XPref: a preference language for P3P

Authors:
Rakesh Agrawal;Jerry Kiernan;Ramakrishnan Srikant;Yirong Xu
Affiliations:
IBM Almaden Research Center, 650 Harry Road, San Jose, CA 95120, USA;IBM Almaden Research Center, 650 Harry Road, San Jose, CA 95120, USA;IBM Almaden Research Center, 650 Harry Road, San Jose, CA 95120, USA;IBM Almaden Research Center, 650 Harry Road, San Jose, CA 95120, USA
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Year:
2005

Citing 7
Cited 6

Privacy-preserving data mining

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Privacy preserving mining of association rules

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Web Privacy with P3p

Web Privacy with P3p
Information sharing across private databases

Proceedings of the 2003 ACM SIGMOD international conference on Management of data
On the value of private information

TARK '01 Proceedings of the 8th conference on Theoretical aspects of rationality and knowledge
Hippocratic databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Watermarking relational databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases

Privacy-enhanced user-centric identity management

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A pervasive P3P-based negotiation mechanism for privacy-aware pervasive e-commerce

Decision Support Systems
Survey Paper: A survey on policy languages in network and security management

Computer Networks: The International Journal of Computer and Telecommunications Networking
Enhancing privacy in cloud computing via policy-based obfuscation

The Journal of Supercomputing
Understanding privacy policies

Empirical Software Engineering
A Web Architecture Based on Physical Data Separation Supporting Privacy Protection in Medical Research

International Journal of Reliable and Quality E-Healthcare

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Platform for Privacy Preferences (P3P) is the most significant effort currently underway to enable web users to gain control over their private information. The designers of P3P simultaneously designed a preference language called APPEL to allow users to express their privacy preferences, thus enabling automatic matching of privacy preferences against P3P policies. Unfortunately, subtle interactions between P3P and APPEL result in serious problems when using APPEL: users can only directly specify what is unacceptable in a policy, not what is acceptable; simple preferences are hard to express; and writing APPEL preferences is error prone. We show that these problems follow from a fundamental design choice made by APPEL and cannot be solved without completely redesigning the language. Therefore, we explore alternatives to APPEL that can overcome these problems. In particular, we show that XPath serves quite nicely as a preference language and solves all the above problems. We identify the minimal subset of XPath that is needed, thus allowing matching programs to potentially use a smaller memory footprint. We also give an APPEL to XPath translator that shows that XPath is as expressive as APPEL.