2001 17:55:01 UTC