Your SlideShare is downloading. ×
0
slides
slides
slides
slides
slides
slides
slides
slides
slides
slides
slides
slides
slides
slides
slides
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

slides

201

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
201
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Privacy Policy Management October 11, 2007
  • 2. Privacy & security policy management <ul><li>http://projects.cerias.purdue.edu/ocrproj/ </li></ul><ul><li>Today many organizations have ad hoc policies </li></ul><ul><ul><li>Difficult to enforce reliably </li></ul></ul><ul><li>Policy management frameworks promote consistent policy enforcement </li></ul><ul><li>Components </li></ul><ul><ul><li>Policy authoring </li></ul></ul><ul><ul><li>Policy conflict/gap detection/resolution </li></ul></ul><ul><ul><li>Policy enforcement </li></ul></ul><ul><ul><li>Policy communication </li></ul></ul><ul><ul><li>Policy composition and comparison (combining multiple policies) </li></ul></ul>
  • 3. Privacy languages serve many roles <ul><li>Specify organization’s privacy policy to end users and their agents </li></ul><ul><li>Specify users’ privacy preferences to users’ agent </li></ul><ul><li>Specify organization’s privacy policy to gatekeeper server that can approve or deny requests to access database </li></ul><ul><li>Specify policy associated with particular data elements to parties that buy or rent data </li></ul>
  • 4. Can one privacy language do it all? <ul><li>Maybe… </li></ul><ul><li>But so far none have emerged </li></ul><ul><li>We’ve found over a dozen privacy languages (including several access control and rule languages used for privacy applications) </li></ul><ul><li>Languages have different audiences, specify policies at different levels of granularity, and have different strengths and weaknesses </li></ul>
  • 5. Privacy Languages <ul><li>A P3P Preference Exchange Language (APPEL) </li></ul><ul><li>Alliance Identity - Web Services Framework (ID - WSF) </li></ul><ul><li>Customer Profile Exchange (CPExchange) </li></ul><ul><li>Declarative Privacy Authorization Language (DPAL) </li></ul><ul><li>Enterprise Privacy Authorization Language (EPAL) </li></ul><ul><li>eXtensible Access Control Markup Language (XACML) </li></ul><ul><li>GEOPRIV </li></ul><ul><li>Platform for Enterprise Privacy Practices (E-P3P) </li></ul><ul><li>Platform for Privacy Preferences (P3P) </li></ul><ul><li>Privacy Rights Markup Language (PRML) </li></ul><ul><li>Privacy Template </li></ul><ul><li>Security Assertion Markup Language (SAML) </li></ul><ul><li>XML Access Control Language (XACL) </li></ul><ul><li>X-Path Based Preference Langauage (XPref) </li></ul>
  • 6. Genealogy of languages
  • 7. EPAL <ul><li>Enterprise Privacy Authorization Language </li></ul><ul><li>Developed by IBM, submitted to W3C </li></ul><ul><li>Allows enterprises to develop granular rules to check whether data access is authorized </li></ul><ul><li>Similar to P3P syntax but not identical </li></ul><ul><li>Includes </li></ul><ul><ul><li>Data-categories </li></ul></ul><ul><ul><li>User-categories - administrators, doctors, etc. </li></ul></ul><ul><ul><li>Purposes </li></ul></ul><ul><ul><li>Actions - disclose, read, etc. </li></ul></ul><ul><ul><li>Obligations - delete after 30 days, get consent, etc. </li></ul></ul><ul><ul><li>Conditions - user category = doctor </li></ul></ul><ul><li>Allow and deny rules </li></ul><ul><li>http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/ </li></ul>
  • 8. User privacy preferences <ul><li>P3P 1.0 agents may (optionally) take action based on user preferences </li></ul><ul><ul><li>Users should not have to trust privacy defaults set by software vendors </li></ul></ul><ul><ul><li>User agents that can read APPEL (A P3P Preference Exchange Language) files can offer users a number of canned choices developed by trusted organizations </li></ul></ul><ul><ul><li>Preference editors allow users to adapt existing preferences to suit own tastes, or create new preferences from scratch </li></ul></ul><ul><ul><li>For more info on APPEL see http://www.w3.org/TR/WD-P3P-preferences or Chapter 13 in Web Privacy with P3P </li></ul></ul>
