P3P und dessen Erweiterungsmöglichkeiten Abgleich von Datenschutzpraktiken/-präferenzen am Beispiel des Lufthansa AG Intranets

Meyer, Bhakti

Unknown Date

Univ., Diplomarbeit, 2002--Frankfurt (Main)

Deutsche Lufthansa P3P Intranet

Improving understanding of website privacy policies

Levy, Stephen Eric

24 January 2005

Machine-readable privacy policies have been developed to help reduce user effort in understanding how websites will use personally identifiable information (PII). The goal of these policies is to enable the user to make informed decisions about the disclosure of personal information in web-based transactions. However, these privacy policies are complex, requiring that a user agent evaluate conformance between the users privacy preferences and the sites privacy policy, and indicate this conformance information to the user. The problem addressed in this thesis is that even with machine-readable policies and current user agents, it is still difficult for users to determine the cause and origin of a conflict between privacy preferences and privacy policies. The problem arises partly because current standards operate at the page level: they do not allow a fine-grained treatment of conformance down to the level of a specific field in a web form. In this thesis the Platform for Privacy Preferences (P3P) is extended to enable field-level comparisons, field-specific conformance displays, and faster access to additional field-specific conformance information. An evaluation of a prototype agent based on these extensions showed that they allow users to more easily understand how the website privacy policy relates to the users privacy preferences, and where conformance conflicts occur.

Usability

Human-Computer Interaction

P3P

Privacy

E-commerce

Improving understanding of website privacy policies

Levy, Stephen Eric

24 January 2005

Machine-readable privacy policies have been developed to help reduce user effort in understanding how websites will use personally identifiable information (PII). The goal of these policies is to enable the user to make informed decisions about the disclosure of personal information in web-based transactions. However, these privacy policies are complex, requiring that a user agent evaluate conformance between the users privacy preferences and the sites privacy policy, and indicate this conformance information to the user. The problem addressed in this thesis is that even with machine-readable policies and current user agents, it is still difficult for users to determine the cause and origin of a conflict between privacy preferences and privacy policies. The problem arises partly because current standards operate at the page level: they do not allow a fine-grained treatment of conformance down to the level of a specific field in a web form. In this thesis the Platform for Privacy Preferences (P3P) is extended to enable field-level comparisons, field-specific conformance displays, and faster access to additional field-specific conformance information. An evaluation of a prototype agent based on these extensions showed that they allow users to more easily understand how the website privacy policy relates to the users privacy preferences, and where conformance conflicts occur.

Usability

Human-Computer Interaction

P3P

Privacy

E-commerce

Improving understanding of website privacy policies

2004 August 1900

Machine-readable privacy policies have been developed to help reduce user effort in understanding how websites will use personally identifiable information (PII). The goal of these policies is to enable the user to make informed decisions about the disclosure of personal information in web-based transactions. However, these privacy policies are complex, requiring that a user agent evaluate conformance between the user’s privacy preferences and the site’s privacy policy, and indicate this conformance information to the user. The problem addressed in this thesis is that even with machine-readable policies and current user agents, it is still difficult for users to determine the cause and origin of a conflict between privacy preferences and privacy policies. The problem arises partly because current standards operate at the page level: they do not allow a fine-grained treatment of conformance down to the level of a specific field in a web form. In this thesis the Platform for Privacy Preferences (P3P) is extended to enable field-level comparisons, field-specific conformance displays, and faster access to additional field-specific conformance information. An evaluation of a prototype agent based on these extensions showed that they allow users to more easily understand how the website privacy policy relates to the user’s privacy preferences, and where conformance conflicts occur.

Usability

Human-Computer Interaction

P3P

Privacy

E-commerce

Protection des données personnelles côté utilisateur dans le e-commerce / Personal user data protection in the e-commerce

