A formal semantics for P3P

Ting Yu, Ninghui Li, Annie I. Antón

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

The Platform for Privacy Preferences (P3P), developed by the W3C, provides an XML-based language for websites to encode their datacollection and data-use practices in a machine-readable form. To fully deploy P3P in enterprise information systems and over the Web, a well-defined semantics for P3P policies is a must, which is lacking in the current P3P framework. Without a formal semantics, a P3P policy may be semantically inconsistent and may be interpreted and represented differently by different user agents; it is difficult to determine whether a P3P policy is indeed enforced by an enterprise; and privacy policies from different corporations cannot be formally compared before information exchange. In this paper, we propose a relational formal semantics for P3P policies, which precisely and intuitively models the relationships between different components of P3P statements (i.e., collected data items, purposes, recipients and retentions) during online information collection. The proposed formal semantics is an important step towards improving P3P, making it more appropriate to be integrated with business practice and ultimately accelerating the large-scale adoption of P3P across the Internet.

Original languageEnglish
Title of host publicationProceedings of the 2004 Workshop on Secure Web Service, SWS 2004
PublisherAssociation for Computing Machinery, Inc
Pages1-8
Number of pages8
ISBN (Print)158113973X, 9781581139730
DOIs
Publication statusPublished - 29 Oct 2015
Externally publishedYes
EventWorkshop on Secure Web Service, SWS 2004 - Fairfax, United States
Duration: 29 Oct 2015 → …

Other

OtherWorkshop on Secure Web Service, SWS 2004
CountryUnited States
CityFairfax
Period29/10/15 → …

Fingerprint

Semantics
Industry
XML
Websites
Information systems
Internet

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Yu, T., Li, N., & Antón, A. I. (2015). A formal semantics for P3P. In Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004 (pp. 1-8). Association for Computing Machinery, Inc. https://doi.org/10.1145/1111348.1111349

A formal semantics for P3P. / Yu, Ting; Li, Ninghui; Antón, Annie I.

Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004. Association for Computing Machinery, Inc, 2015. p. 1-8.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Yu, T, Li, N & Antón, AI 2015, A formal semantics for P3P. in Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004. Association for Computing Machinery, Inc, pp. 1-8, Workshop on Secure Web Service, SWS 2004, Fairfax, United States, 29/10/15. https://doi.org/10.1145/1111348.1111349
Yu T, Li N, Antón AI. A formal semantics for P3P. In Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004. Association for Computing Machinery, Inc. 2015. p. 1-8 https://doi.org/10.1145/1111348.1111349
Yu, Ting ; Li, Ninghui ; Antón, Annie I. / A formal semantics for P3P. Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004. Association for Computing Machinery, Inc, 2015. pp. 1-8
@inproceedings{57ac24c288cb422191c34fce87a21d09,
title = "A formal semantics for P3P",
abstract = "The Platform for Privacy Preferences (P3P), developed by the W3C, provides an XML-based language for websites to encode their datacollection and data-use practices in a machine-readable form. To fully deploy P3P in enterprise information systems and over the Web, a well-defined semantics for P3P policies is a must, which is lacking in the current P3P framework. Without a formal semantics, a P3P policy may be semantically inconsistent and may be interpreted and represented differently by different user agents; it is difficult to determine whether a P3P policy is indeed enforced by an enterprise; and privacy policies from different corporations cannot be formally compared before information exchange. In this paper, we propose a relational formal semantics for P3P policies, which precisely and intuitively models the relationships between different components of P3P statements (i.e., collected data items, purposes, recipients and retentions) during online information collection. The proposed formal semantics is an important step towards improving P3P, making it more appropriate to be integrated with business practice and ultimately accelerating the large-scale adoption of P3P across the Internet.",
author = "Ting Yu and Ninghui Li and Ant{\'o}n, {Annie I.}",
year = "2015",
month = "10",
day = "29",
doi = "10.1145/1111348.1111349",
language = "English",
isbn = "158113973X",
pages = "1--8",
booktitle = "Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - A formal semantics for P3P

AU - Yu, Ting

AU - Li, Ninghui

AU - Antón, Annie I.

PY - 2015/10/29

Y1 - 2015/10/29

N2 - The Platform for Privacy Preferences (P3P), developed by the W3C, provides an XML-based language for websites to encode their datacollection and data-use practices in a machine-readable form. To fully deploy P3P in enterprise information systems and over the Web, a well-defined semantics for P3P policies is a must, which is lacking in the current P3P framework. Without a formal semantics, a P3P policy may be semantically inconsistent and may be interpreted and represented differently by different user agents; it is difficult to determine whether a P3P policy is indeed enforced by an enterprise; and privacy policies from different corporations cannot be formally compared before information exchange. In this paper, we propose a relational formal semantics for P3P policies, which precisely and intuitively models the relationships between different components of P3P statements (i.e., collected data items, purposes, recipients and retentions) during online information collection. The proposed formal semantics is an important step towards improving P3P, making it more appropriate to be integrated with business practice and ultimately accelerating the large-scale adoption of P3P across the Internet.

AB - The Platform for Privacy Preferences (P3P), developed by the W3C, provides an XML-based language for websites to encode their datacollection and data-use practices in a machine-readable form. To fully deploy P3P in enterprise information systems and over the Web, a well-defined semantics for P3P policies is a must, which is lacking in the current P3P framework. Without a formal semantics, a P3P policy may be semantically inconsistent and may be interpreted and represented differently by different user agents; it is difficult to determine whether a P3P policy is indeed enforced by an enterprise; and privacy policies from different corporations cannot be formally compared before information exchange. In this paper, we propose a relational formal semantics for P3P policies, which precisely and intuitively models the relationships between different components of P3P statements (i.e., collected data items, purposes, recipients and retentions) during online information collection. The proposed formal semantics is an important step towards improving P3P, making it more appropriate to be integrated with business practice and ultimately accelerating the large-scale adoption of P3P across the Internet.

UR - http://www.scopus.com/inward/record.url?scp=84954090557&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84954090557&partnerID=8YFLogxK

U2 - 10.1145/1111348.1111349

DO - 10.1145/1111348.1111349

M3 - Conference contribution

SN - 158113973X

SN - 9781581139730

SP - 1

EP - 8

BT - Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004

PB - Association for Computing Machinery, Inc

ER -