Week 7 slides


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Week 7 slides

  1. 1. Privacy Authorization Languages Week 7 - October 10, 12
  2. 2. Privacy languages serve many roles <ul><li>Specify organization’s privacy policy to end users and their agents </li></ul><ul><li>Specify users’ privacy preferences to users’ agent </li></ul><ul><li>Specify organization’s privacy policy to gatekeeper server that can approve or deny requests to access database </li></ul><ul><li>Specify policy associated with particular data elements to parties that buy or rent data </li></ul>
  3. 3. Can one privacy language do it all? <ul><li>Maybe… </li></ul><ul><li>But so far none have emerged </li></ul><ul><li>We’ve found over a dozen privacy languages (including several access control and rule languages used for privacy applications) </li></ul><ul><li>Languages have different audiences, specify policies at different levels of granularity, and have different strengths and weaknesses </li></ul>
  4. 4. User privacy preferences <ul><li>P3P 1.0 agents may (optionally) take action based on user preferences </li></ul><ul><ul><li>Users should not have to trust privacy defaults set by software vendors </li></ul></ul><ul><ul><li>User agents that can read APPEL (A P3P Preference Exchange Language) files can offer users a number of canned choices developed by trusted organizations </li></ul></ul><ul><ul><li>Preference editors allow users to adapt existing preferences to suit own tastes, or create new preferences from scratch </li></ul></ul><ul><ul><li>For more info on APPEL see http://www.w3.org/TR/WD-P3P-preferences or Chapter 13 in Web Privacy with P3P </li></ul></ul>
  5. 5. APPEL rule <ul><li><appel:RULE behavior=&quot;limited&quot; prompt=&quot;yes&quot; </li></ul><ul><li>description=&quot;Warning! Data may be shared.&quot;> </li></ul><ul><li>< p3p: POLICY> </li></ul><ul><li>< p3p: STATEMENT> </li></ul><ul><li>< p3p: RECIPIENT appel:connective=&quot;or&quot; > </li></ul><ul><li>< p3p: same/> </li></ul><ul><li>< p3p: other-recipient/> </li></ul><ul><li>< p3p: public/> </li></ul><ul><li>< p3p: unrelated/> </li></ul><ul><li></ p3p: RECIPIENT> </li></ul><ul><li></ p3p: STATEMENT> </li></ul><ul><li></ p3p: POLICY> </li></ul><ul><li></appel:RULE> </li></ul>Behavior - request - block - limited description connective - or - and - non-or - non-and - and-exact - or-exact pattern
  6. 6. What does this APPEL ruleset do? <ul><li> <?xml version=&quot;1.0&quot;?> </li></ul><ul><li><appel:RULESET xmlns:appel=&quot;http://www.w3.org/2001/02/APPELv1&quot; </li></ul><ul><li> xmlns:p3p=http://www.w3.org/2000/12/P3Pv1 crtdby=&quot;Lorrie Cranor&quot; > </li></ul><ul><li><appel:RULE behavior=&quot;limited&quot; description=”WHAT DOES IT DO?&quot; > </li></ul><ul><li><p3p:POLICY > </li></ul><ul><li><p3p:STATEMENT > </li></ul><ul><li><p3p:PURPOSE appel:connective=&quot;or&quot;> </li></ul><ul><li><p3p:contact required=&quot;opt-out&quot; /> </li></ul><ul><li><p3p:telemarketing required=&quot;opt-out&quot; /> </li></ul><ul><li><p3p:contact required=&quot;always&quot; /> </li></ul><ul><li><p3p:telemarketing required=&quot;always&quot; /> </li></ul><ul><li></p3p:PURPOSE> </li></ul><ul><li></p3p:STATEMENT> </li></ul><ul><li></p3p:POLICY> </li></ul><ul><li></appel:RULE> </li></ul><ul><li><appel:RULE behavior=&quot;request&quot; > </li></ul><ul><li><appel:OTHERWISE /> </li></ul><ul><li></appel:RULE> </li></ul><ul><li></appel:RULESET> </li></ul>