Dari Bekara, Kheira

18 December 2012

L’informatique et Internet en particulier favorisent grandement la collecte de données à l'insu de l'utilisateur, leur divulgation à des tiers et le croisement des données. La densité des activités humaines dans le monde numérique constitue donc un terrain fertile pour de potentielles atteintes à la vie privée des utilisateurs. Les présents travaux examinent d'abord le contexte légal de la protection de la vie privée, ainsi que les divers moyens informatiques destinés à la protection des données personnelles. Il en ressort un besoin de solutions centrées utilisateur, lui donnant davantage de contrôle sur ses données personnelles. Dans cette perspective, nous analysons le cadre légal français et européen pour en tirer des axes de protection. Nous spécifions ensuite les contraintes tirées de ces axes, en proposant de les introduire dans les modèles de politiques de sécurité existants. Ainsi, nous suggérons l’application d’un seul modèle pour le contrôle d’accès et la protection de la vie privée. Le modèle de contrôle d’accès doit être étendu par de nouvelles conditions et paramètres d’accès. Pour cela, nous définissons le langage XPACML (eXtensible Privacy aware Access Control Markup Language) conçu sur la base d’extensions apportées au modèle de contrôle d’accès XACML. Placés dans un contexte E-Commerce, nous avons défini un modèle sémantique permettant de représenter les contextes liés aux différentes transactions électroniques. Ainsi nous avons pu effectuer une génération dynamique des politiques XPACML en fonction du contexte en cours. A la quête d’une protection étendue des données personnelles, nous avons consacré la dernière partie de nos travaux aux négociations possibles qui peuvent être effectuées entre un utilisateur et un fournisseur de service. Ainsi nous avons proposé deux protocoles. Le premier porte sur la négociation des termes et conditions des politiques de protection des données, alors que le deuxième porte sur la négociation des données à dévoiler elles mêmes / Informatics and Internet in particular favor largely the collection of data without user permission, their disclosure to third parties and their cross-analysis. The density of the human activities in the digital world thus constitutes a fertile ground for potential invasions of privacy of the users. Our works examine first the legal context of privacy protection, as well as the diverse computing means intended for the protection of personal data. A need for user centered solutions emerges, giving him/her more control over his/her personal data. In this perspective, we analyze European and French privacy legislation to extract data protection axis. Then we specify the constraints related to these axes, and we introduce them in existing security policy models. Thus we suggest the application of one model for both access control and privacy protection. The access control model should be extended by new privacy related conditions and parameters. To do so, we define the language XPACML (eXtensible Privacy aware Access Control Markup Language) based on XACML and new privacy extensions. Placed in an E-commerce context, we define a semantic model allowing to represent various electronic transactions contexts, and leading to a dynamic generation of context- aware XPACML policies. Looking for a vast protection of the personal data, we dedicate the last part of our works to the possible negotiations which can be made between a user and a service provider. Two protocols are proposed. The first one permits the negotiation of the terms and the conditions of data protection policies, while the second permits the negotiation of the requested data themselves

Vie privée

E-commerce

Données personnelles

Protection des données

XPACML

Négociation de politiques

P3P

Théorie des jeux

Privacy

E-commerce

Personal data

Data protection

XPACML

Policies negociation

P3P

Game theory

建構具有語意隱私偏好保護平臺 / Constructina a Semantics-Enabled P3P Privacy Protection

黃宏傑, Huang, Hung Chieh

Unknown Date

為了確保個人資料的隱私，本研究期望可以建構一個在主從式架構的環境中，利用語意網技術來改善現有的個人隱私偏好平臺(P3P)。透過語意網中的本體論和規則的加入希望可以提昇個人隱私偏好平臺的正規語意，來實現具有語意的個人隱私保護規範架構，確保使用者不會有解讀錯誤的情況發生，讓網站的資料使用規範，可以更符合使用者的意圖，讓原本使用者需仔細詳讀的隱私規範書，可以透過一簡單的協議過程去加以簡化閱讀隱私規範書的步驟。 / In this study I’m going to build an environment with client-server architecture and utilize Semantic Web Technology to improve the existing platform for privacy preferences (P3P) in order to ensure the privacy of personal information. With the ontology and rules of Semantic Web hopefully it will upgrade personal privacy preferences formal semantics to achieve the semantic of personal privacy protection framework to ensure that users will not misunderstand. The usage of web site information can be more in line with the user's intentions, so that the original user were required to carefully read the privacy specification can be implemented through a simple process which simplified the steps of reading privacy specification.

