This paper describes experiences gained from development of a fully compliant implementation of the W3C’s XML based P3P standard.
P3P aims to make privacy policies of web sites transparent for automated agents, and thereby to improve transactions of personal
data on the Internet. We look at some of the most important issues that have arisen from our development work, including problems
with the privacy preference standard, APPEL, before concentrating on issues related to end user assurance. We look at P3P
usage scenarios to show that the current P3P standard has weaknesses in this area. The paper then considers possible extensions
to P3P, which could provide greater assurance to end users and facilitate dispute resolution. In particular, we present an
overview of a way for increasing assurance of a privacy policy’s validity using signed XML.
Keywords privacy enhancing technologies - P3P - XML Digital Signatures - secure electronic commerce - transaction management - security verification
The views expressed in this paper are the authors’ own, and may not be taken in any way as representative of those of the
European Commission.