Upload
harvey-sherman
View
212
Download
0
Embed Size (px)
Citation preview
1
Summary of Intel’s P3P Summary of Intel’s P3P ImplementationImplementation
James M. WhiteJames M. WhiteConsumer e-Commerce Program ManagerConsumer e-Commerce Program ManagerIntel CorporationIntel Corporation
*Other names and brands may be claimed as the property of others.
How P3P fits with Intel’s How P3P fits with Intel’s privacy strategyprivacy strategy
Privacy Enhancing Privacy Enhancing Technologies (PETs)Technologies (PETs)
P3PP3PAnonymizersAnonymizersSecure e-mailSecure e-mail
Preemptive National Preemptive National Privacy LegislationPrivacy Legislation
Mandates noticeMandates notice and choice and choice
EducationEducation
BusinessesBusinessesand consumersand consumers
learn about laws, learn about laws, choices, and choices, and technologiestechnologies
Self-RegulationSelf-Regulation
Offers alternativeOffers alternativeconsumer paths forconsumer paths forquestions, issues,questions, issues,
and remediesand remedies
*Other names and brands may be claimed as the property of others.
Identify initial P3P deployment Identify initial P3P deployment target(s)target(s) Intel has diverse Web environment Intel has diverse Web environment
with a large number of serverswith a large number of servers We selected Web presence with most We selected Web presence with most
relevant impact and manageable relevant impact and manageable deployment cycledeployment cycle
Shop IntelShop IntelSMSM selected as first target selected as first target–Reaches consumer audienceReaches consumer audience–Collects significant personal information Collects significant personal information
from customersfrom customers
*Other names and brands may be claimed as the property of others.
Interpret corporate policy in Interpret corporate policy in P3P contextP3P context Determined how plain text policy Determined how plain text policy
maps to P3P specificationmaps to P3P specification Reviewed P3P elements carefullyReviewed P3P elements carefully Determined content to capture inDetermined content to capture in
–Full policyFull policy–Compact policyCompact policy
This was Intel’s “heavy lifting” for the This was Intel’s “heavy lifting” for the initial deploymentinitial deployment
*Other names and brands may be claimed as the property of others.
Choose a path: Single site-wide Choose a path: Single site-wide policy or multiple policiespolicy or multiple policies
Single P3P policySingle P3P policy AdvantagesAdvantages
– Easy to implementEasy to implement
– Easy to maintainEasy to maintain
DisadvantageDisadvantage– May over- or under-May over- or under-
position information position information collected for a given collected for a given location on your sitelocation on your site
Multiple P3P policiesMultiple P3P policies AdvantagesAdvantages
– Gives customers policy Gives customers policy related to personal related to personal information on specific information on specific pagespages
DisadvantagesDisadvantages– Requires translation of Requires translation of
written policy at lower written policy at lower levelslevels
– More difficult to deploy More difficult to deploy and maintain, especially and maintain, especially with multiple servers with multiple servers and Web authorsand Web authors
Intel’spath
*Other names and brands may be claimed as the property of others.
Create policy contentCreate policy content
One non-technical person created One non-technical person created policy content in “spare” timepolicy content in “spare” time
Used tools available from IBM and Used tools available from IBM and Microsoft to author XML and Compact Microsoft to author XML and Compact Policy stringPolicy string
Initial content authoring of a few Initial content authoring of a few hours, then a few more hours of hours, then a few more hours of review and tweakingreview and tweaking
*Other names and brands may be claimed as the property of others.
Review and testReview and test
Reviewed and cross-checked policy Reviewed and cross-checked policy selections from legal perspectiveselections from legal perspective
Deployed initial policy on test serversDeployed initial policy on test servers Checked for stability/reliabilityChecked for stability/reliability Tested with Micrsoft* IE6 BetaTested with Micrsoft* IE6 Beta
*Other names and brands may be claimed as the property of others.
DeployDeploy
Made compact policy addition to http Made compact policy addition to http headers on front-end serversheaders on front-end servers
Deployed final XML policy in specified Deployed final XML policy in specified “well-known location” (/w3c/p3p.xml)“well-known location” (/w3c/p3p.xml)
We’ve been running smoothly ever We’ve been running smoothly ever sincesince
*Other names and brands may be claimed as the property of others.
Current P3P status for IntelCurrent P3P status for Intel
Corporate site P3P implementation Corporate site P3P implementation owner identifiedowner identified
Ratifying P3P test, deployment, and Ratifying P3P test, deployment, and ongoing maintenance process ongoing maintenance process
Preparing to deploy P3P throughout Preparing to deploy P3P throughout Intel.comIntel.com
*Other names and brands may be claimed as the property of others.
SummarySummary
P3P is one piece of Intel’s privacy P3P is one piece of Intel’s privacy strategystrategy
Most time spent interpreting existing Most time spent interpreting existing policy in P3P contextpolicy in P3P context
Deployment was simple with single-Deployment was simple with single-policy pathpolicy path
Performance impact negligiblePerformance impact negligible See it in action at See it in action at www.intel.com/shopwww.intel.com/shop