  • 9. Microsoft privacy template language <ul><li>See Appendix D of Web Privacy with P3P </li></ul><ul><ul><li>http://msdn.microsoft.com/library/default.asp?url=/workshop/security/privacy/overview/privacyimportxml.asp </li></ul></ul><ul><li>Specifies rules for user agents to handle various types of cookies </li></ul><ul><li>Based on P3P compact policy tokens </li></ul><ul><li>Allows policies for specific web sites </li></ul>
  • 10. Microsoft example <ul><li><MSIEPrivacy><MSIEPrivacySettings formatVersion=&quot;6&quot;> </li></ul><ul><li><p3pCookiePolicy zone=&quot;internet&quot;> </li></ul><ul><li><firstParty noPolicyDefault=&quot;reject&quot; noRuleDefault=&quot;accept&quot; alwaysAllowSession=&quot;yes&quot;> </li></ul><ul><li><if expr=&quot;TEL&quot; action=&quot;reject&quot;></if> </li></ul><ul><li><if expr=&quot;FIN,CON&quot; action=&quot;forceSession&quot;></if> </li></ul><ul><li><if expr=&quot;FIN,CONa&quot; action=&quot;forceSession&quot;></if> </li></ul><ul><li><if expr=&quot;GOV,PUB&quot; action=&quot;forceSession&quot;></if> </li></ul><ul><li></firstParty> </li></ul><ul><li><thirdParty noPolicyDefault=&quot;accept&quot; noRuleDefault=&quot;accept&quot; alwaysAllowSession=&quot;yes&quot;> </li></ul><ul><li></thirdParty> </li></ul><ul><li></p3pCookiePolicy> </li></ul><ul><li><alwaysReplayLegacy/> </li></ul><ul><li></MSIEPrivacySettings> </li></ul><ul><li><MSIESiteRules formatVersion=&quot;6&quot;> </li></ul><ul><li><site domain=&quot;www.BlueYonderAirlines.com&quot; </li></ul><ul><li>action=&quot;accept&quot;> </li></ul><ul><li></site> </li></ul><ul><li></MSIESiteRules></MSIEPrivacy> </li></ul>
  • 11. APPEL rule <ul><li><appel:RULE behavior=&quot;limited&quot; prompt=&quot;yes&quot; </li></ul><ul><li>description=&quot;Warning! Data may be shared.&quot;> </li></ul><ul><li>< p3p: POLICY> </li></ul><ul><li>< p3p: STATEMENT> </li></ul><ul><li>< p3p: RECIPIENT appel:connective=&quot;or&quot; > </li></ul><ul><li>< p3p: same/> </li></ul><ul><li>< p3p: other-recipient/> </li></ul><ul><li>< p3p: public/> </li></ul><ul><li>< p3p: unrelated/> </li></ul><ul><li></ p3p: RECIPIENT> </li></ul><ul><li></ p3p: STATEMENT> </li></ul><ul><li></ p3p: POLICY> </li></ul><ul><li></appel:RULE> </li></ul>Behavior - request - block - limited description connective - or - and - non-or - non-and - and-exact - or-exact pattern
  • 12. What does this APPEL ruleset do? <ul><li> <?xml version=&quot;1.0&quot;?> </li></ul><ul><li><appel:RULESET xmlns:appel=&quot;http://www.w3.org/2001/02/APPELv1&quot; </li></ul><ul><li> xmlns:p3p=http://www.w3.org/2000/12/P3Pv1 crtdby=&quot;Lorrie Cranor&quot; > </li></ul><ul><li><appel:RULE behavior=&quot;limited&quot; description=”WHAT DOES IT DO?&quot; > </li></ul><ul><li><p3p:POLICY > </li></ul><ul><li><p3p:STATEMENT > </li></ul><ul><li><p3p:PURPOSE appel:connective=&quot;or&quot;> </li></ul><ul><li><p3p:contact required=&quot;opt-out&quot; /> </li></ul><ul><li><p3p:telemarketing required=&quot;opt-out&quot; /> </li></ul><ul><li><p3p:contact required=&quot;always&quot; /> </li></ul><ul><li><p3p:telemarketing required=&quot;always&quot; /> </li></ul><ul><li></p3p:PURPOSE> </li></ul><ul><li></p3p:STATEMENT> </li></ul><ul><li></p3p:POLICY> </li></ul><ul><li></appel:RULE> </li></ul><ul><li><appel:RULE behavior=&quot;request&quot; > </li></ul><ul><li><appel:OTHERWISE /> </li></ul><ul><li></appel:RULE> </li></ul><ul><li></appel:RULESET> </li></ul>
  • 13. Creating APPEL rule sets <ul><li>Express your personal privacy preferences in English </li></ul><ul><ul><li>Example: &quot;I don't want companies to share my data.&quot; </li></ul></ul><ul><li>Translate your rules into P3P vocabulary elements </li></ul><ul><ul><li>Example: &quot;RECIPIENT=ours&quot; </li></ul></ul><ul><li>Create an APPEL ruleset that represents your privacy preference rules (plus a catch-all rule) </li></ul>
  • 14. Using APPEL to analyze P3P policies <ul><li>Toolkit for Automated Privacy Policy Analysis (TAPPA) </li></ul><ul><li>http://cups.cs.cmu.edu/tappa/ </li></ul>
  • 15. Homework 3 Discussion <ul><li>http://cups.cs.cmu.edu/courses/privpolawtech-fa07/hw/hw3.html </li></ul><ul><li>Web bugs - What are they used for? Do these uses raise privacy concerns? </li></ul><ul><li>P3P user agent critiques </li></ul>

×