W3CTeam

RDF Model for P3P

This is a strawman RDF model for P3P.  It is the continuation of work started at http://www.w3.org/2000/04/p3pmodel/. I wanted to get the revised model out to the Team and incorporate any comments into it before I send it to the P3P Specification Working Group.  The sample was validated using SiRPAC.  I choose to annotate the sample below with design decisions and commentary.

The overall structure of the Policy in the RDF model is very similar to the current P3P policy element structure defined in http://www.w3.org/TR/2000/WD-P3P-20000510/.  The policy element contains access, entity, data-group(s), and disputes elements.  In contrast, the p3p:policy contains a disuri element instead of an attribute of the policy.  The statement elements have been removed from the policy element in favor of making RDF statements about the data-groups contained in the policy.  The policy element was used as a grouping tool only.  A policy contains a human readable link to a privacy policy, how can the data be accessed, which entity is associated with this policy, the data this policy covers and how disputes are handled.

The 'root' of the RDF graph.
<p3p:policy>
<p3p:disuri resource="http://www.w3.org/privacy.html" />

All of the access, disputes, remedies, purposes, recipient, retention, categories etc., are RDF classes.  Note that structures like business-info.name etc. are both RDF classes and properties.  This is needed due to the multiple purposes of these structures.
<p3p:access><p3p:contact_and_other/></p3p:access>

The entity was embedded into the policy simply to avoid having to make a statement about the entire policy stating that the policy was associated with, or asserted by, a particular entity.  Making a statement about all the statements in the policy would have resulted in an enormous amount of arcs being generated.  Note that the resource associated with the entity need not be in the same document.
<p3p:entity rdf:resource="#HIHO"/>

The data-groups contain the data that this site collects.  Statements about the purpose, retention, etc. are made later.
<p3p:data-group>
<rdf:Bag rdf:ID="DG01" >
<rdf:li><p3p:dynamic.clickstream.server/></rdf:li>
</rdf:Bag>
</p3p:data-group>

How disputes should be handled.
<p3p:disputes>
<rdf:Description rdf:ID="disputes1">
<p3p:resolution><p3p:service/></p3p:resolution>
<p3p:service resource="http://www.privacyseal.org" />
<p3p:remedies><p3p:law/></p3p:remedies>
</rdf:Description>
</p3p:disputes>

</p3p:policy>

State that the 'purpose' of all the resources in the bag DG01 is p3p:develop.
<rdf:Description rdf:aboutEach="#DG01" rdf:bagID="stmt1" >
<p3p:purpose><p3p:develop/></p3p:purpose>
</rdf:Description>

State that all the statements made in the description above, stmt1, are asserted by the HIHO resource.
<rdf:Description rdf:aboutEach="#stmt1">
<p3p:assertedBy rdf:resource="#HIHO"/>
</rdf:Description>

Describe the HIHO resource.
<rdf:Description rdf:ID="HIHO">
<p3p:business-info.name>HiHo Doohickey</p3p:business-info.name>
</rdf:Description>
</rdf:RDF>

I will work on the schema and W3C note based on the sample above.  Any and all comments are welcomed.

Tom, <hubbard@w3.org>

$Date: 2000/07/31 14:41:29 $