We have been trying to understand the language P3P. Ok, its pretty simple to say what it is. It's a small (domain-specific, non-executable) language for privacy policies and it's used by web sites and checked by user agents (potentially part of browsers). Arguably, understanding is limited if you look at online samples and syntax definition alone.
So we figured we had to
understand usage of the language
in order to understand the language.
Here is the link to the paper:
Joint work with Ekaterina Pek
- Software Language Engineering
- Domain-Specific Languages
- Empirical Analysis
- Policy Languages
Abstract: P3P is the policy language with which web sites declare the intended use of data that is collected about users of the site. We have systematically collected P3P-based privacy policies from web sites listed in the Google directory, and analysed the resulting corpus with regard to metrics and cloning of policies, adherence to constraints, coverage of the P3P language, and a number of additional properties of language usage. This effort helps understanding the de-facto usage of the non-executable, domain-specific language P3P. Some elements of our methodology may be similarly useful for other software languages.