Keywords
privacy policy, P3P, negotiation protocol
Abstract
Privacy policy languages, such as P3P, allow websites to publish their privacy practices and policies in machine readable form. Currently, software agents designed to protect users’ privacy follow a “take it or leave it” approach that is inflexible and gives the server ultimate control. Privacy policy negotiation is one approach to leveling the playing field by allowing a client to negotiate with a server to determine how that server collects and uses the client’s data. We present a privacy policy negotiation protocol, “Or Best Offer”, that includes a formal model for specifying privacy preferences and reasoning about privacy policies. The protocol is guaranteed to terminate within three rounds of negotiation while producing policies that are Pareto-optimal, and thus fair to both the client and the server.
Original Publication Citation
D. D. Walker, E. G. Mercer, and K. E. Seamons, "Or Best Offer: A Privacy Policy Negotiation Protocol", in Proceedings of IEEE Workshop on Policies for Distributed Systems and Networks (IEEE POLICY), Palisades, NY, June 28.
BYU ScholarsArchive Citation
Mercer, Eric G.; Seamons, Kent E.; and Walker, Daniel D., "Or Best Offer: A Privacy Policy Negotiation Protocol" (2008). Faculty Publications. 183.
https://scholarsarchive.byu.edu/facpub/183
Document Type
Peer-Reviewed Article
Publication Date
2008-06-01
Permanent URL
http://hdl.lib.byu.edu/1877/2357
Publisher
IEEE
Language
English
College
Physical and Mathematical Sciences
Department
Computer Science
Copyright Status
© 2008 Institute of Electrical and Electronics Engineers
Copyright Use Information
http://lib.byu.edu/about/copyright/