Enhancing Web Privacy with Policy Language and Trust
May 10, 2004
The Platform for Privacy Preferences (P3P) is a W3C standard that web sites can use to describe their privacy practices. The presence of P3P policies enables users to configure web browsers to constrain what they can and cannot do when visiting sites. It's a good idea that unfortunately is rarely used. We identify two reasons: (i) the languages available to define a user's privacy preferences are not expressive enough and (ii) most web sites do not have published P3P policies. We present enhancements to P3P that use semantic web languages and models of trust to help solve both of these problems. We propose the use of the RDF-based Rei policy language to specify user privacy preferences through an ontological representation of user requirements. We also introduce a new trust model to capture trust between users and websites, as it relates to privacy practices. This model incorporates attributes of a website, which we term as web evaluation statements as they provide a metric for quantifying the trust with the website. This trust can also be used in making privacy decisions. We show how our proposed architecture is effective even in the absence of published P3P policies. Finally, we present use cases to demonstrate the relevance of our work to the current web privacy landscape and offer it as a powerful enhancement that can promote P3P's adoption and use.
MastersThesis
UMBC Master's thesis
Downloads: 4753 downloads