CW 539

Girma Nigusse, Bart De Decker
Capabilities and limitations of P3P

Abstract

In the last years, various privacy protection organizations formulate fair data practice principles, guidelines, model codes, and legislation [HEW73] [Ass95] [eu995] [Nat90] [PWG95] [oCPtN95], [AEC05]. Following that, a number of privacy policy creation, communication, and enforcement languages, such as P3P [CLM+02], XACML [Mos05], EPAL [AHK+03], and APPEL [Lan98], have been developed to address the notions of these formulations. However, there is a lack of an in-depth assessment on the capabilities and limitations of these policy languages based on the fair data practice formulations. Hence, this report compares and contrasts four well formulated fair data practice principles and introduces comprehensive yet generic fair data practice requirements. Using these requirements the report makes an in-depth analysis on the capabilities and limitations of the P3P policy language. Also motivates the use of these requirements to analyze the capabilities and limitations of other privacy policy languages.

report.pdf (827K) / mailto: B. De Decker