語意網

個人隱私偏好平臺

Semantic Web

P3P

Policy Merger System for P3P in a Cloud Aggregation Platform

Olurin, Olumuyiwa

09 January 2013

The need for aggregating privacy policies is present in a variety of application areas today. In traditional client/server models, websites host services along with their policies in different private domains. However, in a cloud-computing platform where aggregators can merge multiple services, users often face complex decisions in terms of choosing the right services from service providers. In this computing paradigm, the ability to aggregate policies as well as services will be useful and more effective for users that are privacy conscious regarding their sensitive or personal information. This thesis studies the problems associated with the Platform for Privacy Preference (P3P) language, and the present issues with communicating and understanding the P3P language. Furthermore, it discusses some efficient strategies and algorithms for the matching and the merging processes, and then elaborates on some privacy policy conflicts that may occur after merging policies. Lastly, the thesis presents a tool for matching and merging P3P policies. If successful, the merge produces an aggregate policy that is consistent with the policies of all participating service providers.

P3P

Cloud Computing

XML Merger

Policy Languages

Privacy

XML

Privacy Policy

Aggregation Platform

Three-way Merge

Improvement of PNP Problem Computational Efficiency For Known Target Geometry of Cubesats

Hafer, William

2012 May 1900

This thesis considers the Perspective-N-Point (PNP) problem with orthogonal target geometry, as seen in the problem of cubesat relative navigation. Cubesats are small spacecraft often developed for research purposes and to perform missions in space at low cost. Sensor systems for cubesats have been designed that, by providing vector (equivalently line-of-sight, angle, and image plane) measurements, equate relative navigation to a PNP problem. Much study has been done on this problem, but little of it has considered the case where target geometry is known in advance, as is the case with cooperating cubesats. A typical constraint for cubesats, as well as other PNP applications, is processing resources. Therefore, we considered the ability to reduce processing burden of the PNP solution by taking advantage of the known target geometry. We did this by considering a specific P3P solver and a specific point-cloud correspondence (PCC) solver for disambiguating/improving the estimate, and modifying them both to take into account a known orthogonal geometry. The P3P solver was the Kneip solver, and the point-cloud-correspondence solver was the Optimal Linear Attitude Estimator (OLAE). We were able to achieve over 40% reduction in the computational time of the P3P solver, and around 10% for the PCC solver, vs. the unmodified solvers acting on the same problems. It is possible that the Kneip P3P solver was particularly well suited to this approach. Nevertheless, these findings suggest similar investigation may be worthwhile for other PNP solvers, if (1) processing resources are scarce, and (2) target geometry can be known in advance.

PNP problem

P3P problem

Known target geometry

WWW Privacy - P3P Platform of Privacy Preferencers

Foerster, Marian

10 July 2000

Gemeinsamer Workshop von Universitaetsrechenzentrum und Professur Rechnernetze und verteilte Systeme (Fakultaet fuer Informatik) der TU Chemnitz. Workshop-Thema: Infrastruktur der ¨Digitalen Universitaet¨ WWW Privacy - P3P Platform of Privacy Preferencers Der Vortrag soll einen Einblick in das z.Zt. noch in der Entwicklung stehenden Protokolls P3P des W3C geben. Dabei wird das Grundprinzip von P3P, einige technische Realisierungsmoeglichkeiten sowie ein Demo-Einkaufssystem vorgestellt.

Digitale Universitaet

WWW Privacy

Platform of Privacy Preferencers

Online Privatsphaere

ddc:004

P3P

Designing Privacy Notices: Supporting User Understanding and Control

Kelley, Patrick Gage

01 May 2013

Users are increasingly expected to manage complex privacy settings in their normal online interactions. From shopping to social networks, users make decisions about sharing their personal information with corporations and contacts, frequently with little assistance. Current solutions require customers to read long documents or go out of their way to manage complex settings buried deep in the management interfaces, all of which lead to little or no actual control. The goal of this work is to help people cope with the shifting privacy landscape. While our work looks at many aspects of how users make decisions regarding their privacy, this dissertation focuses on two specific areas: the current state of web privacy policies and mobile phone application permissions. We explored consumers' current understanding of privacy in these domains, and then used that knowledge to iteratively design and test more comprehensible information displays. These prototyped information displays should not be seen as final commercially-ready solutions, but as examples of privacy notices that can help users think about, cope with, and make decisions regarding their data privacy. We conclude with a series of design suggestions motivated by our findings.

privacy

notice

usability

user interfaces

security

mobile

policy

P3P

HCI

information design

Computer Sciences

Software Engineering