  7. 7. APPEL question in HW7 <ul><li>What are your personal privacy preferences? </li></ul><ul><ul><li>a) First express them in English as a set of 3 to 5 rules. For example one rule might be &quot;I don't want companies to share my data.&quot; If you can't capture all of your privacy preferences in 5 rules, just write down the 5 rules you consider most important. </li></ul></ul><ul><ul><li>b) Translate your rules into P3P vocabulary elements (for example, the above rule would translate to &quot;RECIPIENT=ours&quot;) </li></ul></ul><ul><ul><li>c) Create an APPEL ruleset that represents your set of 3 to 5 privacy preference rules (plus a catch-all rule) </li></ul></ul>
  8. 8. Microsoft privacy template language <ul><li>See Appendix D of Web Privacy with P3P </li></ul><ul><ul><li>http://msdn.microsoft.com/library/default.asp?url=/workshop/security/privacy/overview/privacyimportxml.asp </li></ul></ul><ul><li>Specifies rules for user agents to handle various types of cookies </li></ul><ul><li>Based on P3P compact policy tokens </li></ul><ul><li>Allows policies for specific web sites </li></ul>
  9. 9. Microsoft example <ul><li><MSIEPrivacy><MSIEPrivacySettings formatVersion=&quot;6&quot;> </li></ul><ul><li><p3pCookiePolicy zone=&quot;internet&quot;> </li></ul><ul><li><firstParty noPolicyDefault=&quot;reject&quot; noRuleDefault=&quot;accept&quot; alwaysAllowSession=&quot;yes&quot;> </li></ul><ul><li><if expr=&quot;TEL&quot; action=&quot;reject&quot;></if> </li></ul><ul><li><if expr=&quot;FIN,CON&quot; action=&quot;forceSession&quot;></if> </li></ul><ul><li><if expr=&quot;FIN,CONa&quot; action=&quot;forceSession&quot;></if> </li></ul><ul><li><if expr=&quot;GOV,PUB&quot; action=&quot;forceSession&quot;></if> </li></ul><ul><li></firstParty> </li></ul><ul><li><thirdParty noPolicyDefault=&quot;accept&quot; noRuleDefault=&quot;accept&quot; alwaysAllowSession=&quot;yes&quot;> </li></ul><ul><li></thirdParty> </li></ul><ul><li></p3pCookiePolicy> </li></ul><ul><li><alwaysReplayLegacy/> </li></ul><ul><li></MSIEPrivacySettings> </li></ul><ul><li><MSIESiteRules formatVersion=&quot;6&quot;> </li></ul><ul><li><site domain=&quot;www.BlueYonderAirlines.com&quot; </li></ul><ul><li>action=&quot;accept&quot;> </li></ul><ul><li></site> </li></ul><ul><li></MSIESiteRules></MSIEPrivacy> </li></ul>
  10. 10. EPAL <ul><li>Enterprise Privacy Authorization Language </li></ul><ul><li>Developed by IBM, submitted to W3C </li></ul><ul><li>Allows enterprises to develop granular rules to check whether data access is authorized </li></ul><ul><li>Similar to P3P syntax but not identical </li></ul><ul><li>Includes </li></ul><ul><ul><li>Data-categories </li></ul></ul><ul><ul><li>User-categories - administrators, doctors, etc. </li></ul></ul><ul><ul><li>Purposes </li></ul></ul><ul><ul><li>Actions - disclose, read, etc. </li></ul></ul><ul><ul><li>Obligations - delete after 30 days, get consent, etc. </li></ul></ul><ul><ul><li>Conditions - user category = doctor </li></ul></ul><ul><li>Allow and deny rules </li></ul><ul><li>http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/ </li></ul>
  11. 11. Announcements <ul><li>Bring laptop (with wireless card if possible) to class on Wednesday </li></ul><ul><li>Project proposal due Oct 19 </li></ul><ul><li>Homework 7/8 due Oct 26 </li></ul>
  12. 12. Homework 4 Discussion <ul><li>http://lorrie.cranor.org/courses/fa05/hw4.html </li></ul><ul><li>Privacy software reviews </li></ul><ul><li>Why do sites use web bugs? </li></ul>
  13. 13. Homework 5 Discussion <ul><li>http://lorrie.cranor.org/courses/fa05/hw5.html </li></ul><ul><li>Similarities and differences of P3P user agents </li></ul><ul><li>What did you like or dislike about them? </li></ul><ul><li>Experience creating bank P3P policies </li></ul>