[OWASP-GUIDE] P3P

Adrian Wiesmann awiesmann at swordlord.org
Mon Jan 20 05:09:03 EST 2003


> I look at the guide as a way to describe web security technology and
> show how it should be implemented correctly (or in some cases whether it
> actually works). P3P is getting a lot of attention in corporate US and
> with EU directives on privacy it is a big topic, even if you don't think
> the technology is adequate. I actually do but I am happy to differ.

As a matter of fact, P3P did get quite a bit of - at least from managers -
attention. While I think we should add it to the guide just to have it in
and be "complete" in this section. I also think that we should have some
text which tells about the Pretty Poor Privacy thoughts: What may be a
security, and more important, *privacy* problem with P3P.

I am actually not a friend of centralised data storages and with me surely
few europeans, but this is no valid reason. We need to have it in to let
the developers decide on their own if it's ok for them and their customers
to use... (And perhaps some managers will get the point too :))

Regards,
Adrian




More information about the Owasp-guide mailing list