W3C | Submissions

Team Comment on the EPAL Submission

W3C is pleased to receive the EPAL Submission from IBM Corporation.

I. Technology

EPAL was first presented to the W3C community at the W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages. EPAL is a specialized language that describes and constrains the flow of personal data inside an enterprise. The tool is used to implement the paradigm of sticky policies. With EPAL, personal data has the policy data attached to it while traveling through the enterprise. Every enterprise can encode its privacy policy in a metadata format similar to P3P. It contains, for example, purposes and data categories and is supposed to match the corresponding business process. A second EPAL file contains rules to express actions, obligations and conditions. While the vocabulary is intended to be stable, it is easy to change the rules and allow or deny access by a another category of users or to introduce a new condition for access. For any given database request, the vocabulary will be used to indicate possible usages and the rules will specify whether, given the purposes, the specific request is allowed for this particular person.

EPAL is designed to expand on the capability of P3P by adding privacy-related access control and authorization in the enterprise context. At the same time, EPAL is a new challenge in the area of privacy enhanced technologies. While P3P was designed to be interoperable across the Web, EPAL is more focused on the intra-enterprise world. If data has to travel over the edges of an enterprise, challenges on matching and mixing vocabularies from two different enterprises appear. Nevertheless, EPAL remains close to P3P. The separation of policy and rules also exists in P3P and its rule-language APPEL. The consent-choices present in EPAL are also under consideration for P3P Version 1.1.

Unlike P3P, the binding between policy and resource is not defined by a Policy Reference File. The fact that a certain data item falls into a certain data category triggers a certain rule. But it is not defined which data falls into a certain data category. This reflects the absence of a consistent system of unique resource identifiers inside a company where data can be stored on a Web-server (with URI) or simply in a SQL database (without URI). The absence of clear identifiers gives some flexibility but affects the semantics of such statements. In fact, the data stored must contain a reference to its data category to be useful. This is reflected by the paradigm of sticky policies described in the introduction. As such archiving can vary depending on the data archiving tools, this is not easy to define. Interoperability might require that the type of identifier used to make the policy stick with the data must be defined by EPAL.

EPAL contains a commitment of IBM to grant a royalty free license if the work is taken up and brought to recommendation. This will ease a smooth take up and start of potential work around an Enterprise Privacy Language in the new W3C patent policy framework.

II. Next Steps

The Submission will be brought to the attention of the P3P Coordination Group, the P3P community, W3C's AC and the PET community.

The W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages already showed some interest for this technology. W3C members and other parties interested in EPAL are encouraged to contact the submitter or to discuss this and other ideas on the mailing list public-p3p (public archive) for possible future work.

For the actual chartered P3P 1.1 Specification Working Group, this work is out of scope. But future P3P Working Groups will have to take EPAL into account.

Disclaimer: Placing a Submission on a Working Group/Interest Group agenda does not imply endorsement by either the W3C Staff or the participants of the Working Group/Interest Group, nor does it guarantee that the Working Group/Interest Group will agree to take any specific action on a Submission.


Author: Rigo Wenning, Privacy Activity Lead,