Well that is the major story this month but you may say what is the Platform for Privacy Preferences (P3P). P3P is a W3C project aimed at allowing users to exercise preferences over what a Web site does with the information provided to it by them. At one level it is just an extension of HTTP 1.1 that allows structured data to be exchanged between you and a Web site but when you go down a level it is a way of describing the practices of the web site and the preferences of the user. It adds an extra stage to the dialogue when you first visit a site:
On subsequent visits all you need to do is send the PUID and the site will recognise the terms and conditions under which the agreement has been reached and respond accordingly.
Does it sound a bit like cookies? Well the answer is Yes and No. Many Web sites currently use HTTP cookies to develop some relationship with you. When you visit their Web site they will send back a cookie and if you accept it then on a subsequent visit they will be able to identify you. the way most browsers currently work, you are probably unaware of the hundreds of cookies sitting on your computer that have been put there by various web sites. With P3P you will have a lot more control over what is taking place.
As you would expect P3P is defined as an XML application based on RDF. Information about the user is divided into a number of classes such as physical contact information (address, phone number), online contact information (email address), demographic information (sex, age etc), preference data (likes Jazz and favourite colour is lime green) and financial information (your Visa number).
The site also needs a vocabulary to define its policy. For example RAL might have a policy:
Well all of this has to be put together into a set of RDF statements and they don't look too good. Here is a fragment:
<PROP> <USES> <STATEMENT VOC:purp ="1" VOC:recpnt ="0" VOC:id ="0"> <DATA:REF name ="Web.Abstract.ClientClickStream"/> </STATEMENT> </USES> </PROP>
All very daunting. This proposal relates to click stream information that is collected without your knowing. The XML nameset VOC is the P3P Harmonised Vocabulary and something like purp is the purpose that the site is going to do with the data and a value of 1 indicates that it will be used for web site administration. A value of 2 would have indicated that it was going to be used for customising the output that they sent you. The attribute recpnt says who else you are going to give the information to. luckily the value zero stands for just us. A value of 3 would have meant anybody in the world would be given it!
There will be a similar proposal about what they do with the information that you type in on request. Either with the initial request or subsequently you will also have been making the site aware of your preferences.
So let us get back to the Patent. The Intermind Patent (U.S Patent No. 5,862,325) claims rights in certain techniques of controlling interactions between clients and servers, especially with respect to the exchange of personal information. Much of the Internet is based on such technologies and so the assertion of proprietary rights in this field had a chilling effect on the Web community in general and P3P in particular. So the last six months or so has been spent seeing if P3P did infringe this patent. The patent document is quite large and the language is not that easy to understand. The patent talks about communications objects used as control structures to direct client-server interactions. These control structures use object-oriented programming techniques to transfer both executable program instructions and associated metadata from client to server.
W3C's patent attorney Barry Rein concluded that P3P did not use control structures for the user profile file or the site proposal in the way defined in the patent. W3C also got over 100 responses from members giving information some with an indication that this idea had been around prior to Intermind's patent. When you get round to it, sending a Form back via HTTP and the name of the program to process it is pretty close to the Intermind patent. Similarly cookies were around before the Intermind patent (prior art is the term) and this is acknowledged by Intermind.
A full analysis is given at:
http://www.w3.org/TR/P3P-analysis
It now looks as though progress will resume on P3P with a Recommendation due in the New Year.
There was a BCS OOPS Event at IBM South Bank on 24 October 1999 all around XML. Bob Hopgood from RAL with Simon Nicholson of OASIS gave an Overview of the history behind XML. The event then split into streams with Adrian Rivers and Daniel Rivers Moore giving a Workshop on XML while topics such as XML Vocabularies and specialist XML DTDs were covered in other sessions. Nathan Sowatskey gave a good overview of where Financial XML Technologies were going.
For those interested in Web History, it is beginning to look like London buses! For ages there are none then three arrive almost together. Due out soon are:
Tim's book is already out in the USA and rumours have it that it gives a great insight into the early days. Jim Clark's book has got a mixed reception. Robert is still writing his!
Paper submission deadlines for WWW9 in Amsterdam next year is 22 November 1999 so you only have a few weeks left.
The total number of members has risen to 363. The new Members since